Yes, a digital ID could be safe and secure – but the BritCard hasn’t gained my trust

British Prime Minister Keir Starmer chose the packed room of the Global Progress Action Summit 2025 to officially share with citizens the government’s plans to combat illegal immigration. All adults would have to prove their right to work and live in the UK via a mandatory digital ID app – the BritCard.
A petition demanding the system be scrapped over privacy concerns attracted more than a thousand signatures in about 24 hours – although there are now more than 2.8 million at the time of writing. Politicians from both sides and even Starmer’s party have also strongly criticized the decision.
It’s true: digital identification is not necessarily bad. Estonia is one of the few examples in the world proving that a digital ID can combat illicit activities such as fraud, speed up bureaucracy and make democratic participation more accessible. However, trust is key to achieving this, and the BritCard doesn’t have that.
The UK has a poor record when it comes to protecting citizens’ sensitive data. In the latest case, a cyberattack against the In April, the UK’s Legal Aid Agency leaked nearly 2.1 million citizens’ data, including criminal records.
In its official announcement, the British government assures that the digital identification system is “designed with best-in-class security” and that “identifying information will be stored directly on people’s own device.” The system is also expected to use “state-of-the-art encryption and authentication technology” to maintain data privacy and security.
Yet continued law enforcement push for backdoor encryption also worries cryptographers, security experts and ID software developers, arguing that such a requirement could make all of our devices even less secure.
A Privacy Nightmare
The desire to digitize citizens’ ID cards is not unique to the United Kingdom. The European Union has introduced a similar system, with some member countries already rolling out the first iterations. There is, however, a key distinction: we will all be forced to use the BritCard, whether we like it or not.
But this was not always the case. According to the GOV.UK Wallet, announced in January, the British would have the right option to digitize their documents in a single application, starting with their driving license, in order to facilitate the use of state services.
Its evolution into the BritCard stems from an idea by think tank Labor Together, which first published a detailed report in June. Here, a British digital identification is above all a measure aimed at combating illegal immigration.
Under the plan, a mandatory national digital identity would be issued free of charge to all citizens with the right to live or work in the UK, whether they are British nationals or legal migrants.
“The BritCard would be a verifiable digital credential downloaded to a user’s smartphone, which could be instantly verified by employers or landlords using a free verification app,” the report explains.
Digital rights activists and even some politicians, however, worry that mandatory digital ID could create a “checkpoint society” in which everyone is less safe.
In its report, Big Brother Watch claims that the BritCard could end up normalizing data sharing while removing the need for proportionality included in the current legal framework.
Activists also cite the risk of “functional drift,” arguing that digital identification systems could be subject to expansion. “This is particularly true of systems designed to prevent harm, disorder, or crime, which often operate under the assumption that it is necessary to acquire as much data as possible,” they write.
After all, an arguably dystopian possibility of introducing a “community impact score” also appears to be already under consideration. As a report published by the Tony Blair Institute for Global Change points out, citizens could eventually use the BritCard to report issues in the community, “ensuring they feel the impact of effective delivery in their daily lives”.
Security starts with trust
The growing need for reliable identity management software has driven the industry to grow. Companies are working to develop private and secure digital identification software. These experts believe that, if implemented well, digital identifications can even constitute a Secure way to apply age verification.
If implemented well, this is key.
A single database comprising all of citizens’ most sensitive information would certainly provide an attractive target for malicious actors engaged in identity theft and similar attacks.
The UK, however, has repeatedly demonstrated that it is not well equipped to keep our data secure. At the same time, encryption backdoor orders like the one taken against Apple could end up eroding the security offered by this technology.
So it’s not so surprising that civil rights groups worry that the BritCard could turn into a honeypot for hackers and hostile governments.
❌Reject digital ID✊Britain has a long and proud history of rejecting mandatory ID proposals, and we should reject this one too. Sign and share the petition ⤵️https://t.co/Nz0lv55UR8September 25, 2025
The British are worried, and for good reason. In the best case scenario, it is possible that our most sensitive data could be compromised, hacked by malicious cyber actors. In a worst-case scenario, this mass collection could pave the way for increased control and surveillance from those who promise that digital identification would improve our lives.
Perhaps saddest of all is to see the government touting the Brit Card as a way to tackle illegal immigration. In reality, however, many doubt whether a digital ID card can provide significant benefits.
As a European immigrant living and working in the UK myself, I know that a system to prove your right to work and live in the country is already in place. In the form of a digital combination, delivered instantly by the government portal on request.
So, is the UK’s mandatory digital ID system simply a desire for bureaucratic innovation, or something more? Whether this is the case, the UK must first resolve its data security concerns before accidentally creating a new secondary entry into our most sensitive information. A burning dream for hackers that could turn into our worst nightmare.


