Fraser Edwards, Co-Founder of cheqd
The AWS outage is a reminder of how fragile current digital systems can be when everything relies on a single point of failure or provider. A fault in a domain name system (DNS) record caused a major cascading failure across AWS infrastructure, resulting in over 14,000 websites reportedly being taken offline and more than $1 billion in losses from just two hours of downtime. When the functions came back online, data synchronisation caused a domino effect of further disruption.
AWS tried to safeguard this with multiple, localised points of failure, but failed to account for a regional DNS disruption. As the cloud provider for more than 90% of Fortune 100 companies, this event showed that even the largest centralised providers cannot fully guard against these risks of centralisation. Exposing what happens when we over-rely on essential infrastructure that lacks the correct safeguards in place.
While private companies scrambled to restore access, governments are building vital public infrastructure like AI and national digital ID on the same flawed assumptions and often hosted on the same providers. When those fail, verification, payments, and access to essential services can all halt all at once.
The UK’s new digital ID initiative is no exception: intended to let people access services like healthcare, benefits, and tax systems through one verified identity. But if that identity system relies heavily on a cloud provider like AWS, a single disruption could lock millions out of vital services and create widespread economic disruption. In order for this to work, safeguards from concentrated outages have to be engineered out from the start.
The question should not be whether another major outage will happen again, but when, and how to design for such concentrated risk? Distributed infrastructure, verifiable credentials, and trust registries are some technologies deployed across the world to do just this.
The Promise of Modern Digital Identity
Everyday life already depends on proving who we are, from applying to jobs, renting homes, accessing financial services or travelling abroad. An improvement to this system would be a welcome change if done correctly, making everyday interactions smoother for people and businesses alike. That is the promise of digital identity, but its success will depend on whether it delivers those benefits of convenience without creating new risks of data misuse or surveillance in a way that installs control across both online and offline.
The UK’s proposed BritCard risks repeating the same mistakes that have long plagued centralised databases. The idea was scrapped in 2006 for being intrusive, ineffective and enormously expensive. Putting everyone’s ID data in one interconnected place creates a single, attractive target with greatly increased exposure, unlike physical IDs which are harder to access at scale.
More from Other
- Why Custom Exhibition Display Stands Can Be Worth The Investment
- Mobile Gaming Trends Transforming British Tech Habits
- Mobile Gambling Set To Dominate Europe By 2029, New Report Reveals
- How Artificial Intelligence Is Changing Online Betting Experiences
- Shaping The Future Of Online Casinos In 2026 And Beyond With AI
- Modernising Operations: Why Businesses Are Moving Beyond Manual Systems
- UX Patterns That Can Help Boost Trust In Real Money Apps
- Nexus International Nears $1 Billion Annual Revenue Under Founder And CEO Gurhan Kiziloz
What Countries Get Wrong About Digital ID
On October 8th Prime Minister Keir Starmer made a visit to India to examine its Digital ID Aadhaar program as a model for the UK, praising the system as a “massive success”
With 99% penetration, Aadhaar has transformed how millions access welfare, healthcare, and finance. It has been praised for reducing fraud and saving more than $10 billion in welfare leakages. But it has also revealed exactly how scale without safeguards creates new vulnerabilities.
In 2019, the World Economic Forum named Aadhaar’s breaches the largest of the year, after biometric identity and personal details of 1.1 billion citizens were compromised and sold for as little as £4. Drawing criticism on government efforts to compulsorily link Aadhar to bank accounts and mobile phone numbers will increasingly endanger personal information.
Estonia, another model often praised for its success, faced a breach in 2017 that forced the revocation and reissuance of nearly one million identity certificates. The flaw exposed medical, banking, and voting records. Despite Estonia’s strong legal and technical infrastructure, these incidents show what happens when too much trust is placed in a centralised layer without the correct safeguards in check.
Privacy researchers note that some digital ID architectures even include phone-home verification: where ID credentials quietly call back to a central authority whenever they are accessed. Even when intended for security or interoperability, this capability risks turning verification into quiet tracking if left unchecked.
Without the necessary safeguards, a tool built for convenience can become an instrument of control without the correct systems in place, linking payments and behaviour across services could be knowingly or unknowingly used for malware.
What Countries Got Right
Some governments, however, have learned from these shortcomings:
Switzerland, offers the clearest example of a model to emulate. After voters rejected a previous attempt at digital ID in 2021, the government went back to the drawing board and redesigned it with strong legal and architectural safeguards that its people accepted. The new model avoids a central database entirely. Instead credentials are issued by the federal government but stored on the user’s device.
Only the required information is shared, using selective disclosure. It’s voluntary, built with open-source code, and backed by a national trust registry that holds issuers accountable. By prioritising transparency, control, and auditability, Switzerland turned a failed proposal into a system the public voted to accept.
Denmark took an equally instructive approach and proved Digital ID does not have to be compulsory, still being used by almost all adults, while underlying registers remain separated. Instead of being into one mega-database, Denmark’s MitID retains its own data to each department, linking records when required only to prevent centralisation of all government data into a single database. Verification works seamlessly across services, but no one agency sees more than it should, showing it’s possible to deliver efficiency while limiting how much data ends up concentrated in one place.
Together, these models show that privacy and usability aren’t mutually exclusive. You can build fast, efficient, and secure digital ID systems without inheriting the vulnerabilities of centralised infrastructure or hardcoding surveillance.
Digital ID Doesn’t Have to Be Centralised
Digital ID doesn’t have to be a big centralised database that expands what the state knows within an ever-enticing honeypot for fraudsters and hackers. The tax office doesn’t need your medical records. Your GP doesn’t need your financial history, but all of them should be able to work together to make access simpler, faster and more secure whenever necessary using tight boundaries of what data is used, and why.
As The Sum of the People author Andrew Whitby puts it, what matters most is not just which identifier is used, but what data is collected, how it is stored, and what constraints are placed on its use.
Digital ID done right can enforce those constraints. Eliminating the need to repeatedly send scanned utility bills, passport photos, and bank statements just to prove basic facts like your age or address. It makes verification easier while making abuse like fraud harder without a singular database.
What’s at stake is more than the digitisation of identification; it’s the design of systems where efficiency is achieved without sacrificing liberty or privacy. If the UK learns from both global failures and successes, it can build a system that enhances trust instead of eroding it
