Asked by: Lord Clement-Jones (Liberal Democrat - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government what lessons they learned from GOV.UK Verify, and how they will apply those lessons to the development and governance of the One Login digital identification system.
Answered by Baroness Jones of Whitchurch - Baroness in Waiting (HM Household) (Whip)
The lessons learned from GOV.UK Verify have formed a core part of how GOV.UK One Login has been developed. For example, GOV.UK One Login is a centrally funded programme to encourage adoption. GOV.UK One Login also accepts multiple types of evidence, and allows users to choose from three identity verification routes, including visiting the Post Office to prove their identity in person, increasing success rates and inclusion.
The programme is governed by a cross government programme board, to ensure that Departments using the service are kept at the centre of programme delivery and as a Government Major Portfolio Programme (GMPP) it is subject to cross government assurance. The Infrastructure and Projects Authority has reviewed the programme positively in the last three Assurance Gateway Reviews.
Asked by: Lord Clement-Jones (Liberal Democrat - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government what assessment they have made of the impact on private digital identification service providers of the free use of One Login by Companies House; and whether they will refer this to the Competition and Markets Authority to ensure there is no market distortion.
Answered by Baroness Jones of Whitchurch - Baroness in Waiting (HM Household) (Whip)
GOV.UK One Login is a centrally funded programme, to deliver one ‘front door’ for government services in order to replace the previous landscape of siloed and duplicative sign-in and identity-proofing methods. This will save time for users and taxpayer money by avoiding duplication across government. As an organisation within government, Companies House services are included in this government programme. As is the case with all other government services on GOV.UK One Login, the service is free to use to enable inclusive and easy access to public services.
Asked by: Lord Clement-Jones (Liberal Democrat - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government what requirements they have placed on BT to consult customers about the implementation of the Digital Voice rollout, particularly for vulnerable customers or those in rural areas.
Answered by Baroness Jones of Whitchurch - Baroness in Waiting (HM Household) (Whip)
The Government is determined to ensure that any risks arising from the industry-led migration of the Public Switched Telephone Network (PSTN) to Voice over Internet Protocol (VoIP) are mitigated for all customers across the UK.
Major communication providers, including BT, signed a voluntary charter in December 2023 to protect vulnerable customers. A definition of vulnerable customers who may require additional support in the context of the PSTN switch-off was published in November 2024. It includes the landline-dependent and those living in rural areas. In November 2024, providers agreed to additional safeguards in the Non-Voluntary Migrations Checklist. This includes requirements for timely and repeated communication with customers ahead of their non-voluntary migration.
Asked by: Lord Clement-Jones (Liberal Democrat - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government what steps they have taken to establish minimum standards for battery back-up of Digital Voice services during power outages; and what assessment they have made of whether these minimum standards are sufficient for rural areas.
Answered by Baroness Jones of Whitchurch - Baroness in Waiting (HM Household) (Whip)
The Government is determined to ensure that any risks arising from the industry-led migration of the Public Switched Telephone Network (PSTN) to Voice over Internet Protocol (VoIP) are mitigated for all customers across the UK.
In November 2024, providers agreed to safeguards in the Non-Voluntary Migrations Checklist including requirements to provide resilience solutions (e.g., battery back-up) for vulnerable customers, including the landline-dependent and those living in rural areas, to enable access to emergency organisations for at least one hour in a power outage. After discussions with government ministers, a number of communication providers have gone beyond this minimum, providing battery back-ups of 4-7 hours.
Asked by: Lord Clement-Jones (Liberal Democrat - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government what steps they will take to consult with private sector digital identification providers about the future development of the UK digital identification ecosystem, including the Gov.uk digital wallet and the mobile driving licence.
Answered by Lord Vallance of Balham - Minister of State (Department for Science, Innovation and Technology)
The Office for Digital Identities and Attributes (OfDIA) regularly engages with a wide range of stakeholders including digital verification service providers, civil society, regulators, and other experts from academia and think tanks.
With regard to the GOV.UK Wallet and the mobile driving licence, OfDIA and the Government Digital Service have an event on 14 May 2025 to engage with digital verification providers on how the GOV.UK Wallet can work with and alongside private sector solutions to offer users the best experience and appropriate choice. This will be followed by technical engagement with providers in the coming months.
Asked by: Lord Clement-Jones (Liberal Democrat - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government what assessment they have made of the impact of the launch of (1) the Gov.uk digital wallet, and (2) the certification of the One Login digital identification system, on (a) investment, and (b) existing private sector digital identity systems.
Answered by Baroness Jones of Whitchurch - Baroness in Waiting (HM Household) (Whip)
GOV.UK Wallet
The GOV.UK Wallet is in the early stages of its development, and its announcement in January was the beginning of the design and build of the product. The GOV.UK Wallet is subject to the rigorous and well-established process designed to ensure value for money and alignment with government priorities. As we progress, the value and impact (including on businesses) will be further evaluated, including during the forthcoming Spending Review.
GOV.UK One Login
GOV.UK One Login enables the public to interact with government services online with a single account and identity-checking system. GOV.UK One Login can only be used to access government services. Its certification against the trust framework demonstrates it is meeting best practice and high standards, but does not change where or how it can be used.
Asked by: Lord Clement-Jones (Liberal Democrat - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government what independent verification they sought to assess the security of the One Login digital identification system.
Answered by Baroness Jones of Whitchurch - Baroness in Waiting (HM Household) (Whip)
The GOV.UK One Login works closely with the National Cyber Security Centre (NCSC) to identify and mitigate risks and align to the Cyber Assessment Framework (CAF) which the Government Cyber Security Strategy 2022-2030 outlines as the assurance framework that should be adopted by the government. Findings from the recent CAF GovAssure process identified areas of good practice including governance, risk management, assurance, monitoring, incident management and lessons learned. The programme has conducted multiple independent risk and threat assessments, such as regular IT Health Checks (ITHC), and these will continue to be part of the programme’s operating approach.
In addition GOV.UK One Login works closely with the Information Commissioners’ Office (ICO) on programme developments, including iterations of the Data Protection Impact Assessment (DPIA).
Asked by: Lord Clement-Jones (Liberal Democrat - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government, following the remarks in November 2023 by the Government Digital Service Chief Information Security Officer that the One Login digital identification system was "indeed carrying a high level of risk", what progress they have made to address any security and technical issues.
Answered by Baroness Jones of Whitchurch - Baroness in Waiting (HM Household) (Whip)
These comments are outdated and reflect a view from when the programme was in its infancy in 2023. We have worked to address all these concerns as evidenced by multiple external independent assessments such as the recent Cyber Assessment Framework (CAF) GovAssure process which identified areas of good practice including governance, risk management, assurance, monitoring, incident management and lessons learned. Risk mitigation will continue to be central to our approach to ensure we keep pace with the constantly changing cyber threat landscape.
Asked by: Lord Clement-Jones (Liberal Democrat - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government what steps they are taking to ensure that only individuals with the appropriate security clearance have privileged access to the One Login digital identification system live service.
Answered by Baroness Jones of Whitchurch - Baroness in Waiting (HM Household) (Whip)
GOV.UK One Login takes the security clearance and audit of personnel very seriously. All individuals with production access to Government Digital Service (GDS) systems must undergo a Security Check (SC). There are some individuals working within the GOV.UK One Login programme who are not SC-cleared, however they will not have production access to the service.
Asked by: Lord Clement-Jones (Liberal Democrat - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government what steps they are taking to address security issues in the One Login digital identification system.
Answered by Baroness Jones of Whitchurch - Baroness in Waiting (HM Household) (Whip)
GOV.UK One Login follows the highest security standards for government and private sector services. As the public rightly expects, protecting the security of government services and the data and privacy of users to keep pace with the changing cyber threat landscape is paramount.
Security best practice is followed with a number of layered security controls which include: Security clearances for staff with ‘Security Check’ clearance required for all developers with production access; Identity and access management controls that block staff from viewing or altering personal information; A secure by design and compartmentalised system architecture; Technical controls around building and deployments; Logging and monitoring to alert on access to environments that contain personally identifiable information; and robust procedures for addressing any unauthorised or unaccounted for access.