The government has been accused of announcing identity verification checks for Companies House while the GOV.UK One Login system underpinning the process continues to raise “serious cybersecurity concerns.”
The digital identity checks will go live on November 18, affecting up to seven million people over the next year.
But Michael Perez, director at managed security services provider (MSSP) Ekco says sensitive identity data will be flowing through a system that “lacks rigid security measures.”
This is because the system has yet to implement Secure by Design principles, and recent assessments revealed risks including overseas admin access, insecure logins to live environments, and more than half a million unresolved vulnerabilities. The government has previously indicated that it wasn’t aiming to implement the principles until October at the earliest.
“Mandatory identity verification aims to address important challenges, reducing fraud, strengthening trust, and managing digital complexity. However, the current implementation raises valid concerns. One Login, the central system in this rollout, has yet to fully meet the government’s own cybersecurity standards,” said Perez.
If you liked this content…
“Requesting millions of individuals to submit sensitive identity documents via a platform that hasn’t fully adopted Secure by Design principles introduces significant risk. It concentrates vulnerability and could expose users to breaches at a time when public confidence in digital systems is already under pressure.”
Perez added that the ambition behind One Login is commendable, but robust protections must underpin any system handling identity data.
“At present, the platform is asking individuals and businesses to share critical information without the necessary safeguards in place, setting a concerning precedent,” he said.
“What’s needed now is greater assurance. The public deserves systems that are thoroughly tested and secure by design. Without that, expanding One Login’s use risks eroding trust not only in this platform, but in the broader vision for digital government.”
