With Royal Assent, UK Data (Use and Access) Bill is now law

Today, the UK Data (Use and Access) Bill attained Royal Assent, making it law and establishing a legal basis for the acceptance of digital verification.

The DUA Bill also lays the foundation for the new Office for Digital Identities and Attributes (OfDIA) within the Department for Science, Innovation and Technology (DSIT), the body responsible for certification to the Digital Identity & Attributes Trust Framework (DIATF) – which will now be called the Digital Verification Services (DVS).

The freshly minted law has drawn comment from digital ID stakeholders. Posting on LinkedIn, decentralized identity firm Gataca calls it “a major leap forward for digital trust and verification” and “a turning point for adoption.”

“As digital identities gain the same trust as paper documents, more businesses will accept them and more people will choose to use them,” it says.

David Rennie is the new chief trust officer for Orchestrating Identity. He says the law “represents regulatory innovation” by providing a better structure for compliance.

“The traditional ‘risk-based approach’ required organisations to fathom what the regulations meant and then attempt to buy solutions from the market that vendors told them were okay. However, the liability for regulatory compliance still sat with the organisation, not the solution vendor. Now solution providers are independently certified under the Trust Framework as enabling compliance with the regulations.”

A statement from Ben Seretny of compliance firm the DPO Centre asserts that the bill reads more like a “careful update” of the UK GDPR and Privacy and Electronic Communications Regulations (PECR) frameworks, rather than a radical overhaul.

“But while some areas are now clearer, others may introduce uncertainty. In particular, the Bill gives the Secretary of State more power to decide which countries have data protection standards that are not ‘materially lower’ than the UK. This shift in language may concern the European Commission, which is due to review the UK’s adequacy status later this year.”

Yoti has a good explainer on the bill and what it means for businesses and individuals.

“The Data Bill aims to make things easier and safer for people in the UK who wish to prove their identity. Once digital identities have the same level of confidence and acceptance as paper documents, more businesses are likely to accept them. As a result, people may be more likely to get a digital identity as they’ll be able to use it in more places.”

Yoti’s Chief Policy and Regulatory Officer Julie Dawson says the DUA and DVS build on and expands the previous DIATF into “a broader and more structured regulatory foundation,” which “will enhance confidence in digital identities.”

Article Topics

Data (Use and Access) Bill (DUA)  |  Department for Science Innovation and Technology (DSIT)  |  digital identity  |  Gataca  |  legislation  |  OfDIA  |  Orchestrating Identity  |  UK  |  Yoti