Digital identity sits at the heart of almost every modern public service. Whether a citizen is applying for benefits, booking healthcare, accessing justice services, or managing their tax affairs, the question is always the same: how do we know this person is who they say they are?

And yet, despite years of investment, digital identity remains one of the most complex, sensitive, and often frustrating areas of public sector digital delivery.

I’ve worked on multiple programmes where digital identity was assumed to be a solved problem. It was positioned as a technical dependency that could be “plugged in” once the service design was complete. In practice, it rarely works that way. Identity decisions shape user journeys, risk models, data flows, policy intent, and operational processes from day one.

As Government services become increasingly joined-up, and expectations for digital access continue to rise, the way we approach digital identity is changing. The future is less about building monolithic identity solutions and more about designing trust, inclusion, and proportionality into services from the ground up.

This article examines how digital identity approaches are evolving, what that means for citizens and Government, and why business analysts and service designers have a critical role to play in making it work.

From proof to trust: moving beyond one-size-fits-all verification

One of the biggest shifts I’ve seen in recent years is a move away from rigid, binary identity checks towards more nuanced, risk-based approaches.

Historically, many services have treated identity verification as a gate. You either pass or you fail. The logic was often driven by fraud prevention rather than user need, resulting in journeys that demanded high levels of evidence even for low-risk interactions. The result was predictable: high drop-off rates, increased assisted digital demand, and citizens locked out of services they were entitled to use.

More recent approaches recognise that not every transaction carries the same level of risk. Checking someone’s identity to update contact details is not the same as verifying identity for a high-value financial claim. The future of digital identity is about proportionality.

From a delivery perspective, this shift requires teams to work much more closely with policy, legal, and operational colleagues. As a business analyst, I’ve often found myself facilitating conversations that surface uncomfortable truths: that some identity requirements exist simply because “that’s how it’s always been done”, not because they are genuinely needed.

Service designers play a key role here too. When identity is treated as part of the end-to-end journey, rather than a standalone step, teams can explore alternative ways of building trust. This might involve reusing existing relationships, leveraging contextual data, or allowing users to progress while additional checks happen in the background.

The challenge is not technical capability. It’s organisational confidence in letting go of overly cautious models and trusting evidence-led design.

Inclusion by design, not as an afterthought

Digital identity failures disproportionately affect the people who rely most on public services.

I’ve seen services where identity journeys worked well for digitally confident users with passports, driving licences, and stable addresses, but quietly excluded others. People experiencing homelessness, recent migrants, those without formal documentation, or individuals with low digital confidence often had no viable route through the service.

In many programmes, inclusion is acknowledged but addressed too late. Teams identify exclusion risks during private beta, when the identity solution is already baked in and expensive to change. At that point, mitigations tend to be operational workarounds rather than true design improvements.

The future demands a different approach. Inclusion needs to be a core design constraint from the outset, not a compliance checkbox.

This is where strong discovery and early alpha work really matters. Business analysts can help by ensuring identity assumptions are explicitly tested. Who are we designing for? Who might struggle? What evidence are we relying on to justify our approach?

Service designers, in turn, can explore parallel routes that offer equivalent outcomes without forcing everyone through the same path. In some cases, this might mean assisted digital support. In others, it could involve community-based verification or reusing identity already verified elsewhere in Government.

What’s important is that exclusion is treated as a delivery risk, not an unfortunate edge case. Inclusive identity design is not just morally right; it reduces long-term cost and operational burden.

Interoperability and reuse: the promise and the reality

Few topics generate as much optimism in digital identity conversations as reuse. The idea that citizens should be able to prove who they are once and reuse that assurance across services is compelling. It promises simpler journeys for users and lower costs for Government.

In practice, interoperability remains hard.

Different departments operate under different legislative frameworks, risk appetites, and service models. Identity data that is sufficient for one purpose may not meet the legal or operational needs of another. I’ve seen programmes underestimate the effort required to align these differences, assuming technical integration would solve deeper policy misalignment.

That said, progress is being made. Common standards, shared components, and cross-government identity initiatives are creating opportunities that simply didn’t exist a few years ago. The key is realism.

From a practitioner perspective, the mistake is often in positioning reuse as an end in itself. The better question is: what problem are we actually trying to solve for the user and the service?

In some cases, full reuse is appropriate and valuable. In others, partial reuse or step-up verification may be more realistic. Business analysts are well placed to map these dependencies, clarify constraints, and help leaders make informed trade-offs rather than aspirational commitments.

The future of digital identity will be shaped less by grand, centralised solutions and more by pragmatic collaboration, where reuse is earned through trust and evidence rather than assumed.

Privacy, consent, and the citizen relationship with the state

As identity systems become more sophisticated, so do concerns about privacy and data use.

Citizens are increasingly aware of how their data is collected, stored, and shared. Public trust in Government handling of personal data cannot be taken for granted, particularly when identity solutions span multiple services or organisations.

One recurring issue I’ve encountered is that privacy considerations are framed in legal terms but not translated into meaningful user understanding. Privacy notices exist, but they are often dense and disconnected from the actual service experience.

The future of digital identity requires a more transparent relationship with citizens. People need to understand not just what data is being collected, but why, how long it will be kept, and what control they have over it.

Service designers can help make consent meaningful rather than performative, embedding it into journeys in a way that supports informed choice. Business analysts can ensure data flows are clearly mapped and challenged, reducing unnecessary data sharing and storage.

Crucially, trust is cumulative. A single poor experience with identity or data handling can undermine confidence across multiple services. Leaders need to recognise that digital identity is not just a technical capability but a core part of the citizen-state relationship.

Delivery reality: identity as a continuous decision, not a milestone

One of the most damaging misconceptions I still encounter is the idea that identity is something you “finish”.

In many delivery plans, identity appears as a milestone: select a supplier, integrate the service, move on. The reality is very different. Identity decisions evolve as services scale, user behaviour changes, and policy intent shifts.

I’ve worked on live services where fraud patterns emerged months after launch, requiring changes to identity thresholds. I’ve also seen services relax identity requirements over time as confidence in controls grew. In both cases, teams that had treated identity as a fixed component struggled to adapt.

The future demands adaptive models. Identity needs to be monitored, measured, and iterated like any other part of a digital service.

This is where experienced analysts and designers add long-term value. By defining clear success measures, feedback loops, and decision frameworks, teams can adjust identity approaches without destabilising the service.

For leaders, this means resourcing identity work beyond delivery phases and recognising it as ongoing service management rather than a one-off investment.

Final thoughts: designing identity around people, not systems

Digital identity will continue to be one of the most complex challenges in public sector digital delivery. There is no single solution that balances security, inclusion, usability, and cost perfectly in every context.

What is changing is our understanding of the problem. The future of digital identity is less about proving who someone is at all costs, and more about building appropriate trust in ways that respect citizens and support sustainable services.

From my experience, the most successful programmes are those that treat identity as a design problem, not just a technical one. They involve analysts and designers early, challenge assumptions, and stay open to iteration.

As public services continue to evolve, the question for leaders is not whether they have an identity solution in place, but whether that solution genuinely works for the people it serves.

So the real challenge is this: are we designing digital identity to protect systems, or to enable citizens?