Recently, the Data Protection and Digital Information (DPDI) Bill passed through the House of Lords in the United Kingdom.
This bill lays the legal foundation for the country’s Digital Identity Trust Framework and paves the way for the rollout of a UK digital ID wallet and mobile driving licences.
We asked Robin Tombs, CEO of Yoti, and Richard Oliphant, legal consultant at RO Legal Consulting, about the implications of the bill and whether the government wallet could help or hinder the thriving ecosystem of private identity providers.
Here’s what they had to say:
Regulatory Lag Is Holding Back Innovation
While the bill gives the UK’s Digital Identity Trust Framework a legal foundation, it’s just one piece of the puzzle.
Sector-specific regulations still need to be updated before digital wallets can be widely used in real-world scenarios.
For example:
- Alcohol sales still require updates to licensing laws before digital wallets can be accepted as proof of age. However, according to Robin, the government plans to update the alcohol licensing laws before Christmas, allowing individuals to use their phones for digital proof of age across up to 200,000 licensed premises.
- Financial services need changes to AML regulations and FCA guidance to fully onboard customers using digital credentials.
- In the meantime, identity providers and compliance teams remain cautious. As Richard noted, “The technology is ahead of the regulation.”
Government Wallet: Helping or Hindering?
The UK Government’s digital identity wallet is expected to launch soon, but the panel raised concerns about its impact on the private sector.
Robin mentioned that free access to the government wallet could incentivize businesses to use it over commercial offerings, especially in public sector workflows such as Companies House (the UK’s official registrar of companies) or student loans.
Richard emphasized a more profound concern: the risk of a government monopoly.
As it stands, there are no current plans to allow certified identity providers (IDPs) to host or integrate government-issued credentials, such as mobile driving licences.
That means the government wallet could become the only viable channel for accessing certain high-value credentials, effectively cutting out the private sector.
Richard noted that this creates an uneven playing field between the government wallet and trust framework-certified providers, warning that it could stifle competition, limit innovation, and slow the growth of a healthy identity ecosystem.
However, he also pointed to a possible workaround: certified IDPs may be allowed to create derived credentials based on official ones, like the mDL.
In this model, an IDP could take verified information from a government-issued mDL and issue a new, cryptographically signed credential stored in the provider’s own wallet.
While this approach could allow private-sector wallets to be used for proving identity, age, or eligibility, Richard expressed mixed feelings. He noted that these derived credentials wouldn’t carry the full authority of the original — for instance, they wouldn’t prove legal entitlement to drive — raising questions about their practical limits.
Despite these concerns, Robin shared an optimistic view.
He believes that as millions of UK citizens join a reusable digital identity network through the government wallet, both the public and private sectors will benefit.
Widespread adoption could lead to reduced ID fraud, greater convenience for individuals, and rapid business uptake.
Importantly, he expects this momentum to drive interest in private-sector wallets as well.
As innovation accelerates over the next few years, private wallets could offer additional functionality, enabling users with derived government credentials, private-sector credentials, and payment details to do even more directly from their phones.
Private vs Government Wallets: Why Both Matter
While the government wallet may play a central role in certain use cases, the panel agreed that private wallets are still essential and not just for commercial flexibility.
Here’s why:
- User experience: The private sector typically delivers a better user experience, which drives adoption.
- Sensitive use cases: People are unlikely to use a government-issued wallet for activities like gambling or accessing adult content. Privacy and perceived anonymity matter.
- Scalability and integration: Businesses will continue to rely on certified identity providers that can offer SLAs, support, and commercial-grade integrations.
The consensus? Let users choose.
Any certified wallet, government or private, should be treated equally across use cases. That’s the only way to build a trusted and inclusive digital identity ecosystem.