Government Digital Identity Initiatives Expand via Mobile Wallets and Biometrics
UK and US government agencies are expanding digital identity programs, but with uneven adoption and growing scrutiny. In the UK, the Government Digital Service reported that just over 15,000 veterans have applied for a digital veterans ID since its October launch—under 1% of the roughly 1.8 million eligible former service members—highlighting slow uptake and limited utility compared with the physical Veteran Card. The digital credential is stored in the GOV.UK One Login app (planned to be rebranded as the GOV.UK Wallet), and currently has constrained use cases, including not being accepted as photo ID for domestic flights or for some veteran benefits, and not yet being usable online.
In the US, Customs and Border Protection and the Transportation Security Administration are accelerating deployment of facial biometric identity verification for travelers, with CBP requiring biometric verification for all non-citizens entering or leaving the US (with US citizens able to opt out for manual checks). Officials described facial biometrics as foundational to vetting and border security operations, while lawmakers and civil society groups continue to raise privacy and civil-rights concerns; TSA’s use of facial recognition has also drawn oversight attention, including a Department of Homeland Security watchdog investigation. Together, the developments reflect a broader shift toward mobile and biometric identity systems, alongside adoption, usability, and governance challenges.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
UK tests digital driving licence and verification features
GDS said it is testing a digital driving licence in the same app with GDS staff and the DVLA, with wider rollout planned later in 2026. It is also developing programmatic verification for veterans IDs and driving licences for online and in-person use, including tests with third-party providers.
GDS reports 15,000 applications for digital veterans ID
The UK Government Digital Service said more than 15,000 former service members had applied for a digital veterans ID card since the October launch. Officials also said the app would be rebranded as the GOV.UK Wallet as more identity documents are added.
CBP says biometrics have become central to traveler identification
A CBP official said biometric identity verification is now a bedrock of traveler identification as federal agencies expand facial recognition at airports and ports of entry. The statement came amid broader TSA deployment efforts, privacy concerns, and a DHS watchdog investigation into TSA's use of the technology.
UK drops plan to make digital identity compulsory for right-to-work checks
The UK government abandoned a plan, announced in September by Prime Minister Keir Starmer, to make digital identity compulsory for right-to-work checks. The reversal was reported as having occurred earlier in January 2026.
CBP requires biometric verification for non-citizens at U.S. ports of entry
Starting Dec. 26, U.S. Customs and Border Protection began requiring biometric identity verification for all non-citizens entering or leaving the United States by air, land, or sea. U.S. citizens were allowed to opt out and use manual verification instead.
UK launches digital veterans ID card in GOV.UK One Login app
The UK government launched a digital veterans ID card in October through the GOV.UK One Login app for former armed forces members. The digital card was introduced as part of broader government digital identity efforts.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
UK Government Moves to Expand Police Use of Facial Recognition Technology
The UK government has announced plans to significantly expand the use of facial recognition and related biometric technologies by law enforcement, launching a public consultation to establish a dedicated legal framework for their deployment. The Home Office argues that the current legal landscape is insufficient for national-scale use and seeks to align facial recognition with other biometric tools such as fingerprints and DNA evidence. The consultation aims to gather public input on regulation and privacy safeguards, with officials emphasizing the technology's role in tackling serious crime and citing statistics of over 1,300 arrests linked to facial recognition in recent years. Despite mounting controversy and civil liberties concerns, including fears of turning public spaces into biometric dragnets, the government is pressing ahead with increased funding and operational deployments. The Home Office spent £12.6 million last year and has allocated an additional £6.6 million for further rollout and development of a national facial-matching service. Public opinion appears divided, with surveys indicating majority support for the technology if robust protections are implemented, while advocacy groups continue to raise issues around oversight, transparency, and potential bias.
Mar 21, 2026
India Expands Digital Identity Use Amid Security and Privacy Concerns
Indian officials and agencies are pushing to broaden the use of digital identity in both public and private contexts, while explicitly raising cybersecurity and accountability concerns. In Hyderabad, Police Commissioner **V.C. Sajjanar** publicly argued that autonomous **AI agents** operating in critical sectors (e.g., banks, hospitals, power grids) should be issued a verifiable *digital identity* and be subject to strong **logging and traceability** so investigators can determine “which agent opened which file,” what changes were made, and where data was sent—framing the need as a safeguard against errors and the risk of **cybercriminals hijacking agent behavior**. Separately, India’s **UIDAI** is expanding **Aadhaar** into more day-to-day use via a new Aadhaar app and an **offline verification** framework intended to reduce reliance on real-time checks against the central database, while enabling *selective disclosure* (e.g., proving age without sharing full birthdate). The initiative also extends Aadhaar into consumer ecosystems (including planned **Google Wallet** integration and discussions with **Apple Wallet**) and into operational deployments such as policing and hospitality—e.g., Ahmedabad City Crime Branch integrating Aadhaar-based offline verification with the **PATHIK** guest-monitoring platform—prompting critics to reiterate concerns about **security, consent, and privacy** as Aadhaar’s footprint grows.
Mar 21, 2026
Digital Identity and Age-Verification Rollouts for Online Access
Organizations are expanding **digital identity verification** for online services, with one effort focused on privacy-preserving **age checks** and another on stronger identity proofing for access to U.S. government healthcare accounts. Ars Technica reported on the **OpenAge Initiative** and related “age key” technology, which stores proof-of-age signals locally using **FIDO passkey** concepts and shares them through an encrypted, double-blind exchange rather than exposing full identity data. The article says providers including **Incode, Persona, Socure, and Veratad**, along with platform participants such as **Meta** and **Konami**, are backing the model as platforms prepare for broader age-gating requirements. Separately, **CMS** expanded login options for **Medicare.gov**, allowing beneficiaries to verify identity through **ID.me, CLEAR, or Login.gov** under **NIST IAL2** standards to reduce fraud and unauthorized access. CMS said biometric checks used by some providers are limited to one-time identity verification with user consent, and that medical records remain in CMS systems while identity data is held separately by the selected provider. While both reports concern online identity assurance and user verification, they describe **different initiatives** with different operators, use cases, and security goals rather than a single incident or coordinated event.
Mar 21, 2026