Open in app

Sign in

Medium Logo
Write

Sign in

digita

TSPs, e-ID, e-IDAS 2 and the UK Digital Wallet

Building houses and then adding the foundations

Prof Bill Buchanan OBE FRSE
7 min readApr 19, 2025

--

I will discuss the UK and Scotland here, but you can possibly substitute your own country, state or region into the debate.

Why, in 2025, are we still walking around with bits of plastic in our wallets, and why even have physical wallets? While there has, of course, got to be a choice for some people as to whether they want to adopt digital methods, there is a building of a proper digital and tokenised economy to be considered. If we fail to build a truly digital economy, our societies will fall behind others and we will be building on sand. For me, I have virtually no real digital interaction with either the UK or Scottish Governments or any of the key public sector departments (apart from paying taxes, of course). It shows, a real lack of understanding of digital technology, and in proper leadership as to the opportunities that a truly digital economy will bring.

The problem with digital ID and governments

The problem with digital ID is that many governments want to own it and then merge everyone's ID into a central place — basically, they want control of the identity of the citizen. But, this control can lead to abuse of power, and where citizens could be spied upon. So, rather than governments becoming a trusted source of identity (“an identity verifier”), they often want to become the sole provider of someone’s identity. This approach will ultimately fail, both in scaling the usage of digital ID and in not gaining the trust of the citizen.

And, when many governments talk about digital ID, they often just think it is a good old identifier, but stored in an electronic database. In the UK, this could be the National Insurance number, or an HMRC number, or even the NHS number. These are just numbers and are like primary keys in a database, and where most governments would like to just merge these into a single unique identifier, or, at least, just link the primary keys. Unfortunately, this is the world of the 1960s, and where we all have numeric or alphanumeric identifiers, just like you have with the sort code and bank account identifier.

And, so, it has been nearly 50 years since the creation of public key signing, but governments still do not see the true power of digital signing and the proper use of digital wallets. For a truly tokenised world, an entity will properly digitally sign for things with our private key, and verify with our public key — but we need a legal basis for this, and where the UK has failed to support any move towards this, and still stick with the wet signature and “copy and paste my signature into a Word document” approach to signing. We live in a false digital world!

The great hope — eIDAS2

The great hope in the move to a tokenised economy is the rise of e-IDAS, and Cryptomatic has an excellent article on it [here]:

Within 2024, the EU enacted the eIDAS 2.0 regulation [here], which mandates that every EU country will implement a digital identity (e-ID) for each citizen, resident and business by 2026 [here]. The aim of this is to break down barriers to movement between EU countries, further support the harmonisation of markets and reduce frictions across European trade and business activity. For the first time, we now see some sort of legal certainty in the creation of digital signatures.

The vision is apparent [here]:

  • Increased access to electronic identity for all EU citizens.
  • Enhanced trust in the digital identity and signing ecosystem.
  • Growth in usage and volume of qualified services, including signatures and seals.

The document talks about the rise of TSPs (Trusted Service Providers), and which gain some degree of autonomy in the granting of rights, and which do not have to be government agencies. These will be trust relationships with citizens, such as for academic institutions being able to digitally sign for academic qualifications, and health authorities being able to sign for medications. The EU wants to scale its infrastructure so that it is not bound by any borders.

The article [here] defined a number of use cases, such as for a National Signing Service:

Figure 2 [here]

and for a high-trust signer [here]:

Figure 3[here]

e-IDAS2 signing

e-IDAS2 provides legal acceptance for digital signing and Uses Advanced Electronic Signatures (AdES) [here]. AdES is defined as part of the EU Regulation No 910/2014 (eIDAS-regulation) and is used to provide electronic identification and for trusted services related to electronic transactions in the EU. e-ID uses a ledger based on EBSI (Electronic Blockchain Services Infrastructure) with a federated approach with each country running their own trust infrastructure (uses Hyperledger Fabric). Each country is responsible for registering entities with its digital wallet. EBSI will then hold the trusted public keys of entities. Overall, there are many application areas defined, including driving licences, travel documents, qualifications, and so on. It has a focus on \emph{Gather once, use many times approach}, and compliant wallets for organisations and individuals are being defined at \cite{europaConformantWallets}. Serbia aims to launch a digital wallet by the end of 2025 \cite{seenewsSerbiaLaunch}.

The UK

The UK has been fairly slow in adopting digital ID. This has been typically due to the resistance of citizens towards the concept of a government-defined identity and identity cards. A UK ID card was proposed in 2001 and eventually scrapped in 2010 due to concerns about privacy. The Tony Blair Institute for Global Change is one group that has been calling for the adoption of digital ID in the UK.

The UK government aims to release the GOV.UK Wallet with the first release of a Veteran Card and digital driver’s licence in 2025. Forthcoming applications include applying for childcare and reporting a lost passport and are part of Plan for Change. Other related initiatives include:

  • The setup of the Office for Digital Identities and Attributes.
  • UK framework to be defined.
  • HMRC digital wallet. This includes MFA and biometrics.
  • NHS ID check.

Lord Holmes defines that the UK government acknowledges the urgent need to develop a trusted and effectively delivered system of distributed digital ID and digital verification, but there is little clarity on this. Overall, the Department for Science, Innovation and Technology launched the Office for Digital Identities and Attributes (OfDIA) have now been put in place to guide the Digital Identity Attributes Trust Framework (DIATF) and which will certify service providers. As of April 2025, there are 58 organisations that can deliver digital verification for Right to Work, Right to Rent and background check (DBS) compliance. Within the UK Parliament, the Data (Use and Access) Bill will aim to provide a statutory foundation for digital verification.

While advancing Digital Identity and Attributes Trust Framework (DIATF), the UK government has been processing the GOV.UK One Login, which will provide a single account for logging in to government services. For many, this login has been seen as a separate advancement to the digital ID service, but the roll-out of the Gov.uk digital wallet (Figure 1) and app will bring the two closer. This will include the launch of digital driver’s licences and digitised veteran cards. There are some concerns about the overall centralisation of the digital ID system and how governments could use the gathered data, especially where there was a \textbf{mandatory ID} and in a further widening of the \emph{digital divide}. It is thus important that privacy and cybersecurity are core elements of the developed infrastructure.

Figure 1

The fundamental problem with the UK digital wallet — apart from its current status as a proper digital wallet — is that there is just a general lack of engagement with citizens and businesses on how to best build it.

We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy out of their beneficence. It is to their advantage to speak of us, and we should expect that they will speak — Tim May

We just need to look to Estonia to see how governments can drive digital transformation through citizen adoption and support. So while Estonia has the X-Road architecture, there is no general data architecture in the UK or Scotland, and with this, we build on sand. To roll out apps, before you even have an architecture, is like building a house with separate rooms and then trying to bind the rooms together, and then inserting a foundation for the house to sit, and then changing the design of the foundation as other houses are built.

Conclusions

The UK also needs to realise that there is the potential for massive growth in the creation of TSP, digital signers, and digital contract integration. To me, the UK is re-inventing the wheel with the creation of its own framework, and one which will fail to scale. My advice to the UK and Scottish governments is to adopt e-IDAS2 and bring in a world of proper digital identity and digital signing. Otherwise, we will build on sand. These are my own personal feelings, and where I want to see a world which has more bridges and fewer walls. They will not listen to me, though, as I’m an engineer, and they only think of things in a political way. Anyway, they are only in government for a few years, so anything that has an impact that is longer than that might be of little interest to them.

Cybersecurity
Cryptography
Digital Identity

--

--

Prof Bill Buchanan OBE FRSE
Prof Bill Buchanan OBE FRSE

Written by Prof Bill Buchanan OBE FRSE

34K followers
39 following

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. Based in Edinburgh. Old World Breaker. New World Creator. Building trust.

Responses (4)

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech