In the identity management field, innovation often comes with a sense of urgency. You identify an opportunity, work up a proposal, attend meetings, submit your bid and then (hopefully) Go! Go! Go! At this point, you already have the solution so well worked out with colleagues (and written into an annexe of the contract) that you don’t have time to reconsider what is already in place in the country’s identity framework.
Too often, it seems, governments and technology providers rush to design new identity databases or unique identifier schemes, without fully considering the value of the existing infrastructure. The creation of parallel systems not only introduces duplication and added cost, but also heightens privacy risks and public resistance – especially when legacy tools, however imperfect, already serve a similar function.
The UK is a case in point. For decades, it has resisted centralised digital identity on both political and cultural grounds. Even as recently as mid-2024, newly appointed Home Secretary Yvette Cooper stated clearly that the government was not considering digital ID cards. But within a year, that stance has softened: a review into a universal digital ID system has been initiated by Prime Minister Sir Keir Starmer.
The UK’s history with national ID cards and attempts at unique citizen numbering has been long and fractious. Attempts during World War II were short-lived, and later efforts in the early 2000s, particularly under then Prime Minister Tony Blair, collapsed due to privacy concerns and civil liberties campaigns. Public fear of state overreach, coupled with doubts over technological reliability, led to the repeal of Blair’s Identity Cards Act by the 2010 coalition government.
Yet, despite these failed attempts at a national ID scheme, the UK has quietly drifted towards digital identification systems which, taken as a whole, equate to a universal programme. Digital tools such as GOV.UK Verify and the mobile driving licence have emerged as accepted forms of digital identity (IDN January 2025). These selective, decentralised identity verification systems only technically fall short of offering a comprehensive, unified identity framework.
While the renewed debate is framed around technological readiness and the challenges of migration management, it also reveals a familiar pattern: proposing a new system without first fully assessing what could be done with the tools already in place.
The UK already assigns a unique identifier to residents: the National Insurance (NI) number. Though originally designed for work and tax purposes, it is widely used and linked to key state systems. It is not currently biometric, nor legally recognised as an identity credential, and is issued at age 16, but it represents a scalable platform that could be modernised and expanded – rather than replaced.
Transforming the NI number into a more broadly accepted identifier would be technically feasible and, as importantly, politically pragmatic. It would build on something familiar, reducing the friction that often accompanies wholly new identity initiatives. Yet proposals for digital ID in the UK rarely start from this point – they tend to begin with a clean slate and a fresh numbering system.
The same applies internationally. In the US, the Social Security number (SSN) has long functioned as a de facto national identifier – even though it was never designed for that purpose. It now underpins employment, credit checks, taxation and more. Despite its vulnerabilities, the SSN’s endurance demonstrates that longstanding identifiers can be adapted – provided there is political will, regulatory support, and a clear plan for interoperability and privacy protection.
Mexico offers a good example of upgrading before replacing. Rather than discarding its longstanding unique citizen numbering system – the Clave Única de Registro de Población (CURP) – Mexico has opted to enhance and extend its utility by embedding biometric credentials into the existing identifier. The new CURP will incorporate facial, fingerprint and iris data, alongside a QR code for secure digital authentication.
As an industry, we share some responsibility for immediately assuming that every identity management system must be built from scratch. Too often, we begin with the solution and work backwards to the problem. In doing so, we risk repeating mistakes of the past – overlooking viable legacy systems in favour of building anew. Before governments take that leap, as might be the case in the UK, we should encourage them to take stock of what they already have.
