The Government has handed over responsibility for increasing the use of the GOV.UK Verify platform to some of its private sector identity providers.
Cabinet Office Minister Oliver Dowden announced the move in a statement to Parliament, saying that 18-month contracts have been signed with the identity providers.
He said the arrangements will formalise the transition to a private sector led model, but that Verify will continue to provide a digital identity service to the public sector.
“GOV.UK Verify is now sufficiently mature to move to the next phase of its development,” Dowden said. “The private sector will take responsibility for broadening the usage and application of digital identity in the UK.”
He added: “The approach announced today ensures that GOV.UK Verify will continue to protect public sector digital services from cyber threats, including identity fraud, and other malicious activity,” Dowden said.
“In addition, the contracts enable the private sector to develop affordable identity assurance services that will meet future private and public sector needs.”
Assurance and standards
He added that the Government will continue to provide state backed assurance and standards for the digital identity market, but that it will be the responsibility of the private sector to invest in the further delivery of Verify.
“The approach announced today ensures that GOV.UK Verify will continue to protect public sector digital services from cyber threats, including identity fraud, and other malicious activity,” he said. “In addition, the contracts enable the private sector to develop affordable identity assurance services that will meet future private and public sector needs.”
The new contracts have been shaped to give the identity providers more commercial freedom and make the platform subsidy free over the next 18 months. They have been taken up by Barclays, Digidentity, the Post Office, Experian and SecureID, while Royal Mail and CitizenSafe have not done so but their existing accounts will remain live for 12 months.
Work is beginning on governance arrangements to shape their future relationship with the Cabinet Office, which has led the development of the platform, and the Department for Culture, Media and Sport, which now takes the lead on data policy.
Authentication and verification
Work began on Verify in 2011, with the aim of creating an online assurance system for public services. It involved bringing in a group of independent identity providers to deal with the initial authentication of individuals, then provide the verification through a hub that they are who they say for public service providers.
Its take-up has been slow. As recently as early 2017 the Government set a target of 25 million users by 2020 as part of its Transformation Strategy, but the latest figures show just short of 3 million users.
In May of this year Nic Harrison, director of service design and assurance, digital identity in the Government Digital Service at the time, acknowledged that there were practical issues slowing the take-up in central government, and indicated that GDS was looking to the private sector to help drive take-up.
He also a indicated that GDS was looking towards a less active role in controlling Verify so that it would evolve into a federated system.
During the summer, Computer Weekly reported that the Infrastructure and Projects Authority had recommended that Verify should be brought to an end as central government departments had little confidence in the platform.
Image from GOV.UK, Open Government Licence v3.0
Amended later on day of publication on receipt of further information and on figures for sign-ups.