On September 26, the UK government announced plans to roll out a mandatory digital ID dubbed “BritCard”. Under the proposal, the digital ID would be required for anyone in employment, with future extensions expected to cover driving licences, welfare benefits, banking, and tax services.
Critics have described the plan as Orwellian, warning that it opens the door to mass surveillance and expands government power over citizens.
STORY CONTINUES BELOW
The announcement also follows the UK tax authority’s (HMRC) confirmed plans to expand its powers to withdraw funds directly from bank accounts to recover unpaid taxes.
Human rights groups say this reflects a growing willingness by the government to prioritize control over individual sovereignty and financial autonomy. While digital ID has not yet been directly linked to these financial powers, it is easy to see how the two could converge, allowing real-time monitoring and enforcement through a unified identity system.
A petition opposing the UKs digital ID has surpassed 2.9 million signatures, roughly 4.3% of the population, reflecting mounting public concern.
Cybercrime expert Professor Alan Woodward at the University of Surrey warns that ID data stored on a single database creates a “hacking target” that could expose millions of records and disrupt essential services.
Telegram founder and CEO Pavel Durov recently warned that a “dark, dystopian world” is approaching, specifically mentioning the UKs digital ID rollout, with a warning that “We’re running out of time to save the free internet.”
The warning signs are already visible. China’s social credit system punishes citizens for behavior such as late bill payments, spreading misinformation, and minor public disturbances. The UK’s Online Safety Bill has led to arrests over online speech, and during Canada’s 2022 trucker protests, authorities froze the bank accounts of dissenters.
Rolling out a centralized digital ID in the UK could create obvious opportunities for similar overreach in the future if access to essential services depends on it.
A decentralized, blockchain-based framework could reduce many of the risks like surveillance, cyberattacks, and unauthorized data access.
Projects such as Ethereum, Hyperledger Indy, and Polygon ID are developing decentralized identifiers (DIDs), verifiable credentials, and zero-knowledge proofs to replace legacy databases with cryptographic verification. These systems let individuals control their own data, limit institutional access, and lower the risk of large-scale breaches.
Ethereum co-founder Vitalik Buterin has proposed “pluralistic identity”, a model that protects privacy while enabling fair participation. It relies on multiple interoperable ID issuers, including governments, social platforms, and private institutions, to prevent any single entity from controlling issuance or oversight.
Still, decentralized identity faces practical obstacles. Systems do not yet work smoothly across platforms, and there are unresolved questions around recovery, governance, and regulatory acceptance. Making sure they belong to the right person, fixing mistakes or reversing changes, and stopping fraud are still challenging problems that the Web3 space has not fully solved.
Governance remains one of the biggest challenges. Decentralised systems need trusted issuers and independent validators to stop any one group from deciding who “counts”; if control concentrates, identities could be withheld from political opponents, critics, or entire communities.
Achieving this at a national scale remains complex. Even highly decentralized networks like Polkadot have only hundreds of validators, far fewer than what a global identity framework would likely require. In practice, designing, managing, and regulating such infrastructure will be a challenge.
Bhutan’s pilot digital identity program, now migrated from Polygon to Ethereum, shows how blockchain-based systems can work in real environments. Crucially, Bhutan’s approach is voluntary and built on decentralized technology, whereas the UK’s BritCard proposal would be mandatory for anyone working and relies on a central government database with much greater control.
If the UK genuinely values transparency, privacy, and security, it should be exploring similar decentralized pilots instead of rushing to deploy a centralized digital ID.
Recent UK policy increasingly prioritizes state and business access to personal data over individual rights, as seen with the Data Use and Access Act 2025 (DUAA).
In a Parliamentary briefing on the DUAA, UK privacy group Big Brother Watch warned MPs that the legislation expands state and corporate access to personal data while weakening individual rights, notably through broad “legitimate interests” exemptions that allow organizations to process personal data without consent if they claim it serves a general purpose.
The Act received Royal Assent in June 2025, reflecting a legislative posture favoring surveillance convenience over civil liberty.
Older frameworks like GDPR, and the Human Rights Act, aim to protect privacy and civil liberties. Yet, they can be bypassed through national security clauses, technicalities, emergency powers, and vague legislation.
There is no explicit law or legal protection in the UK to prevent governments from claiming digital IDs are voluntary while structuring society so that life without one becomes unworkable, effectively forcing compliance under the guise of choice.
Big Brother Watch has warned this creates a “papers, please” system where participation in everyday life depends on digital verification, a form of coerced consent echoed in legal scholarship such as the 2019 Washington University law review study ‘The Pathologies of Digital Consent’, which argued digital “consent” is often meaningless because people are pressured, tricked, or unable to understand what they’re agreeing to.
Without decentralized systems and strong legal safeguards geared towards privacy, digital ID risks becoming a mechanism of control. It should be resisted until the technology and laws are mature enough to guarantee that digital identity empowers citizens, instead of potentially stripping away their rights and freedoms.
The growing public pushback against a mandatory digital ID should serve as a warning; if these systems are implemented without proper protections, a successful rollout in the UK could mark the last time the British public has a real chance to say no to its government.