The credibility of the UK government's flagship digital identity system, Gov.uk One Login, has come under renewed scrutiny after it lost its certification under the Digital Identity and Attributes Trust Framework (DIATF). The loss of certification occurred when iProov, the supplier responsible for One Login's biometric authentication, allowed its own DIATF compliance to lapse. As a result, One Login was automatically removed from the official register of accredited digital identity services, raising questions about its suitability for critical public services.
One Login is already used by millions to access over 50 government services and is set to underpin the forthcoming Gov.uk Wallet, which will hold digital versions of official documents such as driving licences. However, the system's removal from the DIATF list casts doubt on its reliability and trustworthiness, especially as the government prepares to expand its role in digital identity verification.
This latest setback follows previous criticism over One Login’s security and data protection practices:
The Cabinet Office and National Cyber Security Centre (NCSC) have repeatedly warned of "serious data protection failings" and "severe shortcomings" in information security, with risks including data breaches and identity theft.
Internal whistleblowers have highlighted unresolved vulnerabilities, including inadequate risk assessments, insufficient security personnel, and insecure administration practices.
Security assessments revealed that privileged access to One Login could be compromised without detection, exposing sensitive personal data and system code to potential attackers.
Despite claims of improvement, the system still only meets 21 out of 39 outcomes in the NCSC’s Cyber Assessment Framework, far short of full compliance for a critical national service.
The government maintains that One Login meets high standards and is working towards recertification, but the repeated lapses and ongoing security concerns have prompted calls for greater transparency and accountability. As Liberal Democrat digital spokesman Tim Clement-Jones put it, "How is the government’s flagship digital identity system failing to meet standards so badly, given that it is expected to shortly form an essential part of our immigration controls?".
With the system’s credibility coming into doubt, and its future role in public service delivery at stake, pressure is mounting on ministers to address the underlying issues within a cornerstone of the UK’s digital infrastructure.
More About Bramble Hub
Bramble Hub has been successfully connecting IT private sector companies and the public sector since 2006..... Find out more ..Subscribe To Our Newsletter
Our regular newsletter keeps you up to date with developments at Bramble Hub and our partners and customers...Contact Us
If you are a best of type business looking to work with the public sector via frameworks do get in touch with our team.Latest News
