Governance, Not Tech, Needs Interrogating in UK Digital ID Consultation: Tony Allen

The UK government’s draft digital ID framework has sparked a heated debate among biometric experts. While the proposal promises streamlined verification for public and private services, critics say it leans heavily on technical safeguards without addressing the institutional controls that underpin user confidence. Tony Allen, a leading voice in age‑assurance standards, highlighted that a system’s security is only as strong as the rules governing its deployment, echoing broader concerns that the consultation conflates cryptographic robustness with systemic trust.

Allen’s response zeroes in on governance gaps, urging the removal of the Office for Digital Identities and Attributes (OfDIA). He contends that OfDIA concentrates too much authority, creating a conflict of interest when the same body oversees certification and policy. By advocating for an independent certification regime—separate from designers, operators, and regulators—Allen seeks to embed rule‑of‑law principles into the digital identity ecosystem. This approach mirrors best practices in other jurisdictions where transparent oversight bodies certify solutions without direct involvement in their development or commercial rollout.

The implications for the UK market are significant. A multi‑vendor, competition‑driven model could attract global innovators, while preserving privacy‑preserving age‑assurance methods that differ from full identity verification. Keeping age assurance distinct safeguards against overly intrusive data collection and aligns with emerging privacy regulations. If the government adopts Allen’s governance‑first stance, it could set a precedent for trustworthy digital ID systems worldwide, balancing technological capability with the social credibility needed for widespread adoption.