{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,2]],"date-time":"2026-05-02T22:57:34Z","timestamp":1777762654215,"version":"3.51.4"},"reference-count":45,"publisher":"Emerald","issue":"1","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017,12,7]]},"abstract":"Gov.UK Verify, the new Electronic Identity (eID) Management system of the UK Government, has been promoted as a state-of-the-art privacy-preserving system, designed around demands for better privacy and control, and is the first elD system in which the government delegates the provision of identity to competing private third parties. Under the EU eIDAS, Member States can allow their citizens to transact with foreign services by notifying their national elD systems. Once a system is notified, all other Member States are obligated to incorporate it into their electronic identification procedures. The paper offers a discussion of Gov.UK Verify's compliance with eIDAS as well as Gov.UK Verify's potential legal equivalence to EU systems under eIDAS as a third-country legal framework after Brexit. To this end it examines the requirements set forth by eIDAS for national eID systems, classifies these requirements in relation to their ratio legis and organises them into five sets. The paper proposes a more thorough framework than the current regime to decide on legal equivalence and attempts a first application in the case of Gov.UK Verify. It then assesses Gov.UK Verify's compliance against the aforementioned set of requirements and the impact of the system's design on privacy and data protection. The article contributes to relevant literature of privacy-preserving eID management by offering policy and technical recommendations for compliance with the new Regulation and an evaluation of interoperability under eIDAS between systems of different architecture. It is also, to our knowledge, the first exploration of the future of eID management in the UK after a potential exit from the European Union.<\/jats:p>","DOI":"10.1561\/106.00000010","type":"journal-article","created":{"date-parts":[[2017,12,7]],"date-time":"2017-12-07T06:19:25Z","timestamp":1512627565000},"page":"32-46","source":"Crossref","is-referenced-by-count":3,"title":["Identity Assurance in the UK: technical implementation and legal\n implications under eIDAS"],"prefix":"10.1561","volume":"3","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2654-0825","authenticated-orcid":true,"given":"Niko","family":"Tsakalakis","sequence":"first","affiliation":[{"name":"Web and Internet Science, University of Southampton"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sophie","family":"Stalla-Bourdillon","sequence":"additional","affiliation":[{"name":"Institute for Law and the Web, University of Southampton"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kieron","family":"O\u2019Hara","sequence":"additional","affiliation":[{"name":"Web and Internet Science, University of Southampton"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","published-online":{"date-parts":[[2017,12,7]]},"reference":[{"key":"2026040606321687000_ref001","volume-title":"adopted 13 July","year":"2011"},{"key":"2026040606321687000_ref002","volume-title":"Purposive interpretation in law","author":"Barak","year":"2007"},{"key":"2026040606321687000_ref003","unstructured":"Barnard,\n C.\n \n 2013. \u201cCompetence Review: The Internal\n Market\u201d. Department for Business, Innovation\n and Skills. URL: https:\/\/www.gov.uk\/government\/uploads\/system\/uploads\/attachment_data\/file\/226863\/bis-13-1064-competence-review-internal-market.pdf>\n (accessed on 11\/20\/2016)."},{"issue":"1","key":"2026040606321687000_ref004","doi-asserted-by":"crossref","first-page":"12","DOI":"10.1057\/jittc.2011.3","article-title":"The UK national identity\n card\u201d","volume":"1","author":"Beynon-Davies","year":"2011","journal-title":"Journal of Information Technology\n Teaching Cases"},{"key":"2026040606321687000_ref005","unstructured":"Bitkom\n \n .\n 2013. Position Paper on the Proposal for an EU\n Regulation on Electronic Identification and Trust Services for Electronic\n Transactions in the Internal Market. URL:\n https:\/\/ameliaandersdotter.eu\/sites\/default\/files\/wp-content\/uploads\/2013\/04\/20130408-BITKOM-Position-on-eID-regulation1.pdf\n (accessed on 07\/25\/2015)."},{"issue":"4","key":"2026040606321687000_ref006","doi-asserted-by":"crossref","first-page":"425","DOI":"10.1093\/cmlj\/kmn026","article-title":"Forms and paradoxes of\n principles-based regulation","volume":"3","author":"Black","year":"2008","journal-title":"Capital Markets\n Law Journal"},{"key":"2026040606321687000_ref007","volume-title":"Proceedings\n on Privacy Enhancing Technologies","author":"Brand\u00e3o","year":"2015"},{"key":"2026040606321687000_ref008","unstructured":"BSI\n . 2016.\n TR-03110 eIDAS Token Specification. URL:\n https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/EN\/BSI\/Publications\/TechGuidelines\/TR03110\/BSI_TR-03110_Part-2-V2_2.pdf?__blob=publicationFile\u02dc%5C&\u02dcv=1(accessed\n on 01\/12\/2016)."},{"key":"2026040606321687000_ref009","volume-title":"BNA Privacy\n & Security Law Report","author":"Burton","year":"2016"},{"key":"2026040606321687000_ref010","unstructured":"Cabinet Office\n . 2013.\n \u201cIdentity Assurance Hub Service SAML 2.0 Profile\n v1.2a\u201d. Report.\n URL: https:\/\/www.gov.uk\/\n government\/uploads\/system\/uploads\/attachment_data\/file\/458610\/Identity_Assurance_Hub_Service_Profile_v1.2a.pdf\n (accessed on 07\/23\/2015)."},{"key":"2026040606321687000_ref011","unstructured":"Cabinet Office\n . 2014.\n Good Practice Guide No. 45 Identity Proofing and Verification of an\n Individual. URL: https:\/\/www.gov.uk\/government\/uploads\/system\/uploads\/attachment_data\/file\/370033\/GPG_45_identity_proofing_v2_3_July_2014.pdf\n (accessed on 08\/08\/2015)."},{"key":"2026040606321687000_ref012","unstructured":"Cavoukian,\n A.\n \n 2006. \u201cThe Case for Privacy-embedded Laws of\n Identity in the Digital Age\u201d. White\n Paper. URL: https:\/\/www.ipc.on.ca\/images\/resources\/up-7laws_whitepaper.pdf\n (accessed on 06\/11\/2015)."},{"key":"2026040606321687000_ref013","unstructured":"Chatfield,\n T.\n \n 2014. Digital Government Review.\n URL: http:\/\/digitalgovernmentreview.readandcomment.com\/\n (accessed on 06\/15\/2015)."},{"key":"2026040606321687000_ref014","doi-asserted-by":"crossref","unstructured":"Cooper,\n A.,\n H.Tschofenig,\n B.Aboba,\n J.Peterson,\n J.Morris,\n M.Hansen, and\n R.Smith.\n 2013. Privacy Considerations for Internet\n Protocols. URL: http:\/\/www.rfc-editor.org\/info\/rfc6973 (accessed on\n 09\/06\/2016).","DOI":"10.17487\/rfc6973"},{"key":"2026040606321687000_ref015","unstructured":"Crosby,\n J.\n \n 2008. \u201cChallenges and opportunities in\n identity assurance\u201d. URL:\n http:\/\/www.statewatch.org\/news\/2008\/mar\/uk-nat-identity-crosby-report.pdf\n (accessed on 08\/16\/2015)."},{"key":"2026040606321687000_ref016","first-page":"23","volume-title":"Open Identity Summit","author":"Cuijpers","year":"2014"},{"key":"2026040606321687000_ref017","doi-asserted-by":"crossref","unstructured":"Dumortier,\n J. and\n N.Vandezande.\n 2012. \u201cCritical Observations on the\n Proposed Regulation for Electronic Identification and Trust Services for\n Electronic Transactions in the Internal Market\u201d.\n ICRI Research Paper: 9. URL: http:\/\/papers.ssrn.com\/sol3\/papers.cfm?abstract_id=2152583\n (accessed on 12\/25\/2016).","DOI":"10.2139\/ssrn.2152583"},{"issue":"1","key":"2026040606321687000_ref018","doi-asserted-by":"crossref","first-page":"83","DOI":"10.21153\/dlr2012vol17no1art70","article-title":"Defining and describing what we\n do: Doctrinal legal research","volume":"17","author":"Duncan","year":"2012","journal-title":"Deakin Law\n Review"},{"key":"2026040606321687000_ref019","unstructured":"eIDAS Technical Sub-group\n .\n 2015. \u201ceIDAS Technical\n Specifications\u201d. v0.90, July.\n URL: https:\/\/joinup.ec.europa.eu\/sites\/default\/files\/eidas_technical_\n specifications_v0_9.pdf (accessed on\n 11\/04\/2016)."},{"key":"2026040606321687000_ref020","unstructured":"Federal Office for Information Security\n [BSI]\n . 2011. Technical\n Guideline TR-03127: Architecture electronic Identity Card and electronic\n Resident Permit. URL: https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/EN\/BSI\/Publications\/TechGuidelines\/TR03127\/BSI-TR-03127_en.pdf\n (accessed on 05\/23\/2016)."},{"key":"2026040606321687000_ref021","doi-asserted-by":"crossref","first-page":"186","DOI":"10.1007\/3-540-47721-7_12","article-title":"How To Prove Yourself: Practical\n Solutions to Identification and Signature Problems","volume":"263","author":"Fiat","year":"1987","journal-title":"Advances in Cryptology - CRYPTO'\n 86"},{"key":"2026040606321687000_ref022","first-page":"185","volume-title":"The Future of Identity in the Information\n Society","author":"Hansen","year":"2008"},{"key":"2026040606321687000_ref023","volume-title":"First International Scientific-Practical Conference Problems of\n Infocommunications Science and Technology","author":"Honcharova","year":"2014"},{"key":"2026040606321687000_ref024","volume-title":"IEEE Security and Privacy Workshops (SPW)","author":"H\u00f6rbe","year":"2015"},{"key":"2026040606321687000_ref025","unstructured":"Hulsebosch,\n B.,\n G.Lenzini, and\n H.Eertink.\n 2009. \u201cD2.3 \u2013 Quality\n authenticator scheme\u201d. STORK deliverable, 3\n March. URL: https:\/\/perma.cc\/R5SH-DQG3 (accessed on\n 07\/29\/2015)."},{"key":"2026040606321687000_ref026","volume-title":"Machine Readable Travel Documents, 7th edition","author":"ICAO","year":"2017"},{"key":"2026040606321687000_ref027","doi-asserted-by":"crossref","first-page":"26","DOI":"10.1007\/978-3-319-17016-9_3","volume-title":"Data\n Privacy Management, Autonomous Spontaneous Security, and Security\n Assurance","author":"J\u00f8sang","year":"2015"},{"key":"2026040606321687000_ref028","first-page":"99","article-title":"Trust requirements in identity\n management","volume":"44","author":"J\u00f8sang","year":"2005","journal-title":"Proceedings of the 2005 Australasian workshop on Grid computing and\n e-research"},{"key":"2026040606321687000_ref029","volume-title":"Collected\n Courses of the Academy of European Law","author":"Kuner","year":"2017"},{"key":"2026040606321687000_ref030","volume-title":"Lessons From\n the Identity Trail: Anonymity, Privacy and Identity in A Networked\n Society","author":"Lloyd","year":"2009"},{"issue":"2","key":"2026040606321687000_ref031","doi-asserted-by":"crossref","first-page":"16","DOI":"10.1109\/MSP.2008.50","article-title":"The Venn of Identity: Options and Issues in Federated\n Identity Management","volume":"6","author":"Maler","year":"2008","journal-title":"IEEE Security &\n Privacy"},{"key":"2026040606321687000_ref032","doi-asserted-by":"crossref","unstructured":"Martens,\n T.\n \n 2010. \u201cElectronic identity management in\n Estonia between market and state governance\u201d.\n Identity in the Information Society.\n 3(1):\n 213\u2013233. DOI:\n 10.1007\/s12394-010- 0044-0. URL: http:\/\/dx.doi.org\/10.1007\/s12394-010-0044-0.","DOI":"10.1007\/s12394-010-0044-0"},{"key":"2026040606321687000_ref033","unstructured":"Massacci,\n F. and\n O.Gadyatskaya.\n 2013. \u201cHow to get better EID and Trust\n Services by leveraging eIDAS legislation on EU funded research\n results\u201d. White Paper.\n URL: http:\/\/www.cspforum.eu\/Seccord_eidas_whitepaper_2013.pdf\n (accessed on 07\/27\/2015)."},{"key":"2026040606321687000_ref034","unstructured":"Pfitzmann,\n A. and\n M.Hansen.\n 2010. \u201cAnonymity, Unlinkability,\n Unobservability, Pseudonymity and Identity Management \u2013 A\n Consolidated Proposal for Terminology\u201d.\n Version v0.33, April 8. URL: https:\/\/dud.inf.tu-dresden.de\/literatur\/Anon_Terminology_v0.33.doc\n (accessed on 06\/12\/2015)."},{"issue":"3","key":"2026040606321687000_ref035","first-page":"189","article-title":"Futureid - shaping the future of\n electronic identity","volume":"36","author":"Ro\u00dfnagel","year":"2012","journal-title":"Datenschutz und\n Datensicherheit"},{"key":"2026040606321687000_ref036","volume-title":"OII Conference on\n Safety and Security in a Networked World: Balancing Cyber-Rights and\n Responsibilities, Research Publication No. 2006-01","author":"Rundle","year":"2005"},{"issue":"1","key":"2026040606321687000_ref037","article-title":"National Electronic Identity\n Management: The Challenge of a Citizen-centric Approach Beyond Technical\n Design","volume":"3","author":"Strau\u00df","year":"2010","journal-title":"International Journal on Advances in\n Intelligent Systems"},{"key":"2026040606321687000_ref038","volume-title":"Digital identity, an emergent legal concept: the role\n and legal nature of digital identity in commercial transactions","author":"Sullivan","year":"2011"},{"issue":"2","key":"2026040606321687000_ref039","doi-asserted-by":"crossref","first-page":"268","DOI":"10.1016\/j.clsr.2015.01.002","article-title":"Digital identity and French\n personality rights \u2014 A way forward in recognising and protecting an\n individual\u2019s rights in his\/her digital\n identity","volume":"31","author":"Sullivan","year":"2015","journal-title":"Computer Law & Security\n Review"},{"key":"2026040606321687000_ref040","doi-asserted-by":"crossref","unstructured":"Svantesson, D. J.\n B.\n \n 2013. \u201cA \u201clayered approach\" to the\n extraterritoriality of data privacy laws\u201d.\n International Data Privacy Law.\n 3(4):\n 278\u2013286. DOI:\n 10.1093\/idpl\/ipt027. URL: http:\/\/idpl.oxfordjournals.org\/content\/3\/4\/278.abstract.","DOI":"10.1093\/idpl\/ipt027"},{"key":"2026040606321687000_ref041","unstructured":"UNCITRAL\n . 2016.\n Legal Issues Related to Identity Management and Trust\n Services. URL: https:\/\/documents-dds-ny.un.org\/doc\/UNDOC\/GEN\/V16\/026\/34\/PDF\/V1602634.pdf\n (accessed on 10\/15\/2016)."},{"issue":"2","key":"2026040606321687000_ref042","first-page":"134","article-title":"On technology neutral policies for\n eidentity: a critical reflection based on UK identity\n policy","volume":"8","author":"Whitley","year":"2016","journal-title":"Journal of International Commercial Law\n and Technology"},{"key":"2026040606321687000_ref043","author":"Windley","year":"2005","journal-title":"Digital Identity"},{"key":"2026040606321687000_ref044","doi-asserted-by":"crossref","unstructured":"Zwingelberg,\n H.\n \n 2011. \u201cNecessary Processing of Personal Data:\n The Need-to-Know Principle and Processing Data from the New German Identity\n Card\u201d. In: Privacy and\n Identity Management for Life. Ed. byS.Fischer-H\u00fcbner,\n P.Duquenoy,\n M.Hansen,\n R.Leenes, and\n G.Zhang. IFIP\n Advances in Information and Communication Technology.\n Springer Berlin Heidelberg. ISBN:\n 978-3-642-20768-6. DOI: 10.1007\/978-3- 642-20769-3_13. URL:\n http:\/\/dx.doi.org\/10.1007\/978-3-642-20769-3_13.","DOI":"10.1007\/978-3-642-20769-3_13"},{"key":"2026040606321687000_ref045","volume-title":"7th IFIP Advances in Information and Communication\n Technology","author":"Zwingelberg","year":"2012"}],"container-title":["The Journal of Web Science"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/jws\/article-pdf\/3\/1\/32\/11491296\/106.00000010en.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/www.emerald.com\/jws\/article-pdf\/3\/1\/32\/11491296\/106.00000010en.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T14:32:08Z","timestamp":1777473128000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.emerald.com\/jws\/article\/3\/1\/32\/1331649\/Identity-Assurance-in-the-UK-technical"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,12,7]]},"references-count":45,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2017,12,7]]}},"URL":"https:\/\/doi.org\/10.1561\/106.00000010","relation":{},"ISSN":["2332-4031"],"issn-type":[{"value":"2332-4031","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,12,7]]}}}