This post is about how we’re going to approach the issue of sub-contractors in our next procurement. It gives an update on our approach based on feedback we received at our market briefing event in October. Full details will be published with our OJEU Contract Notice.
A diverse group of certified companies
GOV.UK Verify gives people a choice of certified companies rather than having one supplier or the government doing the verification work itself.
This approach gives people more choice and control over their personal data than if we were using a single supplier or if government were doing all the verification work.
We expect this approach to make GOV.UK Verify better for users (because it provides a range of options for them) and more resilient. We are expecting that it will also result in more investment, competition and innovation in the new and growing market for identity assurance services.
Given that the market for identity assurance services is still quite new, we need to make sure we encourage diversity and competition among the certified companies that are part of GOV.UK Verify. We want to establish a range of companies that provide identity proofing and verification services as part of GOV.UK Verify. We don’t want all the certified companies to rely on a much smaller number of sub-contractors to carry out the work involved in verifying people’s identity.
Restriction on the number of ‘material subcontractors’
For the next round of procurement, a single organisation will only be allowed to be a ‘material sub-contractor’ for a maximum of three certified companies. A ‘material sub-contractor’ is an organisation that assesses and analyses evidence and data to meet one or more of the 5 elements of the Identity Proofing and Verification process.
Other sub-contractors and suppliers
There will be separate rules for sub-contractors or data and attribute providers that are not carrying out the analysis and assessment of data that’s involved in identity proofing and verification work. These might include, for example, companies that provide data for certified companies to use as part of their identity proofing and verification work, or technology or other support services.
For these kinds of suppliers, normal contractual controls will apply: certified companies will have to notify the Cabinet Office and the Cabinet Office will have a right to object to a proposed subcontractor. We’re not specifically restricting the numbers of these other types of sub-contractors or suppliers.
This post is not a formal part of the procurement documentation; it’s a summary of the thinking behind one aspect of our approach to the procurement. Full details will be provided as part of the OJEU Contract Notice and there will be opportunity to ask questions for clarification.