Awarded to Deloitte LLP

Start date: Thursday 10 February 2022
Value: £4,800,000
Company size: large
Government Digital Service (GDS)

WP2021: Identity Verification App Delivery partner. Both Android and Apple.

12 Incomplete applications

7 SME, 5 large

21 Completed applications

12 SME, 9 large

Important dates

Tuesday 19 October 2021
Deadline for asking questions
Tuesday 26 October 2021 at 11:59pm GMT
Closing date for applications
Tuesday 2 November 2021 at 11:59pm GMT


Off-payroll (IR35) determination
Contracted out service: the off-payroll rules do not apply
Summary of the work

1) Deliver a native mobile app as part of the new common DI check for government services.
2) Support discovery research to test the needs and value that could be met through app-based government information and service delivery.
3) Support GDS in growing its permanent engineering capability in.native app.development.
Latest start date
Monday 3 January 2022
Expected contract length
The initial term is 24 months, with a break clause at the 12 month point.
No specific location, for example they can work remotely
Organisation the work is for
Government Digital Service (GDS)
Budget range
The budget for this contract is up to £4.8m.

The supplier will be asked to deliver statements of work (SoW) under outcomes, to be agreed throughout the contract. The supplier will be able to rapidly onboard resources to meet outcome deliverables for each SoW within 5-10 days when required.

We envisage this work to be done by multi-disciplinary teams comprised of roles such as: engineering lead, software engineer, technology architect, delivery manager, product manager, service designer, interaction designer, content designer, user researcher, business analyst. The teams will be decided by the supplier based on the deliverables agreed for each SoW.

About the work

Why the work is being done
The Government Digital Service's mission is to build a simple, joined-up and personalised experience of government for everyone. You can read more about our strategy in

As part of that, GDS are building a new digital identity check for government, integrated with the new single-sign on. You can read more about our plans in this recent GDS blog post.

In parallel, we want to look broadly at the needs and value app technology might offer in improving the convenience and efficacy of government guidance and services alongside
Problem to be solved
An important feature of many identity checking systems is the ability to scan documents using the near-field communication (NFC) capability of modern smartphones. In order to offer a best-in-class identity check to users, GDS will need to incorporate this functionality.

GOV.UK is optimised to work well on mobile; in 2020 at least 75% of GOV.UK traffic came via mobile. We must now determine the evolution of this experience, ensuring that GOV.UK continues to offer solutions that are relevant and efficient for all users, including those whose interactions would benefit from being app-based.

At the same time, GDS also has a strategic desire to develop its in-house app development capability by onboarding and training permanent Civil Servants to support these products over the long-term.
Who the users are and what they need to do
As a user of government services, I need to prove my identity quickly and easily, so that I can access government services.

As a user of government, I need public information and services to be available through a range of channels, so that I can access them simply, quickly and in a way that meets users needs.
Early market engagement
Any work that’s already been done
Discovery has been completed on the wider web-based identity journey, and the team will be moving into Beta shortly. A small discovery team has just started to look at the native app component. A small discovery team has just started to determine how an app component(s) could complement
Existing team
The supplier will be expected to work collaboratively within a wider team of Civil Servants, contractors and suppliers throughout the contract term.

Knowledge transfer will be required to enable GDS to improve internal capability to build and support services.
Current phase

Work setup

Address where the work will take place
A combination of:
Remote working
Working arrangements
To be agreed with the supplier.
Security clearance
Baseline Personnel Security Standard.
For the avoidance of doubt, if these roles are required, developers, SREs, and technical architects must have, or be able to achieve, SC clearance when requested.

Additional information

Additional terms and conditions
All expenses must be pre-agreed with between the parties and must comply with the Cabinet Office (CO) Travel and Subsistence (T&S) Policy.

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Essential skills and experience
  • Experience of building native apps, working as part of a wider programme, where the team is the system integrator and uses best of breed services within it. e.g. biometrics
  • Evidence how you would deliver a service but also raise our team's App capability so they can continue after the work has finished, including delivering a high quality handover.
  • Experience developing and iterating native mobile applications for iOS and Android, especially for user journeys that require hand-off to and from web journeys.
  • Demonstrable experience of launching new App products, supporting them through early life support and then iterating and extending those products over time based on research and user insight.
  • Demonstrable experience of working within the discovery, alpha, beta, live service manual lifecycle delivering benefits early. Include your experience of working within the government digital service standard.
  • Experience delivering and running maintainable, scaleable and secure operational live services for users at national scale.
  • Strong evidence of experience and understanding of the digital identity market and experience in delivering identity verification services and apps.
  • Experience of running and participating in research to inform service design and product management decisions.
  • Capacity to mobilise a skilled and experienced team, responding flexibly to peaks and troughs in demand and able to substitute similar resources without implication to the project.
Nice-to-have skills and experience
  • How do you ensure your staff reflect your values as an organisation?
  • If successful, the Government departments you work with on this contract will be working towards a wider Government agenda. What are you doing as an organisation to reduce your environmental.footprint?

How suppliers will be evaluated

All suppliers will be asked to provide a written proposal.

How many suppliers to evaluate
Proposal criteria
  • The proposed approach to developing, launching and iterating mobile native identity verification applications for GDS including how you'd approach the discovery, alpha phases, and time required to shape the team.
  • Your preferred approach to building mobile native development capability within partner organisations, and demonstrated experience of the same.
  • The proposed approach to making informed decisions based on user needs/experience, available technology and value for money.
  • Evidence of working with users to understand their requirements, context and constraints, and iterating technical and design solutions to address what you have learned.
  • Evidence of prior experience of building accessible and inclusive mobile native applications.
  • Describe your organisational structure and capacity, and how well suited it is to meet the outcome.
  • Outline your approach to managing the delivery of outcomes similar to this one.
  • Outline your experience and background in identity verification services including any products of services you have built and deployed - case study.
  • Sample CVs for the discovery and subsequent build phase teams scored as a set.
  • How you ensure pace and drive within your own teams and those of partnering organisations. provide examples of the mechanisms you've employed in other organisations to ensure committed dates are.met.
Cultural fit criteria
  • What does continuous delivery mean to you?
  • What are the best bits of your organisational culture and how would you approach understanding the GDS culture as you onboarded?
  • What's your approach to governance and decision making within your organisation and how do you blend your approach with that of the client organisation
  • Give an example of where a project or programme has hit challenges and explain what you did to support the team to get back on track.
  • Social value - training schemes and programmes to address any identified skills gaps and under-representation in the workforce
Payment approach
Time and materials
Additional assessment methods
  • Case study
  • Work history
  • Reference
  • Presentation
Evaluation weighting

Technical competence


Cultural fit




Questions asked by suppliers

1. Please confirm the evaluation sub-criteria.
The high level evaluation criteria is stated in the advert and sub-weightings will be disclosed to shortlisted suppliers including the modes of assessments (case study, written response, etc.)
2. Does IR35 apply to this contract?
IR35 will be determined when each statement of work is released to the winning supplier. The status determination may change and fluctuate between each statement of work during the contract period. Two rate cards will be required at shortlist stage.
3. Is this contract time and materials based?
The charging mechanism will be determined for each statement of work and either charged as fixed price, capped time and materials or time and materials dependent on the services required and/ or phase of delivery.
4. Is there a possibility to begin later?
5. Who is providing the Discovery work package?
A discovery for a wider use of apps as part of the suite of products is being carried out currently within GDS. Findings will be shared with the successful supplier. No discovery has been yet carried out on the identity app.
6. If the Discovery phase mentioned in this opportunity is being completed by a 3rd party or partly by a 3rd party/external resource, will that 3rd party/external resource be allowed to apply for this opportunity?
7. Is this about creating an identity app from scratch or adopting an existing app as a Gov.​UK app. Seems a waste of tax payers money to develop something if apps already exist? Why not just allow citizens to use them? Haven’t we been here before?
This is to build an identity verification app as part of a blended team with civil servants, and to support the development of GDS's app-building capability in general. We are not looking for a managed app service.
8. Please can you clarify the reasoning for going down the native mobile application development route? Is this for performance, capabilities, NFC, bio-metric reasons?
All of these are valid reasons, especially NFC.
9. We partner with an organisation based out of Barcelona. We have checked the SC criteria on GOV.​UK and can’t see a reason why SC clearance would be denied to an individual based in Barcelona. For avoidance of doubt, and with Britain leaving the EU recently, are you able to confirm if this would prevent us proposing resources based in Barcelona?
UK residency is a condition for this work.
10. You mention various Discoveries (e.g. for the wider web-based identity journey, the native app component, and to determine how an app component(s) could complement Please confirm:

1) Who completed/is completing the various Discoveries. If external suppliers, are they still involved in the project?
2) Can you share the findings from the various Discoveries (i.e. those already completed, and those yet to be completed when they are ready)?
A discovery for a wider use of apps as part of the suite of products is being carried out currently within GDS. Findings will be shared with the successful supplier. No discovery has been yet carried out on the identity app.
11. Please can you confirm which organisations you have worked with at each of the previous stages?
12. Is the Discovery phase being undertaken in-house, or is an external supplier organisation involved? If an external supplier organisation is involved, who are they?
A discovery for a wider use of apps as part of the suite of products is being carried out currently within GDS. Findings will be shared with the successful supplier. No discovery has been yet carried out on the identity app.
13. The opportunity asks for “Experience delivering and running maintainable, scaleable and secure operational live services”, can you please indicate what the nature of this service is? Will the mobile application interface with a ‘back end’ service that is already in place, or is being provided by another supplier?
The mobile app will integrate with a set of web services being developed by GDS's internal Digital Identity team, which is civil servant led and blended with supplier personnel.
14. There is a general need to deploy roles within 5 to 10 days. Are there major dates or headline dependencies that this programme is impacted by? If so what is driving these dates and when are they?
The programme is seeking to unlock benefits early so pace is important but there are no confirmed near term milestones for the identity app yet.
15. Some roles will require SC clearance. Has the Discovery work conducted so far, provided any indication of the approximate proportion of the total team roles that could require SC?
16. How does this requirement relate to the new Cabinet Office Procurement “Alpha and (Optional) Beta phases of a Identity Verification process for EIP Digital Programme”, where Alpha commences on 29/11/21? What are the interdependencies between these two programmes?
This procurement is not related to the Electoral Integrity Programme, and there are no interdependencies.
17. Please provide additional information on when SC clearance is required during the delivery lifecycle and for which personnel? Please clarify whether developers require SC.
Please provide additional information on the Identify and verification and authentication checks which are required to be undertaken within the application.
Please clarify any other data points or system connectivity to deliver required identity or authentication.
SC is often required for developers and other technical team members, but could apply to any role depending on the circumstances. It is most important in the context of live operations and access to production systems. This being the case, developers may not require SC on day one but would be more likely to require it later on.

The identity and authentication features of the application will be determined as part of this work, as will be any data integrations or other systems to connect with.
18. Please clarify if there are any technical dependencies or expectations in delivery such as usage of specific 3rd party API’s. Please confirm if there are any frameworks which should be considered or whether an SDK provider has been chosen or is required
Please provide further information on Key performance indicators and success criteria for deliverables
Please clarity the factors which constitute the 12 month break clause.
This is all yet to be determined.
19. Please clarify if the requirement is for a native app or whether hybrid apps may be considered where other requirements are met

Please clarify any deliverable milestones and deadlines. Please confirm when first release is required.
GOV.UK - This will be considered as part of discovery.

DI - The requirement is for a native app, due to the need to access at least one API only available to native apps and the longer term aspiration to use the NFC reading capability within mobile phones.
20. Travelling to the site once a month is possible, but more of them could be challenging. How many visits would be required?
At present we're working fully remotely but this may change in future. Further discussions will take place with shortlisted suppliers.
21. Will there be a requirement for other identity document verification technologies to be supported, besides NFC?
The requirement is to integrate and implement whatever technologies are needed, which will include NFC but may include a variety of other technologies too.
22. Will there be a facial verification functionality in the app?
There will be biometric comparison, but it may or may not be implemented in-app.
23. Do you agree that, given the security requirements for this app, the verification of (among others) the NFC chips need to be done in a trusted backend. If so, is this passport chip verification backend part of this opportunity? Can or should this back be cloud based (SaaS)?
It is expected that the app will use back end services in the cloud, but may also implement some functionality client side. This work includes establishing the appropriate architecture and mix of the two approaches. Backing onto SaaS might be the right option.
24. GDS wants to incorporate NFC in its identity verification services as well as build the competences needed to do so. Should the proposal include the delivery of the app by the supplier, or should developing and deploying the app be considered as a co-production between the Supplier and GDS?
Details of proposal content requirements will be discussed with shortlisted suppliers.
25. Under what license scheme should the app software be delivered by the Supplier? If the IPR should be owned by GDS, can you confirm that using SDKs with IPR from others is acceptable? And would the license for this be part of this opportunity or a separate opportunity?
The IPR approach and further clarification will be provided to shortlisted suppliers.
26. Testing should be done with real people in realistic contexts. Will GDS provide or support customer panels for testing and evaluation, or should the supplier create its own customer feedback channels?
Further clarification will be provided to shortlisted suppliers.