On September 26th, the UK government announced plans to introduce a mandatory digital ID called ‘BritCard’. The proposal would require a digital ID for everyone in employment, and is expected to cover driver’s licenses, employee benefits, banking and tax services in the future.
Critics have described the plan as Orwellian, warning it would open the door to mass surveillance and expand government power over its citizens.
The announcement also comes as HMRC confirmed plans to expand its powers to withdraw funds directly from bank accounts to recover unpaid taxes.
Human rights groups say this reflects a growing willingness of governments to prioritize control over individual sovereignty and economic autonomy. While digital identity is not yet directly linked to these financial powers, it is easy to imagine how the two could be integrated and real-time monitoring and enforcement could be enabled through a unified identity system.
A petition against digital ID in the UK reflects growing public concern and has been signed by more than 2.9 million people, around 4.3% of the population.
Cybercrime expert Professor Alan Woodward from the University of Surrey has warned that identity data stored in a single database creates a “hacking target” that could expose millions of records and disrupt critical services.
Telegram founder and CEO Pavel Durov recently warned that a “dark, dystopian world” is on the horizon, referring specifically to the UK’s digital ID rollout, warning that “time is running out to save the free internet.”
The danger signs are already visible. China’s social credit system punishes citizens for acts such as late bill payments, spreading misinformation, and minor social disturbances. Britain’s online safety bill led to arrests over online speech, and authorities froze protesters’ bank accounts during the 2022 Canadian truck driver protests.
Rolling out a centralized digital identity in the UK could create clear opportunities for similar overreach in the future, where access to critical services depends on it.
Could digital identity work without eroding freedom and privacy?
Decentralized blockchain-based frameworks have the potential to mitigate many of the risks such as surveillance, cyber-attacks, and unauthorized data access.
Projects such as Ethereum, Hyperledger Indy, and Polygon ID are developing decentralized identifiers (DIDs), verifiable credentials, and zero-knowledge proofs to replace traditional databases with cryptographic verification. These systems allow individuals to control their data, limit access by institutions, and reduce the risk of large-scale breaches.
Ethereum co-founder Vitalik Buterin proposed “Pluralistic identity”a model that allows for fair participation while protecting privacy. It relies on multiple interoperable identity issuers, including governments, social platforms, and private institutions, and prevents any single organization from controlling or monitoring issuance.
Still, decentralized identity faces practical obstacles. The system does not yet operate smoothly across platforms, and unanswered questions remain regarding recovery, governance, and regulatory acceptance. Ensuring they belong to the right people, correcting mistakes or reverting changes, and deterring fraud remain difficult problems that the Web3 space has not fully solved.
Governance remains one of the biggest challenges. Decentralized systems require trusted publishers and independent verifiers to prevent certain groups from deciding who is “important.” Centralized control can conceal identity from political opponents, critics, or the community at large.
Achieving this on a national scale remains complex. Even a highly decentralized network like Polkadot has only a few hundred validators, far fewer than the ones required by a global identity framework. In practice, such infrastructure will be difficult to design, manage, and regulate.
Bhutan’s pilot digital identity program, currently being migrated from Polygon to Ethereum, shows how blockchain-based systems can work in a real-world environment. Importantly, Bhutan’s approach is voluntary and built on decentralized technology, whereas the UK’s Britcard proposal is mandatory for all working people and relies on a central government database with much stronger controls.
If the UK truly values transparency, privacy and security, it should consider similar decentralized pilots rather than rushing to introduce centralized digital IDs.
UK legal protections for privacy are weakening
As seen in the Data Use and Access Act 2025 (DUAA), recent UK policy increasingly prioritizes state and corporate access to personal data over individual rights.
British privacy group Big Brother Watch warned lawmakers at a parliamentary briefing on DUAA that the bill would expand state and corporate access to personal data while weakening the rights of individuals, particularly through the broad “legitimate interest” exemption that allows organizations to process personal data without consent if they claim the data serves a common purpose.
The law received royal assent in June 2025, reflecting a legislative stance that prioritizes the convenience of surveillance over civil liberties.
Older frameworks such as GDPR and human rights law aim to protect privacy and civil liberties. But they can be circumvented through national security provisions, technical expertise, emergency powers, and vague laws.
In the UK, there are no clear laws or legal protections that prevent the government from claiming that digital ID is voluntary, while structuring society in such a way that it is impossible to live without it, effectively forcing compliance in the name of choice.
Big Brother Watch warned that this creates a “paper-me-me” system where participation in everyday life relies on digital authentication, a form of forced consent that is also reflected in jurisprudence such as the 2019 University of Washington Law Review study.The Pathology of Digital Consent”, The researcher argued that digital “consent” is often meaningless because people are pressured, tricked, or do not understand what they are consenting to.
Without decentralized systems and strong legal protections for privacy, digital identities risk becoming control mechanisms. We must resist until technology and law are mature enough to ensure that digital identities empower citizens, rather than strip them of their rights and freedoms.
The growing public backlash against mandatory digital IDs should serve as a warning. If these systems are introduced without appropriate safeguards, even if they are successfully rolled out in the UK, they could be the last real chance British citizens have to say no to the government.