Every time this country flirts with the idea of identity cards, it comes wrapped in the same promise: safety, efficiency, and modernisation. And every time, it collapses under the weight of cost, distrust, and the uncomfortable truth that the British don’t like being told to carry papers. We saw it with the wartime ID cards scrapped in 1952. We saw it again with Tony Blair’s grand Identity Cards Act of 2006, an ambitious scheme that burned billions before being buried by the coalition government in 2010, its databases ceremonially shredded.
But history has a way of circling back. Keir Starmer’s Labour government has now announced the BritCard: a mandatory digital ID scheme, rolling out by 2029, without which you won’t legally be able to work in Britain. Not a plastic card this time, but a glowing square on your phone. Branded as modern, convenient, even inevitable. A leap into a digitised future. Yet behind the slick framing, the same ghosts are stirring, the same questions of surveillance, exclusion, and power.
The government insists the BritCard will live securely in a GOV.UK Wallet app. Free for all. Verified once, used everywhere. One ID to prove your name, date of birth, residency, and work status. In theory, you’ll never again fumble with utility bills or expired passports to prove who you are. Access to benefits, voting, NHS services, bank accounts, and seamless, unified, and efficient services. And the political selling point? It will “clamp down on illegal migration and black-market employment.” Only those with the card will be able to work legally. In Starmer’s words, this is about order, control, and fairness.
But look closer, and the seduction frays. A system that claims to simplify life is also a system that centralises unprecedented amounts of power. It places every citizen’s right to exist in the economy behind a single digital gate, controlled by the state. What happens when the gate jams? When your phone breaks? When a database gets hacked?
Digital IDs are not inherently sinister. Estonia operates one of the most advanced systems in the world, and India utilises Aadhaar for a wide range of applications, including bank accounts and food subsidies. But scale cuts both ways. When everything flows through a single system, it becomes the single point of failure. Cybersecurity experts warn the BritCard will be “an enormous hacking target.” Think about it: a centralised vault of biometrics, residency status, and personal identifiers for over 60 million people. Hackers won’t need to breach hundreds of systems; they’ll only need to breach one. And the UK’s track record on IT projects, from the NHS patient records debacle to the Universal Credit rollout, hardly inspires confidence.
The government insists data will be encrypted, stored “securely,” with access strictly controlled. They always say that. But encryption is only as strong as its implementation, and every lock eventually meets a key. When, not if, the system is compromised, the fallout will make TalkTalk, Equifax, or the Post Office Horizon scandal look like trivial mishaps.
Even if the BritCard works as intended, it risks creating a new underclass. Millions of people still don’t own smartphones. Will older citizens, low-income families, and the digitally excluded be denied work because they lack the hardware to display their identity? The government says there’ll be “fallback mechanisms.” But fallback is always clunky, always second-class. In practice, it means long queues, bureaucratic hurdles, and suspicion at the border. And what about errors? A mistyped digit, a mismatched photo, or a glitch that flags you as ineligible to work, suddenly, your livelihood vanishes until you prove to the machine that you exist. Exclusion doesn’t need to be deliberate to be devastating. Ask anyone who has been wrongly flagged in immigration databases. Ask the Windrush generation. Ask those who fought the DWP’s algorithmic sanctions.
The scheme also threatens to fracture the UK’s delicate constitutional arrangements. In Northern Ireland, Sinn Féin has already branded it “a direct violation of the Good Friday Agreement,” forcing people to declare British identity in a territory where dual identity rights are sacred. In Scotland, the SNP frames it as an example of Westminster overreach. Civil liberties groups call it “a recipe for repression.” They are not wrong. Once the infrastructure is in place, it will be tempting for governments to expand their remit, linking it to voting rolls, protest permissions, travel, and policing, a digital leash disguised as convenience. The slope is not just slippery, it’s greased.
If the BritCard feels eerily familiar, that’s because Britain already rehearsed a digital ID under another name: the NHS Covid Pass. It was sold as a temporary fix, serving as proof of vaccination, a test, or recovery, and a QR code to gain entry into clubs, stadiums, and flights. Ministers swore it wasn’t a back door to identity cards. In practice, it normalised the act of flashing a digital credential on demand. And it was messy. The app crashed at critical moments, updates failed, servers buckled, and venues faced queues of locked-out punters staring at spinning wheels. Millions battled glitches or incompatible phones. Privacy concerns arose when it became clear that the pass collected more than the bare minimum. Civil liberties groups warned of mission creep: a “temporary” health pass becoming a permanent identity scaffold. The scheme didn’t end because Whitehall found restraint; it fizzled because the public and businesses quietly rebelled. Enforcement became patchy, venues stopped checking, and workarounds multiplied. By 2022, the Covid pass had shrunk to a skeletal outline inside the NHS app.
That dress rehearsal matters because it revealed two things: how quickly a population can be trained to present digital proofs, and how quickly the state can over-promise, under-deliver, and then pretend the scaffolding never existed. BritCard isn’t starting from a blank slate. It builds on the same technical culture of fragile systems at the national scale and the same political instinct to control first, safeguards later, that defined the Covid pass era. Layer AI onto that scaffold, and the stakes change from nuisance to structural power. A national digital ID doesn’t just confirm who you are; it generates a stream of metadata where, when, and how you interact with services, work, and mobility. In the age of machine learning, that stream is currency. Feed enough citizen-level data into models and you move from service delivery to prediction and categorisation: welfare “risk scoring,” insurance pricing, employment filtering, border triage, even pre-emptive policing and protest management, always branded as efficiency. We’ve already seen what happens when crude models collide with real lives. The Netherlands’ welfare-fraud algorithm ruined thousands before being discredited. The UK’s A-level grading algorithm reduced students to historical averages and spat out injustice. Those were narrow datasets. Now imagine the scope when the foundational input is a universal digital identity stitched to work status, benefits, health touchpoints, travel patterns, and financial access.
What BritCard really ushers in is not just digital identity but algorithmic citizenship. In the analogue world, you are a citizen by birthright, or by naturalisation, with courts and laws defining your status. In the digital world, that status is mediated by predictive systems. Your eligibility to work, to claim benefits, to vote, or to travel is not just checked, but scored, profiled, and pre-emptively categorised. You become a data subject whose rights are contingent upon whether the machine identifies you as fitting the correct pattern. Once BritCard ties identity to every interaction, the system itself decides who you are allowed to be. That is the quiet shift from citizenship as a right to citizenship as a risk assessment.
Proponents will insist on encryption, minimisation, and strict access controls. Fine, on paper. But centralisation creates a single point of failure and a single point of temptation. Today’s “verify once, use everywhere” becomes tomorrow’s “profile once, deny anywhere.” Errors morph from bureaucratic headaches into economic lockouts: a mismatched face, a corrupted token, a device failure, and overnight, you can’t sign a tenancy, clock in for a shift, or board a train. Fallback mechanisms exist, but in Britain, fallback usually means second-class queues and suspicion. The Covid pass taught us that resilience wasn’t designed in; it was improvised at the door. The AI era demands the opposite: systems that assume failure, resist overreach, and facilitate swift, human, and binding redress.
There is a different path. Digital identity can be decentralised and user-controlled, with selective disclosure and zero-knowledge proofs that confirm attributes (“over 18,” “eligible to work”) without exposing full identity or leaving a harvestable trail. Credentials can be compartmentalised, time-bounded, and cryptographically portable across providers. Oversight can be independent, with audit rights that cut through vendor secrecy. Sunset clauses can force Parliament to reauthorise the scheme or allow it to expire. The technology exists. What’s missing is the political will to choose architecture that limits the state rather than empowering it.
BritCard also doesn’t exist in a vacuum. Across Europe, the EU is moving ahead with eIDAS 2.0, a regulation that mandates every member state to offer a digital identity wallet by 2030. Banks and payment companies are already lobbying hard, eager for a system that lets them automate compliance, filter customers, and monetise identity data. Mastercard has launched digital ID pilots. UK Finance has its own working group on standardising ID verification. Starmer’s government is not innovating it is falling into line with a broader convergence, where finance and Brussels alike demand uniform identity rails to grease the machinery of markets. A scheme branded as British security is, in practice, a tributary contribution to a global identity regime.
The danger, then, is not just surveillance. It is a subscription. BritCard reframes the basic act of being a citizen into something that can lapse, fail, or be revoked. One missed payment on your phone bill, one corrupted token, one bureaucratic error, and suddenly your subscription to the economy expires. You can’t clock into work, sign a tenancy, or even prove your existence at a border. Rights stop being rights. They become services you access only so long as the system recognises you. This is the real seduction: not convenience, but conditionality. BritCard makes citizenship transactional, renewable only on the state’s terms.
COVID passports were the dress rehearsal. BritCard is the main act. Add AI, and you’ve built not just a gate to the economy but an engine for classification with real-world consequences. If we’re going to digitise identity, we must decide, right now, whether we’re building a citizen’s key or a government’s cage.
The uncomfortable truth is that BritCard isn’t about convenience. It isn’t about modernisation. At its core, it’s about control over work, over borders, over who is permitted to participate in society. The government is betting that fear of migrants and fraud will outweigh fear of surveillance. They’re betting people will accept trading privacy for security, choice for order. Yet Britain has been here before. And every time, we’ve recoiled. The ghosts of 1952 and 2010 are whispering still. The question is whether, in 2029, we’ll listen.
Because once this system is built, it won’t be dismantled. Databases never shrink. Levers of control never vanish. They wait for the next government to pull them harder. Once a government decides on a path, it rarely strays, and only a colossal backlash can restore the balance.
Much More on this to come.