When Prime Minister Keir Starmer announced in September 2025 that every UK adult would be required to hold a mandatory digital identity — quickly dubbed 'BritCard' — to prove their right to work and to deter illegal migration, the political response was almost instantaneous. Within weeks, a parliamentary petition opposing the scheme had crossed 2.7 million signatures, forcing a Commons debate and triggering a consultation that is now stretching well into 2026 on the scope of the system, biometric storage, and exemptions for vulnerable groups.
The reaction should not have surprised Downing Street. Britain has been here before — and the rest of the democratic world has spent two decades quietly moving in a very different direction.
A familiar fight, repackaged for the smartphone era
The UK's last attempt at a compulsory national identity scheme — the Identity Cards Act 2006 under Tony Blair — collapsed in 2010 when the incoming Cameron-Clegg coalition repealed it through the Identity Documents Act 2010, destroyed the National Identity Register, and cancelled around 15,000 already-issued cards. The political consensus at the time, across left and right, was that a centralised state-managed identity database created risks disproportionate to the benefits.
The new BritCard proposal — championed in policy form by the Tony Blair Institute for Global Change, which has lobbied for several years for a 'GOV.UK Wallet' style scheme — argues that the technology has matured. Smartphones, biometrics, and verifiable credentials make digital identity cheaper, more secure, and more user-friendly than the laminated cards of 2006. Supporters point to Estonia, whose e-ID has underpinned 99% of public services since the early 2000s, and to India's Aadhaar, which now covers more than 1.3 billion residents.
What proponents get right
The honest case for digital identity is genuinely strong. The UK spends an estimated £1.3 billion annually on identity fraud, according to repeated Cifas industry reports. Right-to-work checks, currently a mix of passports, share codes, and physical document inspections, are slow and inconsistent. A well-designed credential system could reduce friction for citizens, cut compliance costs for small businesses, and unlock cross-border services through interoperability with the EU's Digital Identity Wallet (EUDI), which is rolling out under the revised eIDAS 2.0 regulation adopted in 2024.
None of these benefits, however, require the specific architecture the UK government has signalled. They certainly do not require compulsion.
Where BritCard goes wrong
The Starmer proposal makes three avoidable mistakes that good digital-identity design has spent twenty years learning to avoid:
- Mandatory enrolment. Compulsion turns an identity tool into an instrument of state coercion. Estonia's e-ID is technically required, but the entire culture around it is voluntary participation in services. Australia twice rejected the 'Australia Card' (1987) and similar later proposals precisely because mandatory schemes shift the balance of power between citizen and state.
- Centralised biometric storage. Linking right-to-work, immigration enforcement, and potentially benefits or healthcare to a single biometric database creates a honeypot. The UK's record on large public IT projects — from the NHS National Programme for IT (£10bn, cancelled in 2011) to Post Office Horizon — does not inspire confidence that the state can run such a system safely.
- Function creep by design. A scheme initially sold as a migration-and-employment tool will face enormous pressure to expand into policing, tax, age verification, and beyond. The European Data Protection Supervisor's 2023 opinion on eIDAS 2.0 specifically warned against this dynamic, recommending strict purpose limitation and unlinkability between sectors.
A proportionate path forward
There is a far better model on the UK's doorstep. The EU's EUDI Wallet, due in production form across member states in 2026, is decentralised: credentials live on the user's device, the state does not see every transaction, and selective disclosure lets a citizen prove (for example) that they are over 18 or eligible to work without revealing their full identity. Crucially, holding the wallet is voluntary; using individual credentials is what matters.
The UK could adopt a similar approach by building on the existing GOV.UK One Login programme, layering verifiable credentials issued by trusted parties (HMRC, DVLA, the Home Office) and letting employers and services verify them without a central register. This is closer to the architecture the UK's own Office for Digital Identities and Attributes (OfDIA) trust framework was designed to enable.
The question is not whether the UK should have digital identity — it already does, in fragmented form. The question is whether the system should be built around the citizen or around the state.
Lessons the consultation should heed
The 2026 consultation is an opportunity for the government to course-correct. Three principles should anchor any final design: voluntariness for the credential itself (with clear non-digital alternatives preserved); decentralisation of data, with no master identity database; and narrow, statutory purpose limitation backed by an independent regulator with teeth.
Digital identity, done well, is a quiet enabler of economic activity and a privacy upgrade over the photocopied-passport status quo. Done badly, it is a generational mistake that erodes the trust digital public services need to function. The UK has rejected compulsory ID twice in living memory. If BritCard proceeds in its current form, it will likely be rejected a third time — and rightly so.