Legacy digital identity didn’t fail because the technology wasn’t ready — it failed because no one trusted it.For over a decade, tools capable of verifying who we are digitally, securely, and remotely have existed. But as Hannah Rutter, deputy director of digital identity at the UK Government’s Department for Science, Innovation and Technology, pointed out at Identiverse 2025, those tools were met with rolled eyes, compliance fears, and bartenders still asking for plastic IDs not because they couldn’t work, but because they weren’t trusted, understood, or legally recognized.“These technologies aren’t new,” Rutter said. “I’ve had two digital identity apps on my phone for years. But if I showed one at a bar, they’d laugh and tell me to pull out my driver’s license.”
The problem, she said, isn’t the tech — it’s the lack of trust. That’s what the UK’s multi-year push to standardize and legitimize digital identity has aimed to solve. Not by inventing new protocols or flashy apps, but by anchoring identity in transparent standards, independent certification, and legislation that gives users confidence and businesses legal cover.
From bits of paper to bits of code
Rutter didn’t mince words about the friction in current identity verification processes. “In the UK, proving who you are often means cobbling together paper bank statements, utility bills, plastic ID cards — all to prove basic facts like your age or address,” she said. “It’s costly, repetitive, and doesn’t even guarantee accuracy or security.”The UK government estimates that widespread adoption of digital identity could save over £700 million per year ($952 U.S.), particularly in regulated industries that are legally required to conduct repetitive identity checks.But again, only if people use them. And people will only use them if they trust them.
Trust, certified and legislated
The centerpiece of the UK approach is a government-backed trust framework that doesn’t attempt to reinvent standards but rather aligns with existing ISO, cybersecurity, and data protection norms. Certification is handled independently, currently through organizations like Kantara, and providers that meet the bar will earn a “UK Certified” trust mark.“We’re not inventing niche hoops for industry to jump through,” Rutter said. “We’re setting a transparent bar, and then saying: meet this, and we’ll back you. Users can rely on it. So can regulators.”Legislation supporting the framework is nearing passage, delayed slightly by parliamentary debates around AI. Once enacted, it will make it easier for regulated industries to legally accept certified digital identity solutions, cutting through compliance hesitation and enabling real-world use cases.“We’re changing the law so you can prove your age digitally to buy a drink,” Rutter noted. “It’s totemic. But it’s also real progress.”
A digital identity you can actually use
Perhaps the most transformative part of Rutter’s presentation came with the announcement that the UK will begin issuing digital versions of government credentials, starting with the driver’s license. These credentials will be accessible through a digital wallet and usable across private-sector services provided the receiving party is also certified.“It’s not just about issuing them. It’s about ensuring they’re only checked by providers who follow the rules,” Rutter emphasized. “Otherwise, we’ve just built another attack vector.”This marks a key difference from previous efforts: the government is no longer just the referee. It’s also becoming a data issuer, ensuring that digital credentials originate from trusted sources.
Balancing innovation and inclusion
But Rutter was clear-eyed about the risks of building for only part of the population. “Not everyone has a passport or driver’s license,” she said. “We’re working to include other government-issued credentials to make this usable for more people.”That inclusivity, she argued, is as important as innovation especially if the goal is to reduce friction and boost economic participation across the board.“Whether you’re a citizen, a business, or a barman these products should work for you,” she said. “And you shouldn’t need to be a standards nerd like me to understand why.”
A global model?
While the UK’s system is unique in its structure, the principles behind it — interoperability, independent oversight, and legislative backing, offer a roadmap that identity leaders in other countries may want to watch closely.“We’re not forcing people into one solution,” Rutter said. “We’re enabling a system of choices that are trustworthy, certified, and legally recognized.”And for Rutter, finally delivering this keynote after three years of scheduling complications and government reshuffles, the message was both policy and personal.“Hopefully next year I’ll be back,” she said, “and you’ll be able to buy a beer with your phone and trust that it works.”
Tom Spring is Editorial Director for SC Media and is based in Boston, MA. For two decades he has worked at national publications in the leadership roles of publisher at Threatpost, executive news editor PCWorld/Macworld and technical editor at CRN. He is a seasoned cybersecurity reporter, editor and storyteller that aims always for truth and clarity.
