Is the GOV.IT One Login programme failing?

The Trouble with GOV.UK One Login: What You Should Know

The UK government’s new digital identity system, GOV.UK One Login, aims to make it easier for people to access public services online. It’s designed to replace older systems like Government Gateway and Verify. But while the idea is promising, the rollout has been far from smooth.

Here are the key problems that have come to light:

 

1. Serious Security Risks

Independent testing revealed that hackers could gain high-level access to the system without triggering any alerts. That means someone could break in—and no one would know.

This isn’t the first warning. Since 2022, multiple government bodies have flagged issues with how secure One Login really is. While the government claims it’s fixed most of these, trust is still shaky.

 

2. Not Meeting Cybersecurity Standards

The system still doesn’t fully meet the government’s own cyber security standards.

As of April 2025, One Login passed only 21 out of 39 security checks set by the National Cyber Security Centre. That’s an improvement over last year, but still not good enough, especially for something so critical.

 

3. Lost Trusted Identity Status

In May 2025, One Login lost its official certification under the UK’s Digital Identity and Attributes Trust Framework (DIATF). This happened when one of its main suppliers failed to renew their approval.

This means One Login is no longer on the list of trusted digital ID providers, a major credibility blow.

 

4. Hard for Some People to Use

A government study found that up to 9% of people can’t verify their identity using One Login. That includes people without passports, driving licenses, or a strong financial history.

Young people face even more problems:

• Only 4% have a big enough financial “footprint”
• Nearly half don’t have a mobile phone
• 1 in 5 don’t have an email address
• Many need help using online services at all

This raises questions about how “universal” the system really is.

 

5. Concerns Over Development and Oversight

There are also red flags about how the system is being built and managed:

• A whistleblower claimed that large parts of the work were offshored to Romania, without proper oversight or cybersecurity checks.
• Key security flaws took months to be addressed.
• Internal governance has been criticised for being too slow to act on known risks.

6. Industry and Political Pushback

Industry groups say the system should only be used for public services and not expand into the private sector. They fear it could harm private digital ID providers and distort the market.

Meanwhile, MPs and peers continue to question the government about security weaknesses, insider risks, and lack of transparency.
Government Response

The Government Digital Service (GDS) says it is fixing the issues. Measures include:

• Stronger monitoring
• Tighter access controls
• Independent risk assessments

Ministers also say that some of the security concerns are “outdated,” and that full compliance is on the way.

 

Final Thoughts

GOV.UK One Login was supposed to be the future of digital identity in the UK. But with ongoing security issues, adoption challenges, and lost certification, it’s facing real questions about its readiness.

Until the government proves it can make the system secure, inclusive, and fully trusted, many people, rightfully, remain cautious.

Update 6th Aug 2025:

Issue: Despite the voluntary IDV period starting April 8, 2025, only about 200,000 out of 7 million individuals (less than 3%) have verified their identities so far, suggesting low awareness or reluctance.

Impact: The low uptake could lead to a last-minute rush as the November 18, 2025, mandatory deadline approaches, potentially causing delays in filings, rejections of incorporations, or penalties for non-compliance. Non-compliance is a criminal offense, with risks including fines, disqualification, or public annotations on the register that could harm a company’s reputation and access to finance or insurance.