18.The Cabinet Office and GDS have shown a lack of strong leadership and oversight at key points of the Verify programme. The Cabinet Office Permanent Secretary told us that he could not remember if he was concentrating on Verify’s business case in 2015, but did intervene heavily throughout 2016 as it became clear that the programme was underperforming. However, he acknowledged that he might have been “a bit late” in intervening – possibly six months too late.
19.The Cabinet Office’s interventions included changing Verify’s leadership in 2016 and commissioning several reviews of the programme. There have been over 20 internal and external reviews of Verify in total, many of which sought to identify the problems leading to low take-up. One key internal review was carried out after Nic Harrison became the Senior Responsible Owner (SRO) in October 2016. His review concluded that Verify was unlikely to deliver in its current form. This assessment came only a month after the 2016 business case had been signed off by HM Treasury, and six months after contracts had been signed with additional providers.
20.In October 2018, following Verify’s numerous reviews (including a highly critical one from the Infrastructure and Projects Authority), the Cabinet Office and HM Treasury decided to stop government funding in March 2020. They also announced plans to pass responsibilities for Verify to the private sector. GDS is now focused on helping develop a market for identity verification services that spans both public and private sectors, in preparation for Verify’s planned transition to the private sector. The Cabinet Office Permanent Secretary told us he believes the programme is now on the right track: “Now we have set it in the best way we can, and that is, in some senses, why I am sorry that we did not intervene earlier, frankly”.
21.Verify’s leaders demonstrated a poor understanding of accountability for the programme. Throughout our evidence session, all three witnesses — the Accounting Officer, the current Director General and the former SRO — blamed the over-optimism of their predecessors in setting Verify’s original targets too high. It is true that the original projections predate all the individual witnesses’ time on the programme. However, as Verify’s leaders, the witnesses have an important responsibility to explain and account for what went wrong with the programme beyond their individual roles in it.
22.The witnesses also ran the risk of rewriting the aims of the programme after the event. The Cabinet Office and GDS now emphasise the role of Verify in creating a market for digital identity services, with a range of private sector providers and a set of internationally-recognised identity standards. The Cabinet Office Permanent Secretary told us this focus on the development of the market is now the priority, rather than the programme’s original aim of providing a common verification service across government. However, GDS’s own strategic objectives for Verify include the crucial aim of achieving mass adoption of the service, which we noted is far from being achieved.
23.This Committee reported on accountability for taxpayers’ money in 2016, including accountability for major projects and programmes such as Verify. That report noted that since 2014, SROs have been directly accountable to Parliament for project implementation, although Accounting Officers (AOs) retain overall responsibility for projects and the spending involved. As part of their responsibilities to account for departmental spending, AOs must satisfy themselves that projects and other initiatives are a good use of taxpayers’ money and are on track. Where an AO has concerns about a project’s value for money or its feasibility, we recommended that he or she should seek an AO assessment: a document that enables the AO to systematically evaluate potential concerns about the use of public money. We are not aware of any AO assessment being sought for the Verify programme.
24.The Verify programme will change significantly after March 2020, when current contracts end and government funding stops. GDS’s intention is that the private sector will take over responsibility for Verify at this point. GDS told us that it and the Crown Commercial Service are currently in negotiations with providers about the successor programme after March 2020. From discussions with providers so far, GDS was confident that providers have ambitious plans and will keep investing in Verify. GDS envisages that Verify will vastly increase its user numbers through expansion to the private sector. It told us that over 90% of citizens’ use of identity is in the private sector, so it believes access to this bigger market means Verify’s strategic objective of mass adoption can and will be achieved.
25.However, there are several uncertainties about how Verify will operate in future, with major implications for government services using Verify. These include how the market for verifying people’s identities will develop and the price that will be set for verification services. Government services using Verify could face large cost increases if the market price is significantly higher than the current contract price — although the Cabinet Office and GDS expect the opposite to occur and costs to become cheaper for government in future. GDS said it and the Crown Commercial Service would renegotiate costs to government for verification services after March 2020. It was optimistic that a competitive mass market of providers would emerge, from which government could get a good deal through negotiating a bulk rate for government services. The former Verify SRO told us “this is a bet on the mass market emerging… We are making the judgment that what we see in the private sector is the emergence of a private sector market for ID. That will become cheaper than anything that Government can build for itself or buy for itself in perpetuity”.
26.Government’s intellectual property in Verify includes the GOV.UK Verify brand (which is registered as a trade mark), its public portal and the infrastructure ‘hub’ that links Verify’s users, providers and government services. Providers own other intellectual property relating to the systems used to verify people’s identities, as they have each invested in developing their own verification systems. GDS also said that government owns the identity standards it has developed, which are published and available to all.
27.The witnesses did not indicate the value of government’s stake in Verify’s intellectual property, or how taxpayers’ investment in it would be recouped if private sector providers secure profits from its commercial use in the future. The Cabinet Office told us it was not aware of any actions that had been taken to protect government’s interest in Verify’s intellectual property. The witnesses did advise that the arrangements under which Verify would be spun off to the private sector have not been finalised. GDS said it was still possible that government could seek to generate revenue from the commercial use of its intellectual property, such as from charging for the use of Verify’s brand, although it had not had any discussions on this yet. The lack of thought given so far to protecting Verify’s intellectual property clearly illustrates what we said in our January 2019 report on the Whole of Government Accounts: “Government has a long way to go to harness the benefits of public sector intangible assets such as intellectual property and maximise the return it gets from these assets”.
34 Qq 44–48
35 C&AG’s Report, para 3.4
36 Qq 49–52, 60
37 C&AG’s Report, paras 3.4, 3.7
38 Qq 129, 132, 143; C&AG’s Report, para 3.10
39 Q 150
40 Qq 30, 55, 99, 107, 149
41 Qq 32–33, 104
42 Q 150
43 Qq 29–31, 123–124
46 Q 122
47 Q 114
48 Qq 113, 123–124
49 C&AG’s Report, para 3.8
50 Qq 126, 136
51 Qq 137–138
52 Qq 119–120
53 Qq 170–171
54 Q 119
55 Qq 120, 172–173
Published: 8 May 2019