The announcement of a new mandatory digital ID scheme in the UK has generated a backlash from citizens. Ronnie Das writes the UK is ignoring the lessons the EU learned from its own digital identity system, the EU Digital Identity Wallet.
When British Prime Minister Keir Starmer announced that all UK workers would require a mandatory digital ID – a “BritCard” – by the end of this Parliament, he likely didn’t anticipate that millions of Britons would sign a petition demanding the government abandon the plan.
Yet this massive backlash shouldn’t surprise anyone familiar with recent European experiences in digital identity innovation. The EU is in the process of launching a new Digital Identity Wallet that confronts many of the same issues facing the BritCard. A comparison of the two cases shows that the problem with Starmer’s approach isn’t just British scepticism about ID cards, it’s that the UK government fundamentally misunderstands what citizens actually want from digital identity systems.
Digital wallets vs digital IDs
The European digital wallet is a user-controlled data management tool that stores various credentials and personal information, allowing citizens to selectively share only the minimum data required for specific transactions. This could include sharing passport details, exams or medical results. The EU’s digital identity wallet model promises to enable citizens to control which attributes they share, when and with whom, similar to choosing which cards to pull from a physical wallet.
By contrast, the UK’s proposed system is fundamentally a digitised version of a national identity card: a single, government issued credential mandatory for employment verification. The BritCard will be stored on smartphones and become mandatory for Right to Work checks, with the primary goal of combating illegal immigration by making it impossible for undocumented workers to find employment. This distinction matters enormously for citizen acceptance.
What Europe learned – the SOTERIA experience
The EU’s SOTERIA project, which concluded in 2024 after conceptualising and testing a privacy-first digital wallet with 6,500 citizens across Austria, Romania and Spain, offers valuable insights that the UK appears to have ignored.
SOTERIA’s digital wallet was designed around four core principles: secured access through high level identification, smart data minimisation (transmitting only essential information), secured storage under full citizen control and educational tools for awareness.
The technical architecture achieved high security metrics: 94.3% detection of presentation attacks, 128-bit encryption and zero information leakage to unauthorised third parties. Yet despite these strong technical credentials, the results revealed significant challenges.
Spanish participants in the e-health pilot showed increased privacy control, transparency and behavioural intention to use the wallet, particularly under mandatory usage scenarios. However, Romanian e-exam participants experienced increased perceived risks with mandatory use and decreased behavioural intention with voluntary adoption. Austrian participants emphasised security perception as the most critical factor, with mixed results on long term acceptance.
Research showed that a low number of participants would voluntarily store personal data in the wallet. However, more than 60% indicated they would reuse the tool after using it once, suggesting that initial adoption barriers might be overcome through positive experiences.
Against this backdrop, the UK government’s approach appears remarkably tone deaf. Rather than learning from Europe’s careful, privacy-first experimentation, Britain is implementing a mandatory, top-down system driven primarily by immigration politics. Starmer has explicitly framed the BritCard as an immigration enforcement tool at a time when Reform UK are topping the opinion polls.
Privacy by design
SOTERIA demonstrated that citizens respond positively to systems where privacy protection is fundamental to the architecture, not an add-on. The wallet employs selective disclosure, allowing users to prove they meet requirements (like age) without revealing unnecessary personal information, enhancing privacy and GDPR compliance.
The UK government claims its system will have security at its core and that user control is at the heart of its proposals. Yet security experts have described the digital IDs as a honeypot for cybercriminals, warning that hackers could potentially target a central database containing millions of records in a single attack.
More fundamentally, when a system is mandatory for employment and linked to immigration enforcement, “user control” becomes largely meaningless. You cannot meaningfully consent to something required to work legally.
The business model black hole
Both Europe and the UK face a challenge that neither has adequately addressed, who pays for digital identity infrastructure while respecting privacy principles? SOTERIA’s exploration of business models identified a critical tension: digital wallets must respect the principle of non-traceability, preventing service providers or governments from tracking citizen transactions. Yet sustainable funding requires either citizen payment, service provider fees, government funding or hybrid models, all of which create potential tracking mechanisms.
The UK has sidestepped this question by making the system government funded and mandatory, but this creates fiscal sustainability questions and reinforces surveillance concerns. The EU’s more principled approach has resulted in business model uncertainty that may hamper adoption but at least preserves the possibility of truly privacy respecting implementation.
Cultural context cannot be ignored
Britain abolished identity cards after the Second World War, and attempts to reintroduce them have consistently failed. The Labour government’s ID card scheme collapsed in 2006, with the subsequent Conservative-Liberal Democrat coalition explicitly opposing it.
SOTERIA’s findings across three countries demonstrated that identical technical systems produce dramatically different acceptance rates depending on cultural context. What worked in Spain’s mandatory e-health scenario produced opposite results in Romania’s voluntary e-exam context. Yet the UK government is imposing a one size fits all mandatory system on a population historically hostile to such schemes.
The future of digital wallets
Rather than a mandatory universal ID, the UK should follow an Australian model and begin with specific services where digital credentials offer clear citizen benefits. SOTERIA found higher acceptance for e-health applications in Spain, suggesting that practical benefits in trusted domains can build acceptance.
It should also implement selective disclosure, decentralised storage and genuine user control over data sharing. The EU’s eIDAS 2.0 Regulation mandates such features for the European Digital Identity Wallet, requiring interoperable digital wallets that support selective disclosure and user control by 2026.
Rather than hiding costs in government budgets, the UK should have an open conversation about sustainable funding models that don’t compromise privacy. The EU’s continued struggle with this question suggests it requires serious policy attention, not avoidance.
Evidence from SOTERIA’s sustainability analysis suggests that repeated exposure overcomes initial hesitancy: participants from most countries who used the wallet twice showed increased privacy control and perceived security over time. This suggests that hands-on experience can convert sceptics, and that demonstrating value can overcome initial hesitancy, but only if adoption isn’t forced.
The political decision to frame the UK’s digital ID primarily as an immigration control measure has fundamentally compromised public trust. Identity infrastructure should be built to serve citizens, not to police them.
Note: This article gives the views of the author, not the position of EUROPP – European Politics and Policy or the London School of Economics. Featured image credit: Alexandros Michailidis / Shutterstock.com
