Project Overview
DVLA (Driver and Vehicle Licensing Agency) needed to build a digital driving licence service — allowing UK dri...
Technology Stack
Compliance & Standards
The Challenge
DVLA (Driver and Vehicle Licensing Agency) needed to build a digital driving licence service — allowing UK drivers to present a digital driving licence on their phone as proof of driving entitlement. GDS Service Standard (DVLA is a GDS-assessed agency), GOV.UK One Login (digital identity — DVLA account linking), UK GDPR for driving licence data, NCSC security standards (driving licence is a national identity document), iOS and Android mobile app (Expo React Native), accessibility (WCAG 2.1 AA), and DVLA biometric verification (photo check) were mandatory. Budget: £180,000.
Our Approach
UK digital driving licence
cryptographically signed representation of a physical driving licence.
Standard
ISO/IEC 18013-5 (mDL — mobile Driving Licence) — the international standard for digital driving licences. m
DL architecture
- 1driving licence data stored on device (encrypted, signed by DVLA) — not in cloud (reduces attack surface),
- 2ISO/IEC 18013-5 presentation protocol (NFC or QR code) — police, car hire, age verification can request specific data fields (selective disclosure — share only age over 18 without sharing full licence number),
- 3DVLA revocation check (mobile app checks DVLA revocation API when licence is presented — ensures licence has not been revoked since last download).
Security
- driving licence signed with DVLA private key — cryptographically verifiable without connecting to DVLA servers.
- GOV.
UK One Login Integration
GOV.
UK One Login
DVLA account linking — driver authenticates via GOV.UK One Login (email + SMS 2FA) → DVLA driving record retrieved (DVLA D4 medical database link) → driving licence data cryptographically signed → stored on device.
Identity verification level
- GOV.UK One Login High (identity proofed — driving licence already issued to verified identity).
- Biometric re-verification: periodic biometric check (face verification via AWS Rekognition — driver's live selfie compared to DVLA photo) to verify continued identity.
- MiDAS (DVLA Manual Inspection and Data Amendment System) integration: driving entitlement data sourced from DVLA operational systems in real-time.
Digital driving licence presentation
- 1dedicated DVLA mobile app (React Native, Expo — iOS + Android),
- 2Apple Wallet (Apple Verifiable Credential — iOS 16+ supports digital ID in Wallet),
- 3Google Wallet (Google Digital ID — Android 12+ supports digital ID in Wallet).
Police use case
roadside check — police officer uses dedicated DVLA verification app to scan driver's QR code, ISO 18013-5 selective disclosure returns: valid/expired, endorsements, categories held, photo for visual verification.
Car hire use case
car hire company can verify driving entitlement without seeing full licence data (selective disclosure).
Age verification use case
driver presents mDL to retailer — retailer verifies age over 18 without seeing driving licence number or address.
NCSC Security and National Infrastructure Protection
Driving licence is a national identity document — NCSC security requirements are significantly more stringent than typical government digital services.
NCSC requirements
- 1NCSC OFFICIAL-SENSITIVE classification (driving licence data with vehicle endorsements is potentially security-sensitive),
- 2penetration test by NCSC-approved CHECK team (not just CREST — NCSC CHECK standard),
- 3cryptographic audit (DVLA private key management — HSM, key rotation, ceremony),
- 4device security (jailbreak/root detection — compromised device cannot store signed driving licence),
- 5revocation API resilience (DVLA revocation API must be highly available — FCA PS21/3 equivalent for national infrastructure).
ClickMasters
SC-cleared engineers throughout.
The Results
GDS Live assessment passed.
Apple Wallet integration confirmed.
Google Wallet integration confirmed.
Platform live at 26 weeks, £168,000 — under budget.
Digital driving licence adopters: 2.4M in first 6 months (DVLA target: 1M).
Police force acceptance: 42 of 43 UK police forces accept digital driving licence (1 force pending IT upgrade).
Car hire companies accepting: 8 of 10 major UK car hire companies.
Age verification use cases: 180 retailers trialling.
NCSC CHECK penetration test: zero critical findings.
WCAG 2.1 AA: zero non-compliances.
“2.4M digital driving licences issued in 6 months versus 1M target. 42 of 43 police forces accepting. 8 of 10 major car hire companies. Age verification trialling. NCSC CHECK zero critical findings. GDS Live assessment passed. Apple Wallet and Google Wallet confirmed. The ISO 18013-5 selective disclosure — revealing only the data needed for each use case — is the privacy design that makes digital driving licence acceptable to civil liberties organisations. Proof of age without revealing your address. Proof of entitlement without revealing your endorsements to a car hire company." — Programme Director, HM Government (name withheld)”
Project Details
Related Case Studies
View AllGovTech Service — Local Council Digital Transformation
GovTech Service — Local Council Digital Transformation. A UK local council needed to digitise three resident-facing services: planning application status tracking, council tax ...
GovTech API Integration — HMRC Making Tax Digital for Accountancy SaaS
A UK accountancy software startup needed to integrate with HMRC Making Tax Digital (MTD) for VAT as a software...
Open Data Platform — UK Local Government Digital Transformation
A consortium of three UK local authorities needed to build an open data platform to publish public sector data...
Ready to Transform Your Business?
Let's discuss how our technical expertise can help you achieve remarkable results.