Britain's Big Six Banks Are Building the Digital ID Layer We Should Have Had a Decade Ago - But Will It Actually Stick?
UK Finance's bank-led digital verification pilot drops this week, promising to kill the passport-upload ritual. The product-market fit case is obvious. The execution history of British digital identity? Less so.
The Passport Upload Must Die
If you've opened a bank account, bought a property, or verified your age on a British platform in the last five years, you've done the ritual. Photo of your passport. Selfie holding the passport. Wait three days. Do it again because the lighting was wrong. Now do it for the next institution, because apparently your identity expires between tabs.
It's 2026. We have agentic AI rewriting codebases overnight and a government dropping £1.1 billion on chip manufacturing. And we're still emailing JPEGs of travel documents.
So when UK Finance announced this week that Barclays, HSBC, Lloyds Banking Group, Nationwide, NatWest and Santander are piloting a consent-led digital verification service, I sat up. Not with unbridled optimism, I've been in this space too long for that, but with genuine, cautious interest.
What They're Actually Building
The proposition is clean. Rather than re-verifying you from scratch every time a new platform needs to know who you are, the banks become your identity custodians. You approve a data-sharing request directly from your banking app. Name, age, address, whatever the relying party needs, flows across securely, once, with your explicit consent.
UK Finance's initiative centres on a voluntary, bank-led digital verification service allowing customers to share verified personal data directly from their banking apps. The design puts consent and data minimisation at the core. Instead of uploading passports or utility bills, customers approve sharing requests for scenarios including online purchases, age verification, account opening and property transactions.
The proof of concept using synthetic data has already been completed. The next phase: a live pilot in a controlled real-world environment. Technical delivery is being led by Select ID, a specialist in digital identity infrastructure.
This is not vapourware. The consortium is real, the PoC is done, and the banks involved account for the overwhelming majority of UK current accounts. That's a distribution advantage most identity startups would trade their entire cap table for.
I've Seen This Film Before
I spent five years in identity verification. KYC, AML, digital wallets, biometrics, the whole circus. I watched good products die because the relying party ecosystem wasn't there. I watched bad products survive because a bank happened to mandate them. The technology was never really the problem. The problem was always fragmentation, liability, and the interminable question of who owns the customer relationship when things go wrong.
The government-backed Centre for Finance, Innovation and Technology has its own parallel initiative: a Digital Company ID for businesses, a reusable credential for KYB checks, that could save UK financial institutions £1.7 billion by reducing the cost and complexity of Know Your Business onboarding. That PoC is also done, supported by Yoti and OneID, with a minimum viable product headed for the FCA regulatory sandbox.
Two reusable identity initiatives. Same moment. Both backed by serious institutions. Either we're at a genuine inflection point, or we're about to discover that coordinating six major banks and a regulator is harder than building a fusion reactor.
History suggests the latter. The UK's digital identity story has been one of noble intentions and committee-level deaths. GOV.UK Verify, rest in peace. The proposed national identity scheme that never quite became a national identity scheme. We are very good at producing frameworks and consultation papers on this island. Less good at shipping.
The Market Gap Is Real, and Getting Expensive
Here's what makes this moment feel different from the previous fifteen false dawns. The fraud environment has genuinely broken document-based verification. AI-powered deepfakes can bypass liveness detection. Synthetic identity fraud is surging. Traditional document capture and liveness checks were never engineered for this digital environment, and the attackers know it.
The pressure on businesses is real and immediate. Every e-commerce checkout, every account opening, every property transaction carries identity friction that costs conversion rates and creates fraud exposure simultaneously. The bank-verified data approach would, in theory, solve both in a single consent tap.
The product-market fit argument writes itself. The execution risk is where it gets interesting.
The SIC 62.02 Signal Worth Reading
Here's a number nobody in the press is talking about. AIBD analysis of Companies House data shows just 5,226 new SIC 62.02 companies registered in Q2 2026, that's IT consultancy and computer consultancy activity, the broad bucket that swallows most software product businesses at formation. That's a 31.4% fall versus the prior period.
Think about what that means. The layer of the market that builds the integration plumbing, the middleware, the KYC API wrappers, the onboarding SDKs: that cohort is contracting sharply. Either founders have stopped incorporating because the tools now build themselves, or the market has concluded that standalone software consultancy without a genuine product moat is a diminishing return. Probably both.
For a bank-led identity initiative, this matters. The success of any reusable identity scheme depends on a healthy ecosystem of relying parties integrating it. If the companies that would traditionally build those integrations are declining in number, the adoption curve gets steeper, not shallower. The banks will need to make this genuinely plug-and-play, not another eighteen-month enterprise integration project, or it'll stall at the pilot phase like every predecessor.
Positioning vs Reality
The pitch is sovereign and trustworthy: your bank, which already knows who you are, speaks for you. No third-party identity provider storing your biometrics in a data centre you've never heard of. No liveness check that gets breached in eighteen months. Bank-grade assurance, consumer-grade UX.
Compelling. Also, if I'm honest, alarming for incumbent identity verification vendors. The VC-backed document-capture players built businesses on the assumption that banks wouldn't do this themselves. They may have been wrong.
But, and it's a substantial but, voluntary bank participation means this service is only as strong as its weakest integration. If one of the six builds a half-finished SDK and another decides the liability terms are unworkable, the network effect collapses. Reusable identity is a network good. It needs near-universal coverage to deliver its promise.
Founder's Verdict
I ran a mobile wallet project at 2ergo in the mid-2000s. The technology worked on day one. The ecosystem took four years to materialise and by then the iPhone had made our architecture obsolete. I am professionally allergic to "build it and they will come" identity plays.
This one is different in the ways that matter most: the distribution is pre-solved, the regulatory tailwind from the UK's Digital Identity and Attributes Trust Framework is real, and the fraud environment is creating genuine urgency. The consent-led, data-minimisation framing also gives it a fighting chance of surviving a post-GDPR public conversation about who controls personal data.
Watch the FCA sandbox outcome closely. Watch whether the live pilot timeline slips. And watch whether the relying-party developer experience is treated as a product in its own right, or as an afterthought bolted onto a banking compliance project.
If it's the former, this could be the Netscape moment for British digital identity. If it's the latter, we'll be uploading passport photos until at least 2031. I've lost that bet before.