Annual major project reviews note sturdy progress, but also flags up adoption delays, and notes increased costs from the use of contractors necessitated by restrictions preventing recruitment of permanent staff
The implementation of GOV.UK One Login faces significant ongoing risks from the technical complexity of the rollout and the need for programme leaders to continue to secure the support of departments across government, project assessors have warned.
The annual report on the status of schemes in the Government Major Project Portfolio (GMPP) reveals that One Login has retained the amber delivery-confidence rating awarded last year on the traffic-light rating system. This means that assessors from government’s National Infrastructure and Service Transformation Authority (NISTA) have concluded that “successful delivery appears feasible but significant issues already exist, requiring management attention”, according to the report.
In the case of One Login – responsibility for which has, since last year, been moved from the Cabinet Office to the Department for Science, Innovation and Technology – these issues are presented by “the complexity of the roadmap and ongoing dependencies on other departments for onboarding and benefits realisation”.
To keep on top of these risks, those in charge of the project must maintain regular and fruitful engagement with representatives of agencies across Whitehall, according to the detailed data sets released alongside the report.
“These interdependencies present delivery risks that require continued active management,” NISTA analysis says. “The scaling of internal capabilities and steps taken on accessibility and digital inclusion are progressing positively, but overall deliverability is still contingent on cross-government alignment and sustained engagement.”
“There was increased reliance on more expensive managed service providers and contingent labour contractors as a result of civil service headcount caps which meant the programme could not recruit civil servants into these roles”
One Login project analysis in NISTA annual report
While the amber rating acknowledges clear and present challenges, it also speaks to evaluators’ conclusion that issues “appear resolvable at this stage and, if addressed promptly, should not present a cost/schedule overrun” for the project in question.
The One Login review says that: “The amber rating reflects steady progress and strong momentum across delivery milestones, including a growing number of live services and expanded user adoption. The… rating was driven by the programme’s demonstrable operational maturity, sustained leadership support, and positive onboarding decisions from major departments such as HMRC and DVLA over the last FY (financial year).”
‘Supporting ambition’
The annual GMPP round-up rubber-stamps that – as recently exclusively reported by PublicTechnology – the delivery date for One Login has been pushed back by three years to 2028. DSIT has denied this represents a delay but, rather, an expansion of the programme’s scope.
This characterisation is repeated in a departmental “schedule narrative” included in the NISTA release.
“Key motivators for this decision include the continued expansion of live services, the successful onboarding of significant departments (HMRC in private beta, DVLA, a first DWP service and some devolved administrations; e.g. Welsh Gov), and the projected scaling of user adoption,” it says. “The decision to keep the programme on the GMPP for a further three years supports the ambition to complete onboarding of all central government services. While the programme continues to meet key internal delivery targets, the schedule remains dependent on departmental onboarding timelines and the coordination of benefits realisation across government.”
The narrative adds: “The leading issue facing the programme relates to service migration, however, a number of treatments and mitigations are in place to effectively counteract service onboarding slippage. The programme continues to iterate a features roadmap which captures the initiatives and functionality that will be delivered over the next three financial years. This is closely aligned with our onboarding and migration roadmap, which shows the future ‘pipeline’ of services that will move to One Login between now and when the programme reaches critical mass.”
Costs and benefits
Government transparency documents recently indicated that an extra £115m would be spent on One Login during just the first of the three additional years delivery will now run for. However, the NISTA report records the project’s whole-life costs as £342m – an increase of just £13m compared with the prior-year figure of £329m.
Programme analysis indicates that this chunk of extra cost can be attributed to delays in adoption by major departments, security risks, and the expense of using external suppliers and freelancers – something which is a result of restrictions on hiring full-time civil servants to work on the project.
31 March 2028
New final delivery date for One Login, three years later than initial schedule
160
Additional services to be brought in scope during those three years, according to DSIT
£3.64bn
Updated projected project benefits – almost double the figure published in the previous NISTA report
7.8 million
Number of citizens already signed up for One Login, government claims
NISTA documents say: “Key factors that motivated the increase in whole-life costs in FY 24/25 were: onboarding complexities that led to delays in the onboarding of key reliant parties this year; emergent cybersecurity risks related to geopolitical events requiring increased resilience in order to protect the programme from cyberthreats; and increased reliance on more expensive managed service providers and contingent labour contractors as a result of civil service headcount caps which meant the programme could not recruit civil servants into these roles.”
Assessors noted, however, that “significant progress has been made against each of these factors”.
Cybersecurity challenges faced by One Login in recent months include the technology platform’s loss of its certification against the formal digital identity standards framework operated by DSIT itself.
Alongside the rise in programme costs, this year’s NISTA release also provides a massively increased estimate of the benefits expected to be delivered by One Login – the projection for which almost doubled: from a little under £2bn to £3.64bn.
Project analysis information notes that the increase came as “the economic benefits realised by One Login increased in 2024/25 compared to 2023/24 as more services onboarded onto the programme [and] the benefits… exceeded costs in 2024/25”.
Despite the massive hike in expected returns, the document adds that “benefits were not as high as had originally been forecast” – with delayed adoption of the system again referenced.
“This was due to delays in some services onboarding to the programme,” it says. “The benefits process in its current iteration has reached steady state. We have moved over to a more automated process for service volumes. We are now working on further improvements to the benefits modelling.”
