Question to the Department for Science, Innovation & Technology:

To ask His Majesty's Government whether any component of the One Login service was developed offshore without prior consultation with the National Cyber Security Centre; and whether the Government have retrospectively approved any such arrangements.

No personnel developed components of the One Login service offshore without prior consultation with the National Cyber Security Centre (NCSC). We undertook a risk assessment in consultation with the NCSC before any offshore development by a small number of developers took place.

Any code in GOV.UK One Login that was produced by overseas staff was further subjected to a review by a staff member with Security Check clearance in the UK before it was deployed to production. As of March 2025, there is no longer any off-shored development on GOV.UK One Login.