Surveillance or efficiency? UK's "mandatory digital ID wallet" policy undergoes a major transformation ~ Over 160 million signatures against it overnight (Parliamentary petition)

X had issued a breaking news report, but on September 26th, the UK government announced,GOV.UK Digital WalletThe government has announced plans to introduce digital IDs through its digital identity platform, sparking a major debate in the digital world, with calls for greater efficiency clashing with concerns about privacy.

Of particular note is theRight to Work Verification"The use of this digital IDMandatoryWhy is this initiative, which was launched as a free digital ID system, generating such strong opposition?

What is the UK Digital Identity Wallet?

The UK government's GOV.UK wallet can be used to store personal information such as driving licences.Government-issued credentialsThis system allows you to safely store and present your ID on your personal smartphone.

1. Purpose of introduction (Government's argument)

The government has highlighted the following key benefits:

• Reducing illegal employment: Digital authentication prevents illegal employment using false documents¹
• Easier identity verification: Speed ​​up complex paper and in-person review processes with digital solutions.
• Improved citizen services: It facilitates access to public as well as private services.

2. Background of the backlash: Over 160 million petitions demonstrate public concerns

It may seem like all good things, but this is the UK. It is a country where it has long been said that any government that tries to introduce a compulsory ID system will be crushed. Immediately after the government's announcement, a parliamentary petition opposing the introduction of compulsory digital ID stated:Over 160 million itemsThe petition has collected signatures. The biggest fears of the citizens can be summed up in the following two points.

• Risks of a surveillance society: Concerns that countries will force citizens to register their IDs, making it easier to track their behavior and attributes.
• Security Risk: Professor Alan Woodward, a cybersecurity expert, said that if ID data is centrally managed,'A huge hacking target'This has raised alarms that confidential information of all citizens could be leaked at once. While you might think that such an incident would be rare, it actually happens quite often. Here are some examples:

Countries with a history of leaking national ID databases

Country	Major leak incidents and estimated scale	Remarks
Ecuador	2019: Over 2,000 million cases (including all citizens and deceased persons)	Complete ledger including national ID and taxpayer number
Turkey	2016: More than 5,000 million cases (equivalent to the entire national population)	Name, ID number, address, election data, etc.
South Korea	2014, 2019, etc.: Over 1 million resident registration numbers leaked	Resident registration number, financial etc., social infrastructure ID
Egypt	2025 report: 7,770 million cases (national scale)	National identification number, address, etc.
South Africa	2025 report: 4,450 million cases (almost the entire population)	Entire ledger of ID numbers, etc.
Saudi Arabia	2025 report: 2,680 million cases (almost the entire population)
Chugoku	2022: Over 10 billion cases (nationwide)	Police database leak

Trends and Supplements

• The Ecuador incident was caused by human error when the entire public ledger was left on the cloud, and included the entire population plus the deceased.
• In September 2025, Turkey, Egypt, South Africa, and other countries experienced a massive simultaneous, multinational leak due to faulty ID server settings, with the personal information of "almost all citizens" leaked in a format consistent with the official data structure.
• In South Korea and China, multiple cases of leaks of national ID number data for administrative purposes have been confirmed.

Around the world, countries where national ID systems are embedded in the social infrastructure have experienced "full ledger" leaks on a scale that has been a reality many times in the past.

Experts are keeping a close eye on the complex relationship with DIATF

However, it is not just the concerns about surveillance and leaks that have surprised experts about this news, but rather the fact that it completely overturns existing policies.

To understand this digital ID policy from a technical and legal perspective, it is important to understand the existingDIATF (Digital Identity and Attribute Trust Framework)²It is necessary to understand the relationship with the regulatory framework.

What is DIATF (Dependable Interoperability Framework)?

DIATF is a private company (IDSP/DVS: Digital Verification Service Provider) to verify the identity and attributes of users (age, employment status, etc.) and provide them to private businesses (relying parties)Trust Rules and Technical StandardsThis is what is established.

[Conventional composition] GOV.UK Wallet → DIATF-accredited private provider → Private business operator (presented party)

[Suggested scenario of this policy shift] GOV.UK Wallet → Private business(Mandatory for RTW checks)

In the previous structure, multiple (currently 52) certified private providers were involved, which meant that the government could not univocally trace where an individual presented their certificate, and it offered privacy benefits such as facilitating semi-anonymous attribute authentication. Private businesses could also use existing technologies such as OpenID Connect (which is actually easier to implement).

This shift indicates that if government wallets are presented directly to the private sector, then depending on how ZKP is used in digital credentials, the issuer could reveal the person's place of residence, making it easier for the government to track them. Those involved are concerned that this could lead to DIATF-certified private businesses operating within the traditional framework competing with the government, potentially leading to the collapse of the industry. The government claims "freedom of choice," but in the case of "employment," an area directly linked to people's lives, this could lead to the collapse of the industry.MandatoryThis has led to a debate as to whether the actual choice will be biased towards the GOV.UK Wallet.

And above all, the lack of clarity about the technical and operational framework is creating doubts and questions, such as, "So, how do we do this?"

Relationship with DIATF: Three Scenarios

What will the relationship between DIATF and GOV.UK Wallet be like in the future? We will outline three possible scenarios.

Scenario A: Imputation model

MessageGOV.UK Wallet will enable private presentations, but the process will still go through DIATF-accredited DVSsBenefitMaintaining the role of existing DIATF certified companies and enabling mutual complementationriskComplex implementation, increased costs, and disruptive transition

Scenario B: Government-led model

MessageGOV.UK Wallet prioritises private submissions, DIATF providers reduce role to supporting roleBenefitStrengthened government control, national leadership of the presentation processriskOpposition from private businesses, declining investment appetite, and competition policy issues

Scenario C: Coexistence and Choice Model

MessageUsers and businesses can choose between GOV.UK Wallet or DIATF certified walletBenefitMaintaining the principle of competition and guaranteeing freedom of choiceriskEnsuring interoperability is complicated, and standards development is a burden

Official government positionThe word "choice" is used repeatedly inScenario C (coexistence model)is seen as the main line.

Important practical issues

🔐 Security risk

This is an unknown as we don't know what security standards will be used.

️ Development of legal systems

The digital ID mandate requires supporting evidence.Bill preparationis required:

• Clarification of rules for presenting wallet
• Redesign of certification standards
• Obligations and penalties

🤝 interoperability

A technical specification that allows mutual presentation and verification between the GOV.UK Wallet and DIATF certified wallets is essential:

• OpenID4VP (OpenID for Verifiable Presentations)
• SD-JWT-VC (Selective Disclosure JWT for Verifiable Credentials)
• API standardization

???? Inclusion

• Accommodating people without smartphones
• Consideration for the elderly and disabled
• Providing an alternative (physical card)

What makes it different from other digital IDs around the world?

Comparing the UK's initiative with that of other digitally advanced countries and the EU reveals its uniqueness and challenges.

Comparison axis	UK (GOV.UK Wallet)	EU (EUDI Wallet)	エストニア
Introduction driver	Mandatory Right to Work Verification (RTW)Promotion of dissemination through	Between member statesCross-border interoperabilityand general-purpose use cases	Already the foundation of people's lives(High penetration rate and diverse uses)
Technical Foundation	Present your wallet + via DIATFCoexistence of two routesTransitioning to	ARF/HLRInteroperability standards based on	PKI infrastructure +X-RoadPublic-private partnerships are maturing
Governance	DIATF (Operational Standards for Use-Specific Auxiliary Codes)	by ENISAEU Harmonized Certification SchemeCurrently being formulated	X-Road makes it a realityDecentralized and highly transparentData linkage
Degree of coercion	Mandatory for Ready-to-W Use (RTW)There is a strong tendency towards	user'ssovereigntyIn principle, use is optional.	Already established as a de facto social infrastructure

From this comparison, the UK's attempt shows that the EU"User sovereignty"と"Versatility"While placing importance onInteroperabilityWhile it takes time to build,"Right to Work VerificationMandatory use in, which is themed around Strong regulatory pressureIt is more likely to spread the word to the entire nation in one go."Top-down"It is clear that the design philosophy is as follows:

Technical Implementation Issues: Interoperability

The practical focus going forward will be on how the technology used by GOV.UK Wallet will align with global standards.

UK wallets will fully support these international standards (such as OIDC4VP, SD-JWT-VC, and mDOC) that are becoming mainstream in the EU, and will be able to communicate with private wallets.Mutual RecognitionThe key to the competitive environment and convenience is whether or not the specifications allow this. If the specifications are such that only government wallets have an advantage, there is a risk that the private ecosystem will shrink.

Summary: The future of digital identity will be determined by design

While the UK's digital ID wallet concept has the great benefit of increasing efficiency, it also carries the risk of not being able to say anything definitive about ensuring privacy and freedom, as there are too many unknowns.

The success or failure of digital ID depends not on whether it is implemented or not, but onThe design philosophy is "Who manages the data and who controls its presentation?"Will the UK be able to overcome the risk of becoming a massive hacking target and the fear of becoming a surveillance society, and gain the trust of its citizens? The answer will be revealed in the specific details that will be made public.Implementation and legal transparencyIt can be said that it all depends on this. Future developments will be closely watched.

[Key words]

• GOV.UK Wallet: UK government digital identity wallet.
• Right to Work (RTW): Right to work verification. This check is now being made mandatory.
• DIATF: UK Digital ID Trust Framework for Private Service Providers (Regulatory Framework).
• VC/SD-JWT: An international technical standard for digital certificates.

1. I believe this is also due to the fact that the populist party Reform UK, led by Nigel Farage, is currently the largest party in the UK.
2. Digital Identity Attribute Trust Framework