United Kingdom
The UK’s new app to hold citizens’ driving licences, passports and benefits documents risks being used as a “launchpad for a mandatory ID scheme”, privacy campaigners have claimed.
The UK Government has unveiled plans for a gov.uk app and gov.uk wallet, allowing people to carry digital versions of paper documents on their phones. These would include proofs of right to work in the UK, rights to benefits, veteran ID cards and DBS certificates, which employers use to check the criminal record of someone applying for a role. The technology will include biometric security such as face scans.
But campaigners are now calling for greater transparency about the new systems’ privacy impact before they are rolled out later this year, as per The Guardian.
“[Peter] Kyle will not be department of science, innovation and technology minister for ever, and a future government could easily use the optional digital wallet as the launch pad for a mandatory ID scheme,” said Silkie Carlo, the director of the Big Brother Watch campaign group.
“The addition of our facial recognition data makes this sprawling identity system incredibly sensitive, intrusive and a honeypot for hackers.”
James Baker, the campaigns manager at Open Rights Group, said: “Is there going to be pressure for the app to become the portal that you have to interact with the government through?
“Do you end up in a world where it’s meant to be voluntary but it becomes so widely accepted that you can’t live without it? One future problem is it ends up evolving into a national identity database where every interaction is tracked, which has considerable privacy implications.”
Nigeria
The National Identity Management Commission (NIMC), Nigeria Interbank Settlement System (NIBSS), AfriGO, and other stakeholders are set to roll out digital cards with multiple wallets to drive financial inclusion and improve Nigeria’s Gross Domestic Product (GDP).
The digital cards with multiple wallets, when unveiled, would allow Nigerians have access to government services in all Ministries, Departments and Agencies (MDAs) of government, and also provide platforms for students to access government loans.
Director General/Chief Executive Officer of NIMC, Engr. Abisoye Coker-Odusote, said the cards would be available to citizens, home and abroad, and who could use the cards for various transactions, especially payments of water and electricity bills, transportation services, and shopping, among others.
She explained that the card could be used offline and online to provide services for unbanked citizens in rural areas and bring on board those whose businesses required government support for survival.
United Kingdom
Businesses in the UK have until the end of 2026 to comply with new identity verification requirements for directors and those with corporate control, according to a transition plan set out in a policy paper from Companies House. The changes are being introduced to crack down on money laundering and corporate fraud.
The Economic Crime and Corporate Transparency Act 2023 (ECCT Act) is intended to ensure all stakeholders required to submit a document to the registrar do so, that the register’s information is accurate and complete, that the register’s records do not mislead the public and to prevent companies from breaking the law.
It will be introduced in phases, but the identity verification requirements for new business directors and people with significant control of a company (PSCs) will take effect in autumn of 2025. They will be required to verify their identity when their company is incorporated, with a 12 month transition period for existing companies. At that point, identity verification becomes part of the annual confirmation statement filing.
France
Digital identity, artificial intelligence, cybersecurity and protecting minors online will be the main areas of focus for the French privacy watchdog in the coming years, according to its recently published strategic programme.
The National Commission for Information Technology and Civil Liberties (CNIL) 2025-2028 plan will also include increasing the number of penalties for data protection law violators and more communication with the public on vital issues.
When it comes to digital IDs and mobile applications, the agency’s main task will be ensuring user privacy. Digital IDs are an opportunity for businesses and public authorities to introduce secure user identification and authentication and increase trust in the digital economy, says the agency. This is why it has published privacy recommendations aimed at app developers.
The watchdog pledges to work with European authorities on implementing the eIDAS Regulation and the European Digital Identity (EUDI) Wallet and contribute to the development and use of privacy-friendly online identity and age verification solutions.
Cyprus
The deputy ministry of research and innovation has called on companies and organisations to accept documents signed with the recently launched electronic identity card (eID).
Deputy Minister of Innovation Nicodemos Damianou explained that the ‘Digital Citizen’ application, an official government platform, enables citizens with a CY login account to store digital versions of official documents on their mobile devices.
“Non-acceptance of these digital documents is equivalent to non-acceptance of their physical form,” said the Minister.
The authenticity of digital documents can be verified directly through the application without the need for any additional device. The only requirement for verification is that the verifier has downloaded the app on a mobile device, without needing to log in.
Currently, the app supports digital versions of identity cards, driving licences and vehicle registration certificates, with more documents and features expected to be added later this year. Additionally, the app will be integrated with the Greek application wallet.gov.gr, allowing digital documents from both platforms to be mutually recognised by Cyprus and Greece.
Iraq
More than 40 million electronic identification (eID) cards have been issued to citizens through a partnership with Berlin-based identity solutions provider Veridos, which has been expanding its presence in national identity programmes across multiple regions.
If you liked this content…
The initiative, which began in 2013, established a centralised electronic national civil register in collaboration with the Iraqi government. The system now operates through more than 320 local registration offices across the country, where citizens can apply for and receive their electronic identification cards. The cards incorporate security features including biometric data storage and encrypted chips similar to those used in Veridos’s other national ID implementations.
Brazil
DuckDuckGoose, a Netherlands-based specialist in AI-driven deepfake detection, is partnering with Brazilian financial institution Banco Daycoval to combat the growing threat of deepfake-based identity fraud.
Banco Daycoval has integrated DuckDuckGoose’s DeepDetector solution into its Know Your Customer (KYC) processes. The technology is now enabling the Brazilian banking sector to detect deepfakes in real time and make verification processes more efficient.
Belgium
Belgian digital identity app Itsme will be free for Flemish municipalities, government services and schools after the Flemish digitalization agency agreed to cover fees for its use until 2029.
The service is owned by a consortium of local telecom companies and banks and allows Belgian citizens to verify their identity while accessing government services, banks, insurance companies and other private services. The platform is free for citizens while organizations pay a fee to Itsme per user per year instead of per transaction, motivating them to implement the infrastructure throughout their processes.
The agreement between Digitaal Vlaanderen agency and Itsme will last until 2029 and include an expenditure ceiling that has not been disclosed. The deal was made to drive digital adoption, allowing institutions to use Itsme’s services to sign documents such as permits, certificates, school regulations and reports.
Itsme has seven million registered users in Belgium – more than 80 percent of the country’s adult population, according to the company. In 2023, it recorded a profit of 1.6 million euros (US$1.7 million).
The app is not only being used for logging into banking platforms but also for booking flights, renting cars and handling employment processes. A large infrastructure has been designed to prevent fraud such as phishing.
Global
AuthenticID’s latest annual report reveals a significant increase in identity-based fraud across businesses in 2024, with fake IDs and suspicious biometric transactions rising 42 percent year-over-year. The company’s 2025 State of Identity Fraud Report indicates that the overall fraud rate reached 2.10 percent, the highest level observed by AuthenticID in three years. The surge comes as AuthenticID has been expanding its presence in the digital identity space, including a recent partnership with the California DMV to enhance mobile driver’s license security.
The report highlights that half of businesses experienced growth in deepfake and AI-generated fraud, alongside increases in biometric spoofs and counterfeit ID fraud attempts. The findings support earlier predictions made by cybersecurity experts as early as 2020, who warned about the growing threat of deepfake technology to biometric systems. Workforce-related fraud affected 68 percent of businesses, with employee impersonation emerging as the most prevalent type.
United States
ID.me has closed a $275 million credit facility from funds operated by Ares Management, which also plans to invest a substantial amount in company equity.
More than 139 million people have an ID.me digital wallet, and 65 million of them have completed identity proofing to the IAL2 standard set by NIST. From 2020 to 2024, ID.me’s revenue has increased by 450 percent. The company claims to be the only digital wallet provider that meets US federal government standards for secure logins and multi-factor authentication to IAL2 with online, video chat and in-person channels for identity verification.
ID.me digital wallets are used for interactions with government agencies, but also healthcare providers, non-profits and businesses in its network.
United Kingdom
The GOV.UK OneLogin has appeared on the UK’s register of certified digital identity providers.
Alison McDowell of the Kantara Initiative said on a LinkedIn posting: “This should give users confidence that the service they use to sign in to many central government services follows the same rules and standards as all the other services that have been certified against the UK digital identity and attributes trust framework”.
In October 2024, 50 services were using One Login for authentication and identity-proving.
Scotland
Scotland has launched a new Centre of Excellence for Digital Trust, establishing a collaborative hub aimed at enhancing digital security and trust across the region. The initiative forms part of Scotland’s broader strategy to strengthen its digital infrastructure and advance innovation in the technology sector, building upon the country’s existing ScotAccount digital identity system and cybersecurity frameworks.
The Centre will create an environment for industry leaders, researchers, and policymakers to collaboratively develop and implement digital trust frameworks. Key focus areas include cybersecurity enhancement, data privacy promotion, and ensuring responsible deployment of digital technologies. This effort lines up with Scotland’s ongoing work to achieve interoperability with the UK government’s Gov.UK One Login system and expand digital services across the public sector.
While specific participant details have not yet been publicly disclosed, the Centre is expected to bring together industry partners specialising in cybersecurity and data analytics, academic institutions contributing digital security expertise, and government agencies responsible for digital policy and cybersecurity oversight. The initiative builds upon Scotland’s existing digital governance structure, which includes the Scottish Biometrics Commissioner and established data protection frameworks.
Global
Mastercard has unveiled a strategy to eliminate manual password and card number entry from online transactions by 2030. The announcement follows the company’s recent rollout of its Payment Passkey Service, which has already begun replacing one-time passwords with biometric authentication in several markets.
The financial services giant currently tokenizes approximately 4 billion transactions monthly, representing a 40-fold increase over the past six years. The tokenization process replaces sensitive card data with unique digital tokens for transaction processing, significantly reducing the risk of fraud and data breaches.
A key component of the strategy involves implementing biometric authentication methods, including facial recognition and fingerprints, to streamline the checkout process. The approach follows industry trends driven by PSD2 regulations, which have accelerated the adoption of biometric payment authentication in Europe. The company is also introducing single-use cards that can be generated within banking apps, allowing consumers to create and control temporary payment credentials for specific transactions.
