I welcome our witnesses to the final evidence session in our inquiry on digital ID. We started the inquiry before the summer recess because we were keen to see whether there was a role for digital ID in crime prevention and immigration. Clearly, things have changed since then and I am sure we will have some questions on that, but we are very grateful to the witnesses for coming to this final evidence session and being prepared to step in as well—thank you very much, Chief Secretary. Would the witnesses introduce themselves?

Darren Jones, Chief Secretary to the Prime Minister and Chancellor of the Duchy of Lancaster. 

Mike Tapp, Immigration Minister at the Home Office.

Dan Hobbs, director general for migration and borders at the Home Office

Philippa Rouse, director for digital identity in the Cabinet Office.

Good afternoon, everybody. This question is to Darren. In the light of the recent changes, can you please summarise the Government’s current policy on digital ID?

Of course. What is digital ID, and why are we pursuing it as a policy? It is essentially the ability to log in to the gov.uk app and prove who you are, in order to access public services. That is different from a standard login, where you can log in to an app with a username and password, because the system is able to prove who you are; that is the difference between One Login and the digital ID. Why is that important? It is important because it means that, much as with online banking or online shopping, you will be able to see your personal information should you wish to use the gov.uk app to access public services. Our hope is that this user experience will become much better than what people currently experience by having to call call centres, wait for long waiting times on the telephone, and fill out lots of paperwork, often having to tell their story repeatedly to different parts of Government. It should start to feel much more modern and much more like what we experience in the private sector, which will be beneficial, we argue, to members of the public when trying to access support and information.

Thank you. This question is really about Government-issued digital ID for right to work checks. It seems like the Government initially said that this was going to be mandatory, but then they changed it to non-mandatory. Why was that?

As the Committee will know, right to work checks are already a legal requirement. When you get a new job, you have to prove that you have the legal right to work in the UK. Lots of people do that with paperwork. They might take their hard-copy passport, maybe some utility bills or other forms of identity, to their new employer to prove their legal status to work here. What will change from 2029 is that that legal requirement to prove your right to work must be done digitally, so that we can take the benefit from that in terms of labour market enforcement, working with the Home Office. The debate around mandatory and voluntary was, what type of digital identity verification is mandatory? It is not whether it is mandatory to prove your right to work, because that is already the case; the debate is, how should you do that if it has to be digitally verified? The easiest way to explain it is to think about it from the user’s experience. You start a new job, and you only have to do this if you are in work and you get a new job. You will get your phone, probably, and use the gov.uk app. For the majority of people, they will scan their passport and scan their face, and that will prove their digital identity. We are saying that you do not have to create a Government ID to do that—you can if you wish to—as you could go to a third-party digital provider such as Yoti or other commercial operators to verify digitally your identity. It is mandatory to verify digitally your right to work in the UK, but it is not mandatory to do that solely with a Government-issued digital identity.

Mr Tapp, was the Home Office consulted before the decision to announce mandatory digital IDs for right to work checks?

Absolutely. The Home Office has had involvement at official level and ministerial level from the first meeting to the last. There have been regular ministerial meetings on this, where we have discussed the pros and cons.

Weren’t you the ones who said, “Look, it won’t work because of the UK-Ireland common travel area”?

No, we have not said that this will not work at all, and we fully support the idea of digital ID, particularly when it comes to immigration enforcement, for a number of reasons. First, I can give you an experience of mine out on the ground with immigration enforcement. We visited a car wash, and I spoke to one of the owners who was employing workers. He had been dealt a fraudulent passport and employed an illegal worker. This will combat that. It will also streamline the process and make it more secure. There is great benefit from the Home Office’s perspective, but also more widely for users.

We understand that the Home Office said that you could not bring in mandatory digital ID for right to work checks because of the UK-Ireland common travel area. Are you saying that that is not the case?

There are many considerations, and that is certainly one of them.

So the Home Office said that mandating it will not work?

We are saying that digital ID checks will be mandatory when someone is moving work, but it does not have to be the digital ID that we are producing. That is a more secure process and, from the Home Office’s perspective, it means that we can counter fraud at that level.

Let us be absolutely clear here, because it was reported that the Home Office had warned that mandatory digital ID for right to work checks would not be compatible with the UK-Ireland common travel area. You are saying that that is not true?

These were concerns that were part of the conversations that were had, and have fed into—

What do you mean by concerns? Is it true or not?

It was a concern that was raised in meetings, and now we have come to a conclusion that suits everybody—all Departments—including the Home Office. It will be positive for the country when we get this into place.

And that is that it is not mandatory?

Absolutely—the Home Office support that a digital ID will need to be used for right to work checks.

Okay, we are getting somewhere. Mandatory will not work, and that is one of the reasons why. Given that that was a problem from the outset, why did the Home Office not say, “It won’t work because of the common travel area”?

There are many considerations. The point with problem solving is that Ministers and officials need time to discuss, work through and wargame, and then come to the correct conclusions. That is exactly what we have done and what was expected of Government.

And you were there, at the outset, as part of that conversation?

Yes.

Sorry, did you want to come in, Darren?

The consultation is due to launch very soon, so we are not coming to the Committee today saying that we have figured out all the issues. We will be consulting on that over the coming months. The key issue for Northern Ireland and the common travel area is the right to be British, Irish or both in terms of your identity verification. We are not saying that you have to have a UK Government-issued digital identity to prove your right to work. You will be able to use other passports as an alternative to do that. As I was saying to Dr Prinsley, what is mandatory is that you must digitally verify your right to work, not that you must have a UK Government-issued digital identity in order to do that.

Are you liaising with other parts of Government over digital ID?

The Cabinet Office is involved on policy, legislation and co-ordination across Government. The Department for Science, Innovation and Technology, which houses the Government Digital Service, will be responsible for technical build and deployment. As I said in my opening answer, however, we are building a foundational technology, not just for right to work checks, but to open up the opportunity for better public services across Government. That will take a number of years, I think, as we will probably have to come back to Parliament to get approval for onboarding legacy services to the app, to make sure we have considered issues of digital inclusion and transition properly. But once we have got the app, and the ability to log in and prove who are you, sorted, that will open up opportunities across the whole of Government.

At this stage, are you working with the Home Office and other Departments?

We are working across Whitehall already on a range of issues, yes.

Okay. The history of digitisation by Government is not a great one. The Verify programme did not do well. What have we learned from the problems with Verify?

In my view, Verify became too complicated. The lesson for me is to try to keep it simple. As I say, we will consult on the technical build, but my early personal view is that we have systems in place in Government, whether in the Passport Office, the One Login system or the gov.uk Wallet, where we have already started to build infrastructure that works across Departments. Subject to the outcomes of the technical consultation, I would like to think about how we build the technology ourselves, in-house, as opposed to outsourcing it to, say, a big American tech company, and integrate it into what we already have, so that it does not become a huge, stand-alone, multibillion-pound, 10-year and huge Bill-driven piece of Government IT, but is literally something that can be done quite simply. We know it can be, because it has already been done quite extensively in the private sector.

How is One Login doing?

One Login is doing extremely well. It is owned by the Department for Science, Innovation and Technology, but many services across Government have started to use the One Login system. HMRC has started to be involved as well, which will be important for people trying to access basic tax information. As I said at the start, the difference is that digital ID is the premium offer of One Login. One Login gets people into certain bits of Government, if they are already signed up to the One Login system and can get their login sorted, but digital identity—because it proves who they are—will allow them to decide through the app what type of services they want to access in that way.

The estimated cost we are talking about is £1.8 billion. Is that still the estimate?

The £1.8 billion was an Office for Budget Responsibility assessment at the last Budget. I am not clear how it came to that view. We challenged the OBR on that, but it is independent and was able to do that for itself. We are consulting in the coming months, so we do not yet know precisely what we want to build and in what order. We do not have a number yet, and that will come out at the back of the consultation. An important part of the cost of this programme, though, is not just the coding and the development of the technology, but the thinking about having a proper conversation across Government on digital inclusion. We do not want to build brilliant public services for people who have a phone and can use it, while everyone who cannot has horrible customer service. We need to think deeply about how we make sure that this is of benefit to everyone. That will of course add cost implications, but we will work up those policy proposals in the next year or so. That will then point into the next spending review for future investment.

Do you think that the costs coming out of existing budgets is realistic?

The initial costs, yes, because at the moment we are just spending money on staff support, producing and running the consultation, drafting the legislation and bringing the Bill to the House. We will have to come back to Parliament with legislation in order to get spending authority at the point at which we start building the technology, but the bigger prize is when we then decide what customer-facing public services we want to integrate into the app. My expectation is that we will have to not just come back to Parliament, but make a business case to the Treasury and the relevant Department.

That will be a separate cost. Okay, thank you.

We have a guest with us, the Chair of the Science, Innovation and Technology Committee, Dame Chi Onwurah.

Thank you very much, Chair. It is a great pleasure to have you here, Chief Secretary and Minister. I have two quick questions or points of clarification. I think, Chief Secretary, you said that it was currently mandatory for people to prove their right to work digitally.

Not currently digitally—

No. That is right. Currently, it is mandatory for employers to check the right to work digitally, but the individual does not have a duty to prove anything digitally.

The only thing that is changing is the digital bit. At the moment, the legal burden is on the employer, when they welcome you to your new job, to check that you have the right to work, and you can use documents to do that. The thing that will change is not that framework; the only thing that will change is that the checks must be done digitally from 2029.

By the employer.

Yes.

So does that mean that the individual has to have some kind of digital ID, or can they use their passport—existing documentation?

Yes, they will be able to use existing documentation, but the employer would have to go through the process digitally.

I just wanted to clarify that. There is no burden on the employee to do it digitally.

That is right.

Thank you, that is very helpful. You also said that the Cabinet Office was involved in the policy for digital ID across Government. My understanding was that you were leading on it.

That is correct.

The involvement is that you are leading it.

Sorry—yes, we are leading it.

You are responsible for digital ID across the whole of Government, and the Department for Science, Innovation and Technology is responsible for the implementation and execution of it.

That is exactly right.

Are you introducing the One Login programme as a process of osmosis? I have had to log in twice in the past two weeks. The first time was on behalf of my husband, who is a company director. Given the new ID checks for Companies House, he had to go through the whole process of taking a photograph of his passport and the little square at the bottom of his passport. I also had to use it, because my passport got lost and I was renewing it. For that, I still end up making phone calls. We are being drawn into having to use the process, because it is the only way. I have looked at the list of different organisations within Government that are now required to go that route. How many people do you think are now using the One Login process, and what is your target as we go forward?

I do not have the number of users. This is something that the Department for Science, Innovation and Technology runs for the Government, but as you have experienced, an increasing number of services are using the One Login system. It sounds from your experience that it was probably better than it would have been without it, but still not good enough, if that is a coherent way of describing it.

The Companies House experience was a brand-new experience, but it was very, very good.

Good. That is great.

I really enjoyed using that, but for the lost passport there were still barriers. I had to make phone calls.

The problem with that is that the One Login system works well, but you are still accessing different parts of Government with One Login. The idea with your digital ID and the gov.uk app is that those services come to you in one place, as opposed to you having to go to multiple places and log in repeatedly, if that makes sense.

We are now in March 2026. Why has the consultation not been rolled out yet?

There are a couple of reasons. First, I wanted it to not just be a technical consultation for companies that have an interest in this; I want to make sure that it is something that the public can engage in. If you did a very technical consultation, it probably would not be very user-friendly for the general public. I have also asked, and will be announcing very shortly, how we can consult in a different way to make it more engaging for the public. There will be traditional consultation methods, as you would expect—it is our legal requirement to do that—but we will be announcing shortly how we are going above and beyond that to involve the public in more of a national conversation about how it might be done.

Do we have a date yet for when the consultation will go live?

I am hoping that it will be next week. The actual day is moving around a little bit, but it should be next week.

How have the Government used their time since the original consultation was announced to make sure that what does get announced has the right questions in it, and will draw the right level of information, advice and experience from users, as well as those with technical experience?

We have had a series of roundtables with different stakeholder groups. We have also been building the taskforce team that we host in the Cabinet Office. The stakeholders we have been talking to have been representatives of different views: people who are pro it and people who are currently against it; digital inclusion representatives; and the companies that currently work in this space. We have a good private-led market for digital ID verification, and we want to work with them to enable their growth and investment in the UK, as opposed to undermining the businesses into which they have put enormous amounts of capital and innovation. We are also linking with other organisations like the banking sector, because my sense is that the public will want to know that this app and the technology will be at least as secure as your banking app, because of the private information in there. We have been having conversations about what that looks like, what experience banks already have using some of this technology, and whether there could be a world in which, once we have done this work, you might—if you want—just need your Government login to more quickly open a bank account, for example, because the ID verification is sufficient to allow that.

How has the consultation changed, if at all, following the decisions that have now been reversed, pulled back or changed since the original announcement?

I suppose the only substantive policy clarification was on what it is that is being mandated and how digital ID will work. The consultation will ask questions about that, on the basis that we have talked about. The wider consultation will ask lots of obvious questions. If anything, it has probably just become longer than it was when it started, but it is important that we take the opportunity to get that right.

It seems to me that everybody in this country already has a digital ID. They have an NHS number; they get when they are born. The NHS app is being increasingly used and is proving very popular. It seems to me that a Government digital ID is something will have to be sold to the public—the public will have to see the benefit. They are already seeing the benefit of the NHS app. How are we going to sell this to the British people? Are we thinking that we might link it to the existing digital ID, which is the NHS number?

We will keep the NHS app separate from the gov.uk app, not just because it is already really quite well developed, especially after the covid pandemic, but also because it has a very clear and strong brand that people trust. People often think differently about their health data in comparison with their tax, passport or driving licence data, so they will remain separate. With consent, they may in future be able to talk to each other: for example, if you are going through the gov.uk app to apply for additional help for your children, and it needs to verify that your child has a diagnosis, it may be able to give you a thumbs up or thumbs down to confirm whether that is the case. But they will not be integrated into one single app. With the benefit to customers, the test for us is that we build customer experiences that are so useful that people just wish to use it. When you are dealing with passports or driving licences, claiming child benefit or support for childcare, paying your tax disc, speaking to the DVLA or trying to get through to HMRC, there is a lot of customer-facing service across Government. At the moment, because they are all run by different bits of Government, not only are they poor experiences for citizens, but they cost a lot to run. I would much rather that all of that became much easier and that you could do it at a time that suits you, in a way that suits you. That would free up time and money from the public purse to spend on other priorities for the public.

Finally, do you see the digital ID as having any role in the voting system?

It is an interesting question. Digital ID is not just a login, as I say; it will be equivalent to a passport-level verification of your legal identity. At the moment, it does not exist, so we cannot put it in the list of things that will be available for the polling centre. Given the level of verification, however, it will be eligible to be used for that purpose in future years once it becomes available for users to download.

Chief Secretary, you have mentioned the provision of some other identity services through the private sector. What role do you see existing digital identity providers playing in the Government’s digital ID programme?

At the moment, lots of companies use digital ID verification. Other providers exist, but if you are applying for a Barclays loan to get a new iPhone, you will get taken to prove your identity, often by scanning your passport and face, as part of a quick decision to get the loan agreement through for your handset. All those private sector experiences will continue to be able to operate, with those private ID verification companies. For Government services, the crucial point about the right to work check is that you will have the choice: you can do it through the gov.uk app and get your own Government ID if you wish, or you can use a third-party provider and still meet the legal requirements to have your right to work verified digitally. What is important to us is that digital ID companies in the UK have done very well. There have been enormous amounts of innovation and great start-ups that have been able to scale up in the UK and export their services internationally. Lots of capital has been invested in them. I do not want a Government programme that either tries to replicate what they have done or undermines their business. It is important to me that we work in partnership, for the benefit of them and their private sector and export opportunities, as well as improving access to public services.

On that point, we heard evidence from the Association of Digital Verification Professionals. I think it fair to say that there was a level of scepticism about whether—given the industry’s 17-year track record of developing the technology, as you suggest—the Government would be able to catch up, and frankly about whether it would be a good use of potentially £1.8 billion of public money even to attempt to do so. What would you say in response?

First, it will not be £1.8 billion. It definitely will not be £1.8 billion to build the technology. You have the option of a private sector company having your login details to access your private information in public services. My sense is that the public would rather have a login to their public sector data without it all going via third-party private sector companies. But we will ask those questions in the consultation, and people will get to feed back their views.

Without saying your preferred outcome at this stage, as it depends on consultation responses, is it a potential outcome that the Government pursue mandatory digital checks and digital logins as you suggest, but do not take forward a Government-provided digital ID?

No, we will provide a digital ID that will be free for people to have but only if they want to have it and use it. If they still want to use their physical passport and non-Government providers of ID verification, they are perfectly entitled to do so.

When we heard from providers a few weeks ago, they were very concerned, because at that point the Government’s position was that it would be mandatory to have a Government digital ID. That had been the original announcement, and it was affecting their business and their confidence. Do you accept that that was an issue for them?

Yes, and I went to a roundtable with them to talk about this when I was given responsibility for it. I was very clear to them at that stage—it was the first meeting we had—that I did not want to undermine their businesses and that I wanted to work in partnership with them.

As Lewis has just mentioned, is there a world in which you decide that one of them has a really good model and you could just import that into Government systems?

My sense on the technological build—“How do you do this?”—is that these companies, as you say, have been doing it for 17 years because 17 years ago we had no idea how to do it. Now we know how to do it. We have been building a lot of the foundational technology in Government that we can build on. We can benefit from the know-how and innovation that exists, but my view—again, this is subject to consultation—is that I would rather build this in-house in Government, as opposed to having an external private company run such a foundational technology for access to public services.

But you will need to use external consultants. You do not have that know-how inside Government, so you will have to bring people in from external providers.

I am sure that we will in some way. The Government Digital Service already has people building the One Login system technology. My hope is that we either already have, or will be able to recruit, some civil servants to come in and help us to build this. We should have external challenge on that process, because that will probably give us a good sense of whether we can do these things better, rather than trying to second-guess internally. I am working on the basis that there will be an external oversight board for the programme as well, made up of people who have done this and know how to do it, who will be given relative access to come in, keep us on our toes and challenge us as we work through it.

Before we move on to more specific questions on right to work checks, we know that the previous CDL visited Estonia, but are there any other international comparisons you have been looking at?

There are lots, actually. Britain is falling quite far behind lots of our competitors in delivering modern public services. Estonia is often the one that people talk about. It had very unique circumstances after the fall of Soviet Russia that explain why it built this technology; it is clearly different for us. If you look at Denmark or the state of New South Wales in Australia, there are more comparable examples of democratic countries like ours that think about privacy, security, the ability for citizens to decide what they wish to do, and parliamentary oversight—those types of conditions in which these services have been built and are running very successfully. In many ways, we just have to catch up. I think that ultimately the public would expect that of us, because at the end of the day taxpayers are paying for these public services. They know that they are paying a lot for them and they are not always there when they need them.

Thank you. We will move on to right to work checks.

Mr Tapp, will the Home Office be leading on the implementation of mandatory digital right to work checks?

Working with the Cabinet Office, we are certainly taking a prominent role in ensuring that we get that absolutely right post consultation and what we learn from it.

Would you say you were leading?

It is our responsibility, so yes.

With that in mind, when do you see it being mandatory for employers to conduct right to work checks digitally? What is the timing?

The aim is by the end of this Parliament. That is the commitment that has been made.

We have had a series of presentations from different people as we have gone through this inquiry. They talked about the digital right to work checks. It seemed to concentrate on the larger employers, and not so much on the small and medium-sized employers. They gave a presentation in which they said that there would be some organisations that would never have been checked up on, with the workforce and so on. Going forward, how are you going to support small and medium-sized businesses to do that?

It is important that, along with ensuring that those who are not currently actively digitally, that goes for employers as well. We will learn from the consultation and ensure that we put in the right support. I cannot give you the details on what that looks like at this moment, because we need to go through the consultation, but there will certainly be support there for the small employers. It is important that they have this mechanism, because that is often where we see illegal workers being employed.

Earlier, we touched on people who are excluded online. Some 10% of our citizens do not have a passport. How are you going to support those people who might be excluded in the transition to the digital right to work? You do not want that to worsen.

Absolutely. This is vital. My apologies that I cannot go into full detail yet, pre-consultation, but it is certainly a consideration for us, as it was within the Home Office when it came to e-visas. We spent considerable sums of money on going out to community support groups, for example. There are positive lessons that we can learn from what we have done in the past, with e-visas for example.

How are you doing the consultation with the people who are not online, which is a good percentage of the population?

My understanding is that there will also be community groups engaged. I don’t know whether anyone else can add anything.

I am happy to. For people who are online, there will obviously be the online form; for those who are not, we will be making a consultation pack available to all Members of Parliament, should you wish to run something in your own constituency, which can formally report into the consultation. We will also be announcing further detail next week about a more innovative approach. I would like to talk to you about that, but I cannot because it would ruin my press release before we launch the consultation. It is something the Government do not normally do, in order to make sure it is as open and accessible as possible. The questions you ask, especially about types of document, are important. At the moment, the majority of people who start a new job and go to work have a passport. Some do not, and you can fall back on your driving licence. Some do not have a passport or a driving licence, so at the moment employers have to try to infer how likely it is that you are telling the truth, based on a utility bill or other bits of paperwork. We need to make sure not only that the system is easy to use for both the employee and the employer, and probably easier than the current regulations that they need to try to follow manually, but that when it comes to those who are then excluded, we use existing community infrastructure to provide a place for people to go. I am interested in thinking about libraries, post offices and postal workers. What are the touchpoints that we have with people’s lives—the places where we can say, “If you’re really struggling, you can go here to get assistance with this digital process”?

There is enforcement on those businesses that fail to do the right to work check when there is intelligence or information that is sent in the system. How will digital ID flush out those employers in future?

I can start, although it is more a Home Office issue. My understanding of how it will be helpful is that by digitalising the right to work checks, from an intelligence perspective, you then have more clarity about where you might need to go with enforcement officers. At the moment, if an employer does all of it with paperwork—scans the passport, prints it off, stamps it and puts it in the filing cabinet—we have no idea whether they have actually done it or not, so if you have company A and company B, you probably have to go and check both, whereas if we know that company A has done it all because it has been digitally verified, we do not have to bother going there in the first place. Our capacity for enforcement can be more focused on the gaps that become evident as a consequence of the digital basis.

You will have records of those companies because they are set up as a sole trader or they are registered with Companies House. You will be looking at those particular organisations.

Part of the consultation will look at what the audit function needs to look like to be effective. Employers have the legal burden to check, so they need to be able to prove their compliance with it too. My personal view is that you will have some audit function, but it will not say, “Darren Jones is working at this unit.” It will rather say, perhaps, that they have five employees and they have had five approvals, so you can move on to the next one.

It will certainly help with targeting. It will not be the only answer—obviously, there is a lot of intelligence stream—but it will help prioritise where we visit.

When you started, Minister, you shared the example of someone with a fraudulent passport. How will that be any different if you can just turn up with your paper passport and it is fraudulent?

It is about the power of digital in checking whether something is real. This chap looked at a passport and was not trained, like our border staff are, in working out whether that was real. Post technological design and consultation, I imagine that that would be more effective.

So you are confident—but with any system, fraud can happen.

Absolutely, but let us not let perfect get in the way of the good. I imagine that using a digital system is a lot more reliable than having a person who is not trained in assessing passports.

It is my understanding that it is not mandatory to do a right to work check, but it is a statutory defence for the employer. Is that incorrect?

There is a requirement for everybody to be checked as to whether they have a legitimate right to work in the UK. There is a defence, if an employer demonstrates that they have collected paperwork that evidenced it that turns out potentially not to be—

So the imposition of a check will not change. There will still be the same requirement on the employer to do the check; it is just that the employer will have to do it digitally. Will there still be a statutory defence should there be a fraudulent passport?

I think that that is all to be worked through as part of the consultation.

We will consult on it, but I think the answer will inevitably be yes. The benefit, of course, of the digital system and especially our newer passports, which have a very high level of identity verification and security, is that they mean that the employer does not have to figure out whether a passport is valid. The system will tell him whether it is or not.

The legislation will require new measures to introduce the digital element, but it will not have to change anything else. I call Paul Kohler.

I think you have just asked my questions, actually. That was very convincing.

The question or the answer?

I would like to pick a hole in it, but I am not sure that I can. You are telling us that it will give you audit trails, so you will be able to see that these employers have used the system and others have not, so they are the ones we will look at. You are also telling us that using the system will be more convenient and better at checking than a human being.

An important part of that is that we are told that one of the pull factors for illegal working in the UK labour market is that at the moment it is quite easy to get around the system. This will not just be useful for employers, employees and the Home Office enforcement team; we hope it also says to people, “It’s actually harder to work illegally in the labour market here, so it’s better if you do it legally in the first place.”

I am particularly interested in the e-visa system. My Committee, the Science, Innovation and Technology Committee, is looking at digital transformation. The e-visa system has 10 million people on it now, so it is probably the closest example of what digital ID requires—the scale of that is 60 million. That is why I was somewhat surprised, when I had a Cabinet Office Minister and a Digital Minister before my Committee a couple of weeks ago, that neither of them was familiar with the e-visa system. I hope, Chief Secretary, that is something that will now change in the Cabinet Office. I asked them about some of the issues that had been raised with the Committee about the e-visa system. Minister Tapp, you wrote to me and said that the e-visa programme continues to embed secure-by-design delivery. What did you mean by that?

Talking about security is always tricky, in that you do not want to give away information that can be used by those trying to penetrate. Essentially, we are looking at a number of firewalls and regular penetration testing to ensure that it is secure for the users.

That is a very basic answer. One of the examples—I think it was given to this Committee—was of somebody whose photograph was not the right photograph in their e-visa record. That is an issue of data security. I am not quite sure why you cannot tell me how you are addressing that.

Do you mean that that the photo was of somebody else?

Yes.

Okay. If you do not mind, I will take that away and have a look at that individual case.

There were some early issues as we adopted e-visas and began the roll-out, which we did in phases. There was a technological issue very early in the phase, where we identified very early that there was an error with that. That has been rectified. I am not aware that there have been further issues as we have rolled it out to other cohorts. From 25 February, we have rolled the e-visa programme out to visit visas, replacing the paper vignettes in passports. That was an early issue that was then rectified.

That is interesting, because we heard evidence about a significant number of errors throughout 2025. Automated responses to web form submissions cited delays due to higher inquiry volumes. We have also heard of issues of people with multiple visas and not being able to access their own visas. Are you saying that these issues have all been resolved?

I cannot say that they have all been resolved. As we were rolling this out, we became aware that there were certain technological issues in the early adoption phase due to a variety of reasons. We took action to remedy those situations. I am not aware of recent examples, but I would have to go back and check. Individual customer issues will arise at different points, but we were aware of some of the challenges you mentioned and they were rectified.

We have heard from the organisation the3million, the name of which reflects the number of people that it thinks have been adversely affected by issues with the e-visa system. Are you reassuring us that those issues have been rectified, as far as you are aware?

As far as I am aware. We have 11 million users of e-visas, and 700,000 checks a month using the e-visa system for right to work.

How many problems?

I don’t know how many individual issues arise, because of a variety of things, but the issue of different facial images was a technical—

Do you monitor how many issues are arising?

The operational teams will, because there is a customer inquiry line.

So you should be able to send the Committee a figure for that?

I will follow up with the Minister on whether we can get that.

I am trying to understand what lessons you are learning from the e-visa roll-out in order to support the roll-out of digital ID.

The way I think about it—again, this will be in the consultation—is that you want the digital ID system to be a digital version of the passport system, as opposed to the e-visa system. The passport system has to reach a certain level of verification in order to give the level of confidence that it is legally proof of your identity. My understanding is that those security features in the passport system are higher than they are in the e-visa system. Where I see excellence in government that we need to learn from, it is more on the passport side. I think the e-visa system presents lessons for us more for when we start to onboard other services on to the app in the future, and to think about how to do that successfully. Ultimately, if you cause problems for customers, they are not going to want to use the system in the first place.

On that comparison, Mr Tapp talked about security by design being built in. We heard that there were 90 legacy systems on which the e-visa system was built. I guess this is a question for both of you: how are you addressing the legacy system issue across Government?

In the spending review, the Government funded an increased level of investment into legacy IT transformation. There are too many legacy IT systems across Government. They will not all be transformed into modern systems by the end of this Parliament because it takes time to build the new ones while continuing to maintain services that are being run from legacy systems. For digital ID and the gov.uk app as a foundational technology, subject to the outcomes of the consultation, I think we will end up looking at the passport system and building from the existing gov.uk app and wallet technology. The challenge for us on legacy IT will be in the future when we are trying to take an existing customer service that may be on a legacy IT system and onboard it to the app, which will have to be a cloud-based system. That is when the business case comes into play. For some services it may end up being more expensive as you transition off legacy IT into the new one. I am happy to be proven wrong, but at the moment I do not see that being a problem for the digital ID build; I see it being a challenge for service integration once we have managed to get through the first phase.

People will benefit from the digital ID Bill only once it is being used. Do you see e-visas, for example, being migrated on to the digital ID?

We have not made any early decisions yet. We have consulted across Government by saying to Departments, “What services would you like to be considered for coming on to the system?” We have already done some early integrations such as the veteran card being on your phone—driving licences will be coming shortly—but the prize will be when things such as childcare entitlement system comes on to the app.

Ultimately, the benefits are when people use it. For people to use it, it has to access data that is already there, such as data about veterans, the 10 million data records for e-visas and so on, so then you come up against all the legacy system issues. How will you access individual data, just to put in place the digital ID system? Will it be new entry, or are you going to use existing data?

There are two parts to the answer. One is: I do not think that we will end up saying that we want to build one massive central Government database with all the data in. This is in consultation, but I think that we will end up with a federated system where different types of data are still secure in different Departments and different places but we have the legal right—subject to you, as the user on your phone, saying that you want us to—to pull that together to provide a service. The second part of the answer is really important to me because we do not want to build a fancy app on top of a 1970s computer, where it might look fancy on the app, but it will not work. For me, as you are onboarding services on to the app, you have to deal with the legacy IT system and transfer to the new base system to get the full features of what we are trying to build.

The digital right to work check is a service that you have committed to, so you will have to onboard all the digital right to work data. Will you have to have the interfaces for that?

I was the programme director for e-visas and have moved on to digital identity, so I will be taking a lot of the experience and learning with me. Building the e-visa system was a really big undertaking, as you know. How do you onboard all that legacy data into a new system, cleanse it and make it right? As Dan set out, the Home Office has put a huge amount of effort into improving the data quality and driving out those issues. Some of the benefits we have seen from e-visas, such as giving people direct access to their own data, meaning that they have much more control over their information, are exactly the sort of positive lessons we will be taking into digital identity. We will also be learning from the experience of the complex task that e-visas was. We will be making sure that we are learning those lessons. As the Minister and the Chief Secretary have set out, we are not looking to reinvent systems. It is about the connections between the systems. The e-visa system has a view of the right to work service through the share code process, meaning employers can check someone’s right to work. People with British passports can use the DBS service or of course just show their passports. In the development of the system, it will probably be about how we join up all the different parts of the system rather than building new ones.

When will you be able to use digital ID for your right to work check?

The end of this Parliament is the intention.

The commitment we have made is by 2029. If I can bring it forward, with the consent of Parliament, I would like to do that. I struggle to think that these things take as long as I am told they do, but I might be wrong. The long stop date, which was the Prime Minister’s commitment, was 2029.

That was a commitment for mandatory digital ID.

For this system.

Are you using the same commitment for this system?

Yes.

May I ask about security? Where is this data? How secure is it? Is it physically somewhere? Is it in some great storage system in Iceland? Where is this thing kept?

It does not exist yet, so it does not belong anywhere. It is an idea at this stage as opposed to a thing. We will be consulting on some of the questions on security standards. I have asked the team to make sure it is at least equivalent to banking level security, with banking apps. Some of that is about device-level security, two-factor authentication and those types of things, but we will also have system security requirements about where the data is being held and how it interacts with other IT systems. My personal view—as opposed to Government policy, because we have not consulted—is that I would rather that was built and held by the Government with parliamentary oversight and accountability as opposed to outsourcing it to a private company to run on our behalf.

So you would anticipate it was geographically located in the United Kingdom, for instance?

I would assume so, but we are not at the stage of being able to answer that because we need to consult on it.

We will move on to some more general questions around digital ID, but while we are still on e-visas, a point made to us in evidence was that one of the problems is that your e-visa is connected to your passport. Then your passport changes and the number changes, because it is only 10 years or however long, and you are constantly having to update your information. Are you looking to try and change that, so it is not a case of having to link to a new passport every time someone gets one?

My understanding is it would be the user’s responsibility to update that.

The complaint made to us was that it just adds an unnecessary level of complexity. If when the e-visa was issued there was a number attached to that rather than it being attached to the passport number, the individual could prove their right to work more efficiently and effectively. Is there any possibility that might happen?

The benefit of consultation is that we can take those views on. Of course a passport does last for 10 years, so it is only once every 10 years that would need to be done.

Not “of course” if you are under 16 and have one that is five years. There are always complications.

Surely you must agree that we should move to one number for one person? I come back to the NHS number: people are born with an NHS number, which could be their number. It could be on their passport, driving licence and all their Government documents. Why do we need a system which keeps changing the number?

Digital identity, as I say, will not be a login. It will be a legal identity in its own right. I see no reason in the long term why, through the app, you cannot have just one place where your information is, whether you choose to have access to certain services or not and whether you therefore wish to use that legal identity to verify other engagements with Government. The only expectation management I would pose is that it will probably take us quite a bit of time to get there, because of where we are having to start as a Government. We are trying to catch up in relation to comparisons in Denmark, Australia and other places that have been able to make this work.

It is also the foreign country that issues the visa. On first entry we link the identity, for various border security reasons, to that identity document, which is verified before they travel to the country. Therefore, if they change that document, we are able to subsequently link it back to the original issuing document. There is wider border security identity verification for people who are not British citizens, which we link back to their passport.

Sorry, this is a no doubt naive question that goes back to Peter’s point, and it is not really about digital ID; it is broader than that. Why don’t we have a single number for everything? We have our NHS number, our passport number and our NI number. Why don’t we just have one number for people to interact with Government? I still do not understand why we do not.

I think it is just because historically we have never had a mandatory Government-issued identity in this country in the way that some other European countries may do. We have had the freedom to have a passport if we wish to have one or not, or a driving licence if we have qualified or not.

But why not use your NHS number for those things? Why not just use that number that you have?

Issued at birth.

Sure, but there has always been freedom for citizens to decide whether they wish to do it or not, as opposed to us saying, “This is what you must do.”

That does not explain it. If you decide you want a passport, your NHS number could be used. If you decide you want to work, it could be your NI number. I still do not understand why we do not use the same number.

I think Parliament would have to legislate for the public to have that. My hope, though, from a user experience, is that if you are logging into the gov.uk app with your digital ID in a number of years’ time, and some of these services are coming into the app, you will, in practice, just use one thing to get into the system.

I know what you are saying—all your numbers will be verified by the app. I just do not begin to understand why we do not use the same number. I do not understand the civil liberty argument—that somehow you have a civil liberty to have a different number for your passport from your NHS. I think that is bonkers.

I will defend the Minister. I think it is a legacy issue here. You would not start from here, would you?

That is always the answer on this Committee; we have to push them.

That is what I think we are asking the Minister about.

It is also the case that an NHS number is not given to non-British nationals. You will have people who are born overseas who become British at a later date, and therefore there may not be a single number that works for everyone at every stage of their life.

I think we are digressing. Mike, what calculations has the Home Office made on the potential of reducing fraud using digital ID?

It is difficult to quantify the exact impact in numbers, but we can say that this will absolutely streamline the process and make it easier for employers to check. Fraud will not accidentally be let through, and it will be much more difficult for those who are seeking to present a dodgy passport to actually do so. I cannot give you exact numbers, but it will certainly have an impact.

There is a wider benefit as well. We know that fraud more generally is a huge issue and a huge strain on our police service. I am sure we have all had constituents who have lost money fraudulently online in some way, and they get pointed to Action Fraud, where it just gets reported as a statistic. The police do not often have the capacity to get involved, unless it is a huge fraud and people are left high and dry. That is because a lot of the time if you are on Facebook Marketplace—I should not name companies—or an online company, and someone is pretending to be someone else, you might get sucked into a fraudulent transaction without that company being able to say that you are who you say you are. People who want to use digital ID to verify their identity in private companies and online spaces in theory should be able to do that. It should be able to reduce wider fraud in the future as well.

The Association of Digital Verification Professionals has told us that it is not able to share intelligence on fraud with the Home Office effectively. How will the Government make better use of intelligence generated by digital identity providers?

All this depends on the audit store and the decisions made on that, which will not be made until after the consultation, but there is great potential there.

Quite frankly, it is mad that you currently have companies verifying the identity of people but, if they think there are problems, they do not currently share that information with us because we do not have anywhere to put it. That is slightly barmy. My hope is that we will build a system where, whether you are verifying your identity with Government or someone else, the fact that you have been able to do that, or not, should come together into that audit function.

As a way of feeding it in directly—good. Has the Home Office explored where digital ID will be beneficial in other areas?

That is a good question. There are already fantastic platforms, as you have seen with your passport very recently. The main area will be immigration enforcement for the Home Office and combating illegal working.

This is a similar question for you, Darren. Are there any other services that you believe should be accessed by digital ID?

I think there are lots of services that we could make much easier and integrate more in the app, such as the DVLA, tax or getting your MOT information and paperwork presented to you in one place when it is due, as well as your driving licence or paying money to HMRC—or even getting some back, if you are lucky. There are lots of simple customer service issues that are absolutely capable of being put into one place. In time, we can then deal with some of the bigger, more complicated ones that should be much easier for people. I think about the childcare system a lot—the fact you have to log into the HMRC website every three months, verify your employment, work out 80% of the fee, do the card payment yourself, find your provider and process the payment. You then have to get a form and a code from the local authority, which you then have sign with your nursery provider every quarter to get your funding. The whole thing is crazy. If you can just verify your eligibility for something, and allow Government to process a payment for you, we should do that.

I can see you have been experiencing personal pain.

I declare my interest, yes.

How are the Government going to set objectives for the programme? Do you think they are realistic?

I do, in so far as, in the course of the Parliament, all that we are trying to do is get the consultation and legislation in place to enable us to build the digital ID system and integrate it into the app, allowing for a digital verification of right to work checks—that is it for this Parliament. We will do those things, and I think they are all feasible. For me, though, I want to get on with the bigger prize and the things we have just been talking about as quickly as possible, but I am probably not going to be able to get to many of those this side of the next general election. If we can build the foundations on top of which we can modernise public services in the future, that will be a good piece of work.

Will the Government’s consultation on digital ID consider the issue of function creep?

As in which functions are coming on to the app?

Yes.

The consultation will ask questions on that, and I am also looking forward to working with Parliament on the legislation. My sense at this stage is that I do not particularly want to present a Bill to Parliament that tries to envisage all possible functions in the future and pre-legislate for them. I am interested in thinking about how you build a framework piece of legislation that enables the building of these digital foundations and says, “In the future, when Government wants to onboard a service, we will come back to Parliament.” Ideally, that will not be a primary Bill, because that is too slow, but maybe it could be a form of statutory instrument or legislative reform order, or maybe we can work with Select Committees to have a proper check and balance on that. We want to get approval from Parliament as we onboard those services in the future, so that we do not have function creep without any democratic oversight.

Maybe a model that Restoration and Renewal could look at.

Just picking up on that point, Chief Secretary, there was clearly significant public opposition to mandatory elements of this. There is purely mandatory, and then there is de facto mandating—that is, you might not need to have a right to work check, but if you want one, it has to be done through digital ID. Do you accept the principle that there should not be de facto mandating of any services? In the future, it might be less convenient for a citizen to do something using a non-digital ID, but, ultimately, they will still have that option even when the Government onboard future services.

I think that is right. If our Government or any future Government want to change that position, they ought to come back to Parliament to get approval, quite frankly, because it is an important thing for the public. It is also our responsibility, as we launch the consultation and talk to people around the country, to explain as simply as possible what it is and what it is not. With a lot of the opposition to “digital ID”, people find the idea of “digital” and “ID” quite scary or intimidating. Then there is a lot of misinformation about state surveillance and state control. It is the absolute opposite of that. What I want to try to achieve is that you get more control over your data than you do now, and more control over your data than you might do with private sector companies, so that you are in control and there is transparency. You will be able to see on the app what services you are using—and if you do not want to use them, that is up to you—and what data you are sharing. The prize is that the public services that you rely on are there when you need them, in an easy way, on your mobile phone in your hand. I hope that the consultation and the work we do over the next few months will help to deal with some of the myths that have built up about what the programme is and what it is not.

On reflection, given that prize, has the way this was initially announced as a mandatory thing risked undermining public opinion on the potential significant benefits that you outlined?

The mistake we made is that it was announced and then there was a period of silence. We should not have left the period of silence. I think it was a reflection of a number of things. There was a major Government reshuffle and we announced it just a week before the party conference season. There are various reasons, but it would have been better to have followed up the Prime Minister’s announcement with more public engagement on the things we have been talking about today. Our job is to do that now, and to use the consultation and the legislative process to make sure that the public and Parliament are fully on board with what we are trying to do.

The idea that Big Brother is watching you is something that colleagues across all parties have a view on, but I have also had to counter it in my constituency. There is a huge sense of fear that this is the Government doing things to people. You will have to do more consultation to break through that and give people the sense that this is about them taking control over their data. How do you think you can achieve that? For me, that is a big milestone because it is a difficulty I face with my constituents.

I think that is right. As I say, we will provide materials for MPs to do things in their constituencies if that is useful. We will also do traditional media and digital marketing campaigns and those types of things while we go through the process. This goes to a slightly different part of my brief, but at the moment the Government are not very effective at getting our message across online, for a whole host of reasons. What we saw off the back of the digital ID announcement was a lot of mis- and disinformation that scared people, and we were pretty silent about what we wanted it to be and what the benefits were. We have to make sure that we do that more effectively online, as well as through the traditional mechanisms.

I suspect your postbags were as full as everyone else’s. You mentioned receiving intelligence from digital ID providers. Could you look at why they cannot provide you with that intelligence today? We should not need to wait for a new system for you to have that. If they have information about fraud and so on, you should be able to find a place to receive it. Before we finish, I just want to be clear on what you are envisaging. The way you have explained it is that you will go into something that holds data to show you are who you say you are, and then you can use that to access your national insurance number, your tax records, your NHS records if that is what you want, your right to work, your driving licence number, your passport number and so on, which is the point that Paul and Peter were making about the numbers that we will still have. Is there not a risk of duplication and error? Imagine Darren Jones goes in and another Darren Jones is there. They happen to have very similar driving licence numbers, because your surname is in your driving licence and it is possible that someone else qualified around the same time you did. Somehow the systems get the wrong Darren Jones and that’s it: you are then stuck in a cycle of never, ever being able to prove who you are.

The digital ID system will be a stand-alone system that we will build. The challenge that you have rightly alluded to is that when you are connecting up services to access through the app, because it is going to be a federated data system your ID on the app needs to be able to find you in the database that you are interested in. There will no doubt be challenges around that, depending on the quality of the data and the IT that underpins the service you are trying to onboard. That is why I say that in many ways the foundational bits that we are doing now feel to me as if they are probably going to be easier. The harder bit is going to be onboarding those services in the future, and we will need to start with some smaller, simpler, hopefully convenient things for citizens, and over time build that up. It will not be something we will be able to do in a number of months.

That is very helpful, Chief Secretary. The services to be onboarded will not only be national Government services; they might be local government services as well. How will you decide or who will decide what services come on board?

On the first part of your question, it would be great to involve local government. We can probably already involve local government where it is useful information sharing like your postcode and bin collection day. Apparently, that is one of the most looked-for web pages on council websites.

It is absolutely. Everyone looks for bin day.

We can probably integrate that very easily. Many local authorities are already using the Government One payment system, so you might be able to integrate payments depending on where they are at. Again, it will take time. In terms of who decides, my expectation is that it will be Government and Parliament, by which I mean the Government will have to say to the Departments, “Which things should we try to put on to the app?”. You have to scope.

By Government, do you mean the Cabinet Office?

We will co-ordinate it in the centre of Government for sure, but we will need to think what is the best use case to get on to the app. What is the state of your current IT system and data? How complicated or not is this? We will have to put that into a business case and get Treasury approval for it, because you will need to spend some money to onboard the system. We will want to think about what cashable savings are there by making it more productive, and make the argument through spending review cycles to do it. As I said earlier, my expectation is that we should then come to Parliament in some way to just check that you are happy with us doing that. My sense is that the early examples are probably going to be the smaller, simpler ones, just as we start to get the system working before we get to the bigger prizes that will be available in the years ahead.

I am struck by the fact that you identified the passport as the example of excellence, rather than a digital system for what is going to be a digital transformation. We have heard about some of the challenges experienced in the public sector. Is there an example of a digital transformation or service across this Government? That is where the learnings will already exist.

I often go to the passport system because the digital transformation of the passport system, and therefore the much better user experience that we all have, is a great example of its being done well. Those of us who served in the last Parliament know that the reason that happened is because the old system completely blew up. You do not want to wait for a system to blow up before you make it good, but what has happened to the passport system has been one of the best examples, I think, in Government.

Right. That was a digital transformation of one existing system in one Department. You are rolling digital ID across all Departments.

Step by step over time.

Thank you very much. Is there anything that you want to cover that we have not covered?

No.

No.

In that case, I will bring the session to a close and thank you for your time.