The UK government has signalled a significant shift toward a nationwide digital ID. This builds on One Login and the GOV.UK ID Check app, with ministers now talking openly about a mandatory credential for Right to Work and access to key services by the end of this Parliament.

Fresh reporting today describes a smartphone-based “Brit Card” plan, framed as a tool against illegal working and to streamline service access.

Whatever your politics, that’s a big architectural change in how the state authenticates people—and it concentrates risk.

It also arrives alongside the new Data (Use and Access) Act 2025 (“DUAA”), which updates UK data rules and explicitly touches identity verification and trust services. DUAA is being phased in through 2026 and will shape how data is processed, shared, and justified—crucial context for any nationwide ID.

The core risks (from a UK, practical perspective)

1) A bigger target surface (security).
A single, standardised ID used everywhere creates a lucrative “honeypot” even if data are split across systems. Attackers follow the value: compromise an identity provider, a wallet, or a verification API, and you can pivot into hiring, banking, rental checks, and public services. The more universal the credential, the higher the blast radius of any breach or large-scale credential theft.

UK experts have already warned that a national digital ID would be “an enormous hacking target”—and recent UK breaches show motivated attackers probe both public and private operators.

Good cyber practice helps, but concentration still magnifies downside if something goes wrong.

2) Function creep (policy drift).
IDs introduced for convenience or immigration control can acquire new uses over time—especially when legislation like DUAA creates broader legal pathways for data use, “recognised legitimate interests,” and new trust services.

Even if initial deployment is rights-respecting, future Parliaments can extend scope; experience with CCTV, ANPR, and communications powers shows that once infrastructure exists, incentives grow to use it more widely.

DUAA’s staged commencement underscores that the policy surface will keep moving in the next 12 months.

3) De facto compulsion (even if “optional”).
Ministers can promise alternatives, but network effects are ruthless. If employers, banks, and landlords prefer the state-backed credential, citizens without it face friction and delays. Over time, “optional” IDs become unavoidable in practice.

That risks marginalising older adults, people without smartphones, rural communities with patchy connectivity, and the privacy-conscious who choose to limit data sharing.

Government statements acknowledge non-smartphone access, but maintaining truly equivalent offline channels is expensive—and the temptation to retire them is strong.

4) Private-sector leverage and vendor lock-in.
Digital identity stacks depend on device OS controls, app stores, biometrics, cloud providers, liveness vendors, and integrators. Once a few primes anchor the ecosystem, the state’s bargaining power can shrink—pricing, roadmaps, and security posture get nudged by commercial incentives.

That risk is governance, not ideology: without strong procurement and open standards, your national ID can become hostage to a handful of suppliers over a decade-long lifecycle. (The government’s own “trust services” consultations flag the complexity of cross-border trust frameworks after EU eIDAS changes, underscoring this dependency.)

5) Chokepoints for censorship and surveillance.
Linking high-stakes life activities to a state credential can enable upstream gatekeeping: switch it off (or throttle features) and a person’s practical liberty narrows. Today’s UK legal environment is not China’s, but architecture creates options for future policymakers.

The more everyday life routes through one authentication primitive, the easier it becomes to build compliance checks into the act of living—work, rent, travel, transact.

How China’s model differs—and why the comparison is a warning light

China pairs real-name registration across SIMs and internet services with a sprawling “social credit” framework of redlists/blacklists administered by multiple agencies.

The result is pervasive linkability between citizens’ legal identity and online/offline activity, with sanctions like service denials and travel restrictions tied to registries.

While implementation is fragmented rather than a single sci-fi “score,” the policy logic is consistent: identity first, service access second. That is the cautionary tale for liberal democracies: link too much to one ID and you build the rails for soft coercion.

The UK doesn’t share China’s legal culture, and Parliament, courts, and the ICO do impose due process. But architecture matters: if you copy the plumbing—ubiquitous real-name checks mediated by a state credential—you import some of the risks, even if you never adopt China’s punishments.

The UK’s debate should be about avoiding that structural convergence.

Specific UK pitfalls to watch

• Scope creep via Right to Work. Once digital ID becomes the default for employment checks, pressure will mount to extend it to renting (Right to Rent), banking (AML/KYC), healthcare registration, and travel. Each extension feels “sensible” in isolation; cumulatively, they create a checkpoint society. Today’s ministerial promises aren’t binding on tomorrow’s Home Secretary

• Wallet ≠ privacy by default. A “GOV.UK Wallet” could enable privacy-preserving proofs (age-over-18 without revealing DOB, for example). But if verifiers routinely demand full-fat attributes, you lose selective disclosure benefits. The difference is in standards and enforcement, not marketing.

• Legal justifications under DUAA. Expanded “recognised legitimate interests” and streamlined data flows can be good for service delivery, but they can also normalise broader reuse of identity-linked data unless the ICO sets tight guardrails and audits actual practice. Those consultations are happening now.

What a safer UK approach looks like

If the UK is determined to proceed, the objective should be least privilege identity, not universal identity:

1. Strict purpose limitation in primary legislation. Tie the ID’s lawful uses to a closed list; require fresh primary legislation (not secondary regulations) for any expansions. Build in a five-year sunset unless Parliament renews after an independent review.

2. Genuine selective disclosure and unlinkability. Mandate open standards for zero-knowledge/attribute-based credentials so verifiers can’t hoover up more data than necessary. Penalties for verifiers that demand more than the minimum for the use case.

3. Decentralised design with local breach containment. Don’t centralise more than you must. Separate credential issuance, verification, and audit logs; keep verifiers from learning where else a user verified. Require hardware-backed keys on device but preserve non-smartphone alternatives with equal service levels.

4. Independent oversight that can actually say “no.” Give the ICO—and ideally a new Identity Commissioner—formal veto powers over new use cases, backed by public registers of every class of verifier and their legal basis.

5. Breach liability with teeth. If a verifier or processor leaks identity attributes, the citizen should have automatic redress and the operator should fund lifetime credential re-issuance costs and monitoring. That changes incentives.

6. Procurement that avoids lock-in. Use open APIs and interoperability tests; require escrow and exit plans from major vendors; forbid exclusive features that make the public wallet second-class on certain phones.

7. Equivalence for opt-outs. Maintain paper or offline routes with statutory service-level guarantees. If the offline queue is always slower, the “choice” isn’t real.

8. Transparent metrics. Publish quarterly stats on false rejects, appeals, demographic failure rates (e.g., liveness/biometric disparities), outage minutes, and security incidents. Sunlight keeps hype in check.

Bottom line

Digital ID is not inherently left or right; it’s infrastructure.

Done badly, it centralises risk, enables mission creep, and nudges the UK toward soft forms of control that echo the structural logic visible in China’s real-name ecosystem and blacklisting practices.

Done carefully—with hard legal limits, privacy-preserving tech, and real opt-outs—it can streamline some checks without turning everyday life into a checkpoint.

Right now, the UK’s trajectory—the scale of the proposal, its tie-ins to employment and public services, and the legal backdrop of DUAA—raises fair, non-partisan concerns.

If we build rails that let any future government (of any stripe) toggle access to work, rent, or bank accounts through a single credential, we’ve made a constitutional change by stealth.

The decision before Parliament isn’t about an app icon; it’s about power distribution in daily life. Proceed, if we must—but with brakes, seatbelts, roll cage, and a clearly marked off-switch.