DIGITAL ID – Where Are the Laws Allowing It?

Digital ID is being enabled by stealth by clauses buried deep inside legislation that is ostensibly to do other things, always marketed to the public as being for our safety, convenience and national security.

However, local councils are also aiding and abetting the implementation of Digital ID by harvesting data on local residents without their awareness and therefore without their full consent. In this case there is no law to mandate it, and we need to challenge unlawful actions in the UK’s 384 local councils to bring in Digital ID.

Most people imagine “Digital ID” as a national government project, but in reality it begins in local councils.
Every “smart system,” online form, or MyAccount login quietly builds the foundation for a single national profile.
Councils are the first link in the chain — they collect residents’ personal data, merge it across departments, and feed it into shared regional databases.
Without this constant local data harvesting, no national Digital ID could ever exist.
The infrastructure of control is being built bottom-up, not top-down — through administrative software, not Acts of Parliament.

Of course, the push for data harvesting is also driven from above, wherever the law allows it. The Economic Crime and Corporate Transparency Act 2023 quietly passed through Parliament with little public awareness, mandating biometric verification for over eight million company directors through the GOV.UK One Login system. Combined with existing Money Laundering and Terrorist Financing Regulations (2017), it is already drawing millions of ordinary citizens into mandatory digital verification schemes under the banner of financial security. The Children’s Wellbeing and Schools Bill currently proceeding through Parliament will create a ‘Single Unique Identifier’ for every child by which a full and intrusive record of data will be collected and shared between government departments. These national measures depend on the same local data infrastructure — which is why stopping unlawful council data consolidation is the first and most effective line of defence.

1. No Statutory Mandate

There is no Act of Parliament that compels or authorises local authorities to assign residents a permanent digital identity.
The Local Government Acts (1972, 2000, 2003) and the Localism Act 2011 give councils powers to administer services, not to build centralised identity registries
Any processing of personal data must be justified under the Data Protection Act 2018 and UK GDPR — specifically Articles 5, 6, and 22, which require lawful basis, necessity, and informed consent, especially when decisions are automated.
Yet most councils are proceeding without any enabling legislation, consultation, or parliamentary oversight.

2. Disguised Under “Efficiency” and “AI Modernisation”

Digital ID has entered local government through technology contracts and devolution programmes — not through law.
Vendors such as Civica, Capita, NEC, AWS, Microsoft, and Granicus and the Tony Blair Institute for Global Change promote “One Council, One Citizen View” platforms that merge data across departments.
Councils are told this supports “AI decision-making” and “data-driven planning,” but what it really does is consolidate personal identifiers — tax, housing, parking, school, and health — into one profile.
That profile is then used to pre-determine eligibility or risk.

3. Who Trains the AI?

Every “Smart Council” system is powered by artificial intelligence.
Someone must train that AI — and that is where the real power lies.
Private companies and external “innovation partners” supply training datasets that define what counts as trustworthy, vulnerable, or compliant behaviour.
Those definitions are rarely transparent and often imported from social-credit-style models trialled abroad.

Under GDPR Article 22, residents have the right not to be subject to decisions based solely on automated processing.
Councils that delegate eligibility scoring or risk ranking to AI without human oversight are acting beyond their lawful powers (ultra vires).
No DPIA or equality assessment can legalise a process that has no legislative foundation.

4. Centralisation by Devolution

Local Government Reorganisation and “Devolution Deals” are being used to justify Digital ID infrastructure.
By merging councils into “combined authorities,” the state creates a single data spine — the ideal foundation for national population-management systems.
Once established, these digital identities can be linked to taxation, transport, and welfare portals.
Residents are told this is convenience. In truth, it is consolidation of control.

5. Where Are the Laws?

When asked under the Freedom of Information Act, councils will be required to cite the specific law authorising any digital identity system.
Experience from other areas — such as local government reorganisation, mass housing developments, and climate-related programmes — shows that councils routinely proceed without clear statutory authority, relying instead on assumption or external “policy guidance.”

One major source of such guidance is the Tony Blair Institute for Global Change (TBI), whose reports and partnerships have encouraged councils to create a “single view of the citizen” and to use AI-driven data integration as the basis for service delivery.
TBI itself has no statutory role; it operates as a private advisory body promoting data practices that lay the groundwork for national Digital ID frameworks.
This influence blurs the boundary between lawful administration and external policy capture.

Councils often invoke vague “innovation powers” under the Localism Act 2011, Section 1, which allows councils to do anything individuals may do — but not to override constitutional rights or data-protection law.
In practice, that means there is no explicit legal basis for the Digital ID schemes now being promoted and implemented.

6. How to Challenge It

Every resident has the right to demand:

The legal basis for any Digital ID or citizen-account system;
Copies of all Data Protection Impact Assessments (DPIAs);
Names of all AI vendors and training-data sources;
Details of any data-sharing agreements with external partners;
Proof of public consultation or explicit consent.

If those cannot be produced, councils must suspend processing until they can prove compliance with the Data Protection Act and Equality Act 2010.

1	Local councils as data collectors for national profiles	https://www.local.gov.uk/publications/digital-transformation-local-government-2024-report	LGA 2024: Councils merge resident data into databases.
2	Local Government Act 1972	https://www.legislation.gov.uk/ukpga/1972/70/contents	1972 Act: Powers for services, not IDs.
3	Local Government Act 2000	https://www.legislation.gov.uk/ukpga/2000/22/contents	2000 Act: Well-being powers, no ID mandate.
4	Local Government Act 2003	https://www.legislation.gov.uk/ukpga/2003/26/contents	2003 Act: No digital system authority.
5	Localism Act 2011	https://www.legislation.gov.uk/ukpga/2011/20/contents	2011 Act: Innovation limited by GDPR.
6	Data Protection Act 2018	https://www.legislation.gov.uk/ukpga/2018/12/contents	2018 Act: Requires lawful data processing.
7	UK GDPR Articles 5, 6, and 22	https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/lawful-basis/a-guide-to-lawful-basis/ (Art 6); https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/automated-decision-making-and-profiling/ (Art 22); https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/data-protection-principles/ (Art 5)	GDPR: Arts. 5-6 need consent; Art. 22 limits AI.
8	Vendors like Civica’s “One Council, One Citizen View”	https://www.civica.com/en-gb/solutions/one-citizen-view/	Civica: Merges tax/housing data.
9	Capita, NEC, AWS, Microsoft, Granicus in councils	https://www.local.gov.uk/topics/digital/ai-public-services/case-studies	LGA: Vendors drive AI contracts.
10	GDPR Article 22 and ultra vires	https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/automated-decision-making-and-profiling/automated-decision-making/	ICO: Art. 22 risks ultra vires.
11	Private datasets and social-credit models	https://institute.global/policy/governing-age-ai-reimagining-local-government	TBI: Non-transparent AI datasets.
12	Devolution Deals and combined authorities	https://www.gov.uk/government/publications/devolution-the-next-12-months/devolution-deals	GOV.UK: Devolution builds data spines.
13	Freedom of Information Act 2000	https://www.legislation.gov.uk/ukpga/2000/36/contents	FOIA 2000: Enables legal basis requests.
14	Localism Act 2011, Section 1 limitations	https://commonslibrary.parliament.uk/research-briefings/sn04970/	Commons: 2011 Act limited by data laws.
15	Equality Act 2010	https://www.legislation.gov.uk/ukpga/2010/15/contents	2010 Act: Requires equality assessments.
16	LGA AI Survey 2025	https://www.local.gov.uk/publications/state-local-government-ai-2025	LGA 2025: 95% councils use AI, no oversight.
17	TBI’s “Time for Digital ID” Report (2025)	https://institute.global/insights/politics-and-governance/time-for-digital-id-a-new-consensus-for-a-state-that-works	TBI 2025: Claims 62% support for council data use…62% of Who? Did Anyone Ask YOU?
18	TBI’s Follow-Up on Digital ID as “Defining Step” (2025)	https://institute.global/insights/politics-and-governance/digital-id-a-defining-step-for-britain	TBI 2025: Links local data to national ID.
19	TBI’s “Governing in the Age of AI: Reimagining Local Government” (2025)	https://institute.global/insights/politics-and-governance/governing-in-the-age-of-ai-reimagining-local-government	TBI 2025: Promotes AI for data merging.
			.
20¹	Critique of TBI’s Influence on Councils (2025)	https://www.politico.eu/article/tony-blairs-ai-mania-sweeps-britains-new-government/	Politico: TBI pushes tech partnerships.