Long-term thinking is needed: for the good of democracy
*Please note that these thought leadership pieces represent the views of the contributing companies and do not necessarily reflect techUK’s own position. *
The genius of Antony Jay and Jonathan Lynn, the writers of Yes Minister, was to explain the tensions between the Ministers and Civil Servants without being ‘political’.
They captured one of the great truths of British politics: people expect their leaders to deliver tangible results, but generally most aren’t particularly interested in the details. This is why politicians like policies that can be easily explained, and why the electorate responds so well to those who promise to ‘get things done’, even when they skimp on how.
Alas, between ‘vision’ and ‘reality’ lies a lot of detail and complexity. A national (digital) Identity Card, back on the political agenda after a 20-year break, presents a great example of an apparently simple ‘solution’ to a vast array of complex problems.
I have closely watched the identity discussion from the inside over the last two decades. I worked on the Identity Cards Programme from 2005, for James Crosby’s independent review in 2007 and 2008 and for the Cabinet Office digital identity initiative from 2008 to 2018.
During that time, industry experts and privacy campaigners have worked closely with the government to develop the Digital Identities and Attributes Trust Framework, a system that genuinely recognises the complexity of establishing trust in a complex digital environment. This was established in law in June through the Data (Use and Access) Act.
What we now need is a consensus to put the Trust Framework into effect through a long-term strategy, like the one published by techUK.
Identity requirements vary greatly from context to context but assurance of identity is an important component in any solution. But we need to frame the problem correctly. Establishing trust in digital information is the challenge, , and the erosion of trust is pernicious. Without an infrastructure for trust in digital information a trust deficit is emerging that will undermine society.
Fraud is now the UK’s single biggest crime and accounts for over 40 per cent of crimes reported - the business model for the ‘scams’ industry is well established and proliferating. At the same time, conspiracy theories undermine confidence in our institutions. We simply cannot afford to take a back seat.
Identity and attributes
Identity assurance is the starting point for trust. People need to be able to assure others of their identity without fear of surveillance or loss of control of their personal data. They need to do this in numerous contexts, each with different risks and liabilities.
However, it is the data associated with the identity that is most important, not the identity in and of itself. The relationship between ‘identity’ and ‘attributes’ is what makes this subject so complicated.
I care that my doctor is qualified. My bank manager wants to know that I can repay a loan. My employer needs to know that I can work in this country. These are all examples where identity is needed to establish facts about the person.
The risks associated with each of these transactions are entirely different. I care very deeply that my doctor knows what he is doing. My bank manager wants to make a profit but realises that ‘bad debt’ is a cost of doing business. My employer wants to recruit the best possible employee - but doesn’t want a fine from the regulator.
The attributes around the identity are different in every context. The value of a Digital Identity is entirely dependent on how it is bound to the attributes that are - in effect - the sources of trust.
A single system can never be designed to cater for the myriad and complex scenarios in which people need to establish trust in one another and make risk judgments. That is why the Data Act has established in law the Digital Identities and Attributes Trust Framework.
The public sector is highly valuable as a source of trustworthy attributes, which is why the Data Act establishes Information Gateways to allow public authority data to be used under the Trust Framework.
Regulatory innovation
The burden of regulations is growing year-on-year. UK businesses are estimated to spend over 10% of GDP complying with regulations. Yet ripping up regulations, as is happening in the USA, creates a potential ‘wild west’ in which only the strong will prosper.
So what can be done? After all, it’s not feasible to expect regulators to oversee the thousands of businesses for which they have responsibility. But this puts the burden on businesses themselves to spend significant amounts of time, effort and money trying to interpret and comply with ever more complex regulations. In a market where the regulator might fine them heavily, it’s no real surprise the business world’s inclination to ‘innovate’ is mightily diminished.
The Data (Use and Access) Act presents ‘regulatory innovation’ -much needed by regulators and businesses alike.
Digital right-to-work checks exemplify how well it can work in practice. While legislation has been changed to increase the fine on an employer for taking on someone who does not have the right to work in the UK from £12,000 up to £45,000, the new regulations offer them a ‘statutory excuse’ - i.e. no regulatory liability - as long as they have used a certified digital right-to-work service.
It’s an elegant solution that simplifies the process for all stakeholders.
The role of government is crucial
The private sector services that operate under the Trust Framework must be certified against a set of technical and operational rules and standards. These include annual audits to ensure that services are run appropriately - critical for public trust and confidence.
So, clearly governance is key to the Trust Framework, but governing is hard and no-one knows this better than the government. Some functional roles can only be performed by government; for example establishing which non UK citizens have the right-to-work here. However, the bigger picture is that the government should be governing, not competing with the private sector to operate. The referees can’t do a good job if they also have a team in the tournament?
By contrast, a market of private sector suppliers certified under the Trust Framework can deploy Trust Service technologies more quickly and more effectively than any proposed centralised government solution. To this end, the certified Service Providers should be left to innovate, compete and offer a choice of solutions for the variegated needs in the digital economy.
Trust is in short supply
Trust is crucial to a stable society, a lack of trust is destabilising. Our societies are bombarded with a bewildering amount of misinformation, much of it intended to defraud people or undermine our institutions. People need tools to discern what they can trust from what they should not trust. They need confidence to know that they have liberty from surveillance and the ability to control how their own personal data is used.
The challenges of trust and identity in the digital era of the 21st century are complex. They will not be addressed by reversion to 20th century style solutions. The Data (Use and Access) Act and the Trust Framework it has established in law present the long-term solution for the UK’s trustworthy digital economy.
For the long-term health of our political system that long pre-dates digital technologies - and before we rush through any ‘short-term’ fixes - we owe it to ourselves to have a better informed discussion around the role of trust and identity in our digital economy.
Author
David Rennie
Chief Trust Officer, Orchestrating Identity
Digital Identity programme activities
Digital identities will provide a gateway for citizens and SMEs into the digital economy. techUK members demonstrate the benefits of digital identity to emerging markets, raise their profile as thought leaders, influence policy outcomes, and strengthen their relationships with potential clients and decision-makers. Visit the programme page here.
techUK's Digital ID Summit 2025
Join us on 13 October 2025 for techUK’s Digital ID Summit — a key event bringing together industry leaders, policymakers, and innovators to shape the future of digital identity in the UK. Don’t miss this opportunity to be part of the conversation driving trust, security, and innovation.
Our members develop strong networks, build meaningful partnerships and grow their businesses as we all work together to create a thriving environment where industry, government and stakeholders come together to realise the positive outcomes tech can deliver.
Sue leads techUK's Technology and Innovation work.
This includes work programmes on cloud, data protection, data analytics, AI, digital ethics, Digital Identity and Internet of Things as well as emerging and transformative technologies and innovation policy.
In 2025, Sue was honoured with an Order of the British Empire (OBE) for services to the Technology Industry in the New Year Honours List.
She has been recognised as one of the most influential people in UK tech by Computer Weekly's UKtech50 Longlist and in 2021 was inducted into the Computer Weekly Most Influential Women in UK Tech Hall of Fame.
A key influencer in driving forward the data agenda in the UK, Sue was co-chair of the UK government's National Data Strategy Forum until July 2024. As well as being recognised in the UK's Big Data 100 and the Global Top 100 Data Visionaries for 2020 Sue has also been shortlisted for the Milton Keynes Women Leaders Awards and was a judge for the Loebner Prize in AI. In addition to being a regular industry speaker on issues including AI ethics, data protection and cyber security, Sue was recently a judge for the UK Tech 50 and is a regular judge of the annual UK Cloud Awards.
Prior to joining techUK in January 2015 Sue was responsible for Symantec's Government Relations in the UK and Ireland. She has spoken at events including the UK-China Internet Forum in Beijing, UN IGF and European RSA on issues ranging from data usage and privacy, cloud computing and online child safety. Before joining Symantec, Sue was senior policy advisor at the Confederation of British Industry (CBI). Sue has an BA degree on History and American Studies from Leeds University and a Masters Degree on International Relations and Diplomacy from the University of Birmingham. Sue is a keen sportswoman and in 2016 achieved a lifelong ambition to swim the English Channel.
Associate Director - Technology and Innovation, techUK
Laura Foster
Associate Director - Technology and Innovation, techUK
Laura is techUK’s Associate Director for Technology and Innovation.
Laura advocates for better emerging technology policy in the UK, including quantum, future of compute technologies, semiconductors, digital ID and more. Working alongside techUK members and UK Government she champions long-term, cohesive, and sustainable investment that will ensure the UK can commercialise future science and technology research. Laura leads a high-performing team at techUK, as well as publishing several reports on these topics herself, and being a regular speaker at events.
Before joining techUK, Laura worked internationally as a conference researcher and producer exploring adoption of emerging technologies. This included being part of the team at London Tech Week.
Laura has a degree in History (BA Hons) from Durham University and is a Cambridge Policy Fellow. Outside of work she loves reading, writing and supporting rugby team St. Helens, where she is from.
Elis joined techUK in December 2023 as a Programme Manager for Tech and Innovation, focusing on Semiconductors and Digital ID.
He previously worked at an advocacy group for tech startups, with a regional focus on Wales. This involved policy research on innovation, skills and access to finance.
Elis has a Degree in History, and a Masters in Politics and International Relations from the University of Winchester, with a focus on the digitalisation and gamification of armed conflicts.
