UK digital identity wallets: what do IAM teams need to rethink?

TL;DR: The UK’s digital identity model promises smoother verification and better privacy, but trust, interoperability, and centralised attribute storage remain the real blockers, according to 1Kosmos. The governance lesson is clear: digital identity only works when users, providers, and relying parties share enforceable controls over data minimisation, consent, and assurance.

NHIMG editorial — based on content published by 1Kosmos: UK digital identity, trust, and the case for user-controlled verification

By the numbers:

• 43% of UK businesses experienced a cyberattack or breach in the past year.
• 85% of the successful breaches or attacks involved phishing.
• 6.9 million people will adopt the app this year, climbing to 25.5 million by 2029.

Questions worth separating out

Q: How should organisations govern selective disclosure in digital identity systems?

A: They should define which attributes are allowed for each transaction type, who can request them, and how consent is recorded and revoked.

Q: Why does interoperability matter in digital identity programmes?

A: Interoperability determines whether a digital identity has value beyond a single platform or jurisdiction.

Q: What do identity teams get wrong about biometrics and phishing resistance?

A: They often assume stronger authentication alone solves identity risk.

Practitioner guidance

• Define assurance tiers for each relying party Map every digital identity use case to a required assurance level, then document which attribute sources can satisfy it and which cannot.
• Minimise identity data held by providers Review which attributes are centrally stored, which are merely referenced, and which can be verified without persistence.
• Test interoperability before rollout Validate whether the chosen wallet or attribute model can work across the services people actually use, including cross-border cases.

What's in the full article

1Kosmos's full article covers the operational detail this post intentionally leaves for the source:

• A more detailed comparison of the UK model and eIDAS-style identity frameworks.
• Discussion of wallet architecture, attribute providers, and how user consent is handled in practice.
• The article's own view on self-sovereign identity and why distributed ledger-based approaches change storage risk.
• Vendor-specific commentary on biometric standards, liveness checks, and phishing-resistant authentication implementation.

👉 Read 1Kosmos's analysis of UK digital identity, trust, and privacy →

UK digital identity wallets: what do IAM teams need to rethink?

Explore further

View Full Forum →  |  NHI Foundation Course →