bmwelby's blog

Thoughts from the mind of Ben Welby

Tag: Digital Identity

Visualising Government as a Platform

November 25, 2024 / / 2 Comments

In Richard Pope’s essential book Platformland he pitches a new ‘anatomy of public services’ and uses helpful images to dismantle, reconstruct and develop for 2024 ideas that he was first part of putting forward in 2015. Given how well the book does this we should all hope that he’s moving the conversation forward in terms of the UK’s inertia in this area.

Over the weekend he popped up on BlueSky and LinkedIn to ask what people who had seen those original drawings in 2015 thought about them at the time.

Question for digital government people c 2015. Did you see these at the time? What worked / didn't work about them (conceptually, not graphically)

Richard Pope (@richardpope.org) 2024-11-23T10:14:39.259Z

This will be the nudge I needed to finally finish a series of posts (I don’t think you want it as a single post 🙃) I started writing about my reflections on Government as a Platform so if you want them straight to your inbox then do subscribe.

I remember being treated to a sneak peek of what Richard and others were cooking up and being persuaded pretty quickly that they were absolutely spot on. When it was subsequently presented to GDS more widely at an All Staff (I don’t think any public version exists but Tom Loosemore’s October 2015 Code for America talk captures a lot of it) it was one of those moments at GDS, of which there were more than a few, that made me feel so lucky to be working alongside such inspiring minds.

So perhaps I was too close to the thinking and experiences that produced the visualisation to be an impartial observer – I was already fertile soil for these seeds to land in. I expect people who were further away from the conversation (and the shape it subsequently took) might give more insightful responses to Richard’s immediate question for his purposes in 2024. Nonetheless, here are some thoughts of my own.

Mark Foden’s “Gubbins of Government” was another reference point at the time and I thought these images and the ideas they put forward were a great complement to that and spoke of a similar ambition in ways that could land with a not-inside-GDS audience.

I liked how the visuals were helpful beyond the ‘whole of government’ perspective. The obvious takeaway is that the data, consent and components layers are about the role of the centre to enable vertical services at the top. I think it’s also a helpful cross section for specific services to think about as well. Any end to end service trying to meet a whole need is going to do that through a composite of elements (micro-services if you will), that sit on top of a service-wide approach to data and identity.

At the OECD I wrote the Government as a Platform pillar of the Digital Government Policy Framework. That exercise was really helpful for me in marshalling my thinking as a partial retrospective on my work as the Lead Product Manager for Government as a Platform in the UK (more on this in those upcoming blog posts).

One of the biggest things I felt when it came to writing it up was the need to take a wider-angle lens on how you enable and equip teams to move quickly, at scale, and with quality. This 2015 visualisation sits alongside a whole host of contextual assumptions about things we at GDS didn’t exactly take for granted but which we saw as self-evidently important: fixing procurement, controlling spend, assuring quality, building capability, etc.

So as powerful as I think the visuals are and were, I think they only tell a partial, more technical story, about what it means to create a Government as a Platform ecosystem.

Continue reading

OECD Recommendation of the Council on the Governance of Digital Identity

June 8, 2023 / / 1 Comment

The OECD Recommendation on the Governance of Digital Identity has been adopted by Ministers. This marks the culmination of several years’ work — for me, a process of close collaboration with Barbara and Cecilia and the OECD’s E-Leaders Working Party of Senior Digital Government Officials. In that time we’ve developed important conceptual foundations with our work in Chile and then captured some excellent global comparative experiences in this compendium for the G20.

In the course of developing this Recommendation I’m particularly proud of how we brought in a wide range of perspectives in the development. We started with an attempt at user research by sitting down with digital identity teams from across the OECD, we workshopped through early iterations of the recommendations, convened an external group of experts and then used the Observatory of Public Sector Innovation’s dedicated consultation platform to open up the earlier draft for public comment.

Honestly it was a bit of a fight to do all of these extra, but value adding, steps (and frustratingly subsequent exercises on these lines have regressed to a PDF and an email address) but this wasn’t cosmetic. The feedback loop with civil society, experts and ordinary citizens mattered. And you can see the difference: between the draft consulted on and the final version endorsed by Ministers, the text gained sharper language on inclusion, stronger recognition of user control, clearer obligations on oversight and redress, and a deeper emphasis on cross-border trust.

This exercise in consultation didn’t just give the Recommendation greater legitimacy, it has made it a better instrument. As usual, a reminder to make things open, because it makes them better.

What’s the TL;DR?

Digital identity is critical public infrastructure.

This Recommendation commits OECD countries to govern digital identity not as a narrow technical scheme but as a core enabler of trust, inclusion and international interoperability. It sets out a principles-based framework under three pillars: user-centred inclusion, robust governance, and cross-border portability.

Why it matters

Identity verification has always been essential but in the digital age, physical cards and passports alone are not enough. Digital identity underpins access to services, participation in the economy and cross-border transactions. Yet it is also risky: touching privacy, security, liability, inclusion and trust. That makes governance fundamental. The Recommendation’s narrative frames digital identity as critical digital public infrastructure, on a par with connectivity, payments and registries.

What the Recommendation covers

The Recommendation is structured around three main pillars:

  1. User-centred and inclusive systems
    • Apply service design methods to make digital identity effective and usable.
    • Prioritise accessibility and affordability; preserve non-digital alternatives.
    • Encourage privacy-preserving and consent-based solutions, with user control over attributes and credentials.
    • Provide support and skills-building for those excluded or struggling to access services.
    • Monitor, evaluate and publish performance to ensure accountability.
  2. Strengthening governance
    • Treat digital identity as strategic: set a long-term vision, clarify roles and responsibilities, and establish clear oversight.
    • Anchor systems in privacy and security by design, with risk-based assurance levels.
    • Align legal and regulatory frameworks, including liability, dispute resolution and redress.
    • Promote public–private collaboration, healthy markets, and openness to alternative models.
    • Establish trust frameworks and ensure ongoing investment, resilience and environmental sustainability.
    • Anticipate emerging risks and adapt governance accordingly.
  3. Cross-border portability
    • Identify priority use cases for cross-border interoperability.
    • Cooperate internationally to map legal requirements, align trust frameworks and technical standards, and explore regulatory experimentation.
    • Avoid discrimination against foreign users; clarify liability in cross-border transactions.
    • Designate national points of contact and produce roadmaps for recognising each other’s credentials.

The up-front narrative

The Recommendation opens with a compelling scene-setting:

  • Digital identity is essential for societies, economies and democracies.
  • Physical documents alone are no longer adequate.
  • Governance must balance opportunity with risks: from inclusion and adoption to liability and cybercrime.
  • Trust between public and private actors is critical, requiring strategy, regulation and international cooperation.
  • User-centred design and democratic values are non-negotiable foundations.

This narrative positions digital identity not just as a technical matter but as a social and political choice about how trust is mediated in digital societies.

The value of consultation

The consultation period was pivotal. The draft text (publicly available through the OPSI engagement platform) contained the core structure, but the open feedback helped us to strengthen:

  • Language on equity and inclusion.
  • Recognition of vulnerable groups and minorities.
  • Provisions for transparency, redress and dispute resolution.
  • Sharper commitments on privacy, user control and limiting data trails.
  • A clearer roadmap for international collaboration and cross-border trust.

That all helped to make sure that the final version is not only more robust it is also more legitimate because it is shaped by voices beyond government insiders.

Why OECD Recommendations matter

Recommendations are not binding law, but I’d like to think that they matter:

  • They are adopted by Ministers as collective political commitments
  • They become benchmarks for national reform and peer review
  • They are monitored and revisited — in this case, a formal review in 2028
  • They shape international norms and guide other fora (e.g. G20, EU, World Bank)

All of the above should mean that they are viewed as helpful and reliable sources of inspiration and reference when OECD members, and then particularly candidates for accession, are thinking, planning and delivering their approaches to digital identity.

The blurb

The Recommendation on the Governance of Digital Identity was adopted by the OECD Council meeting at Ministerial level on 8 June 2023 on the proposal of the Public Governance Committee (PGC). The Recommendation aims to guide Adherents in their efforts to successfully establish domestic approaches to digital identity that are user-centred, trusted and well-governed and in so doing create the conditions for achieving the ambition of full international interoperability to realise the value of digital identity across geography, technology and sectors.

Available from the OECD’s repository of Legal Instruments

G20 Collection of Digital Identity Practices

August 5, 2021 / / 2 Comments

The G20 Collection of Digital Identity Practices has been published and reflects a brilliant period of close collaboration between the OECD team (my lead, under Barbara’s oversight and with Cecilia’s great support), the Italian government (grazie Daniela) and governments from across the G20 and beyond.

We ran quite an extensive survey that has allowed us to bring together examples from across the G20 and its partners, showing how different governments are approaching digital identity.

What’s the TL;DR?

A comparative mirror of digital identity in 2021.

The report documents how countries are designing, governing and using digital identity; the role identity played through COVID-19; and what it takes to make identity usable, portable and trusted. It doesn’t prescribe a single model; it surfaces patterns, trade-offs and enabling conditions.

Who’s in the compendium?

The survey and annex capture practices from: Argentina, Australia, Brazil, the European Union, Germany, Indonesia, Italy, Russia, Saudi Arabia, Singapore, Spain, Türkiye, and the United Kingdom.

Full information was unavailable for Democratic Republic of Congo and Mexico whose approaches are under development, and a note is included on the United States on the use of state-level credentials rather than a single federal solution.

Why digital identity matters

Identity is core public infrastructure. It underpins access to services, economic participation and cross-border movement. Yet it sits at the intersection of technology, law, institutions and public trust: one part infrastructure, one part service, one part social contract.

What the report covers

  • Policy & norms. Legal identity rights, privacy, consent, security, and emerging ideas like SSI and EU wallet proposals.
  • COVID-19 use cases. Digital identity enabling continuity of services, payments, logistics and vaccination credentials.
  • Enabling conditions. Leadership and funding, UX choices, privacy and oversight, driving adoption, and three forms of portability (cross-platform, cross-sector, cross-border).

The big patterns

  1. No one-size-fits-all. Context shapes what’s viable.
  2. Governance is the hard part. Technology is rarely the blocker; clarity of mandate, oversight and coordination are.
  3. Interoperability lags ambition. Everyone talks about it, few achieve it.

Takeaways

  • Identity adds most value when embedded in everyday life across sectors and borders.
  • Keep user experience front and centre and not just for citizens but cruicially the relying parties who are essential to adoption.
  • Give people visibility and control over their data.
  • Anchor systems in comprehensive governance: clear mandates, laws, collaboration and resources.

The blurb

This report acts as a descriptive guide to the experience of digital identity for individuals and a potential departure for future work to realise the opportunities offered by trusted and portable digital identity. It presents the policy and normative context for digital identity, uses of digital identity during the COVID-19 crisis and the necessary enabling conditions for successful development and adoption. This report was originally submitted to the G20 Digital Economic Task Force in July 2021.

Available from the OECD website.

Digital Government in Chile – Digital Identity

October 1, 2019 / / 1 Comment

In a world increasingly driven by digital transformation, governments are navigating the complexities of verifying identity in an online environment. Chile is one of the leading countries when it comes to digital government in Latin America but wants to build on that progress by tackling digital identity.

This was the first occasion on which I worked with an external consultant to complete a publication at the OECD. They had already been working on this for a while before I joined so as with the Data-Driven Public Sector working paper, I picked up a piece that was already quite well advanced.

Unfortunately on this occasion that meant I ended up having to do quite a bit of rewriting and rewiring of the content to make sure we were giving the most value to the Government of Chile. I also wrote an additional chapter that in the end wasn’t included here. Edit: It subsequently came to inform work done for the G20 and the OECD Recommendation on the Governance of Digital Identity.

This study tries to detail all the elements that need to be thought about in terms of the roadmap towards implementing effective digital identity in Chile, drawing on the comparative experience of 13 countries.

Available as a HTML publication or a PDF

What’s the TL;DR?

This paper explores how Chile can implement a fully functional digital identity system that transforms how citizens prove who they are in a digital world. By building on existing national infrastructure, Chile can streamline identity management while ensuring long-term financial and political support.

An Analytical Framework for Digital Identity

This report doesn’t just focus on Chile in isolation, the Chile study draws on the experiences of Austria, Canada, Denmark, Estonia, India, Italy, Korea, New
Zealand, Norway, Portugal, Spain, United Kingdom and Uruguay to establish a robust framework. The framework we’ve developed assesses everything from national identity infrastructure and adoption levers to transparency and monitoring. It allows Chile to not only evaluate its progress but also ensure its model is positioned for future scalability and international interoperability.

A chart outlining key components of digital identity (DI) initiatives, divided into four main sections: 1. Foundations for DI (National identity infrastructure, DI policy, Governance and leadership), 2. Digital identity solutions (DI platform, Browser-based solutions, Smartcards, Mobile devices, Biometrics), 3. Policy levers and adoption (Legal and regulatory framework, Funding and enforcement, Government services, Private sector services, Enablers and constraints), and 4. Transparency and monitoring (Citizen control of their data, Performance data, Impact assessment).

Chile’s Foundations: Leveraging the Cédula de Identidad

Chile has a strong foundation in its existing Cédula de Identidad and ClaveÚnica systems. We think these can serve as the backbone for further development, eliminating the need to reinvent the wheel. We hope that this means Chile can move quite quickly, building on its strengths while simplifying access to digital services for both citizens and businesses.

The road(map) ahead

This report is more than just a technical guide—it’s a roadmap for how Chile can establish itself as a global leader in digital identity. The recommendations provide the building blocks to ensure that digital identity isn’t just about access, but about trust, empowerment, and seamless service delivery.

Chile has already made impressive strides, but with the right governance, collaboration, and long-term planning, its digital identity strategy can become a model for the region and beyond. As the study emphasises, digital identity is not just a technical solution – it’s a societal transformation.

Policy recommendations

The Recommendations are designed to ensure Chile’s Digital Identity efforts are sustainable and impactful. Here are the most critical points:

  • Build Chile’s Digital Identity on the existing infrastructure provided by the Civil Registry Service of Chile (Servicio de Registro Civil e Identificación, SRCeI) and the Cédula de Identidad. As a result Chile does not need to pursue the generation of validated identities with the private sector.
  • Ensure the focus on Digital Identity within the Government’s Digital Transformation Strategy is sustainable through the provision of long term financial and political commitment.
  • Identify or create a senior responsible role with responsibility to shape and deliver identity according to the vision established by the Government’s Digital Transformation Strategy.
  • Consider the design of identity management (both physical and digital) as an end-to-end process throughout a citizen’s life from birth, through life and at death. This should consider the future possibilities of technology in the physical identity card, creating the conditions to iterate the service, and ensure a clear understanding of the needs of users both within and outside government.
  • Prioritise development of ClaveÚnica to support putting the citizen in control of their data and being able to grant, and revoke, permissions to access and use it.
  • Reach an understanding of the identity needs for businesses and develop a shared roadmap with the relevant organisations for the future state of Digital Identity in general. This may need to include the convergence of business and citizen Digital Identity and the transition of users to consolidate usage around a single approach.
  • Identify priority private sector services for the use of ClaveÚnica and establish a working partnership to ensure ClaveÚnica works for the private sector as well as the public sector.
  • Establish the adequate legal and regulatory framework to manage the use of
    ClaveÚnica credentials to access private sector services, particularly where that opens the possibility of personal data being reused.
  • Explore with regional partners how interoperability of identity can facilitate crossborder services and meets the needs of Chilean residents abroad.
  • Use the expansion of ClaveÚnica as an opportunity to provide citizens with digital literacy and digital skills training through ChileAtiende and other face to face locations whilst people are activating their ClaveÚnica for the first time.
  • Include Digital Identity as an explicit topic in spend controls, quality assurance processes,
    design guidelines and training and capacity building. This is to maximise awareness and adoption within government and avoid the development of duplicate solutions.
  • Make funding available to meet the needs of government teams in seeing
    ClaveÚnica as a reliable and respected service. This should ensure the design of ClaveÚnica’s technical solution is easy to implement and supported by ongoing reference materials, guidance and, where necessary, consultancy. It should also include the necessary support to service teams in producing clear cost-benefit analysis and rationale for identifying return on investment when making business cases for implementation and adoption.
  • Review the mechanisms by which public agencies agree to exchange data and
    provide guidance and boilerplate templates to support a more efficient process. This should complement efforts to implement interoperability standards across both legacy and newly developed systems.
  • Identify Key Performance Indicators relating to the time and cost involved in
    providing non-Digital Identity enabled services to provide a baseline for measuring, comparing and demonstrating the benefits of implementing Digital Identity. Publish this as Open Government Data and within the performance dashboards detailing the quality of service provision in Chile.

The blurb

In our interactions with the people we know we don’t give any thought to the proof of their identity. When we meet someone for the first time we trust they are who they say they are. Sometimes an introduction is brokered by a mutual, trusted, acquaintance who knows both parties. However, in our transactional dealings with government there is a greater expectation – and need – to be able to prove who we are, where we live and what we can access. The provision of digital identity (DI) is critical to government ambitions for transforming the quality of public services.

This study discusses Chile’s experience of DI alongside a comparison of 13 OECD countries, and aims to support the Government of Chile in developing and enhancing their approach to the development of DI as a piece of core digital government infrastructure and an enabler of seamless service delivery. The study uses a framework that covers the foundations for identity in terms of existing national identity infrastructure, policies and governance, the technical solutions that have been explored, the factors which impact adoption, and the ways in which DI can empower citizens through greater control of their data, transparency and measurement of impact.

Available as a HTML publication or a PDF

Text

© 2026 bmwelby's blog // Cookies and your privacy

Theme by Anders NorénUp ↑