Skip to main content

How GOV.UK Account works

The core GOV.UK account architecture includes:

  • an authentication service
  • an attribute store

In the future, the architecture should also include:

  • a broker
  • a preferences and consent management service
  • a trust framework
  • a fraud protection and monitoring service

Current architecture features


The authentication service handles:

  • user registration
  • two-factor authentication (2FA)
  • user sign-ins
  • password resets and confirmation emails

Attribute store

The attribute store is a centralised location that holds some common data about a user that every GOV.UK service might need.

Future architecture features


The broker is a service that all other services and the user interacts with and through.

The broker also blinds services from each other and makes sure services only access the personal data that users consent to sharing.

The preferences and consent management service:

  • allows the user to control consent over how and when their data is shared
  • gives the user a security trail of when and where their data was used

Trust framework

The trust framework ensures and guarantees the trust of the various interacting services.

Fraud protection and monitoring service

The fraud protection and monitoring service proactively identifies malicious or fraudulent behaviour and alerts developers and security professionals.

Further information

For more information on the GOV.UK Account architecture, see the:

This page was last reviewed on 10 December 2020. It needs to be reviewed again on 10 June 2021 .
This page was set to be reviewed before 10 June 2021. This might mean the content is out of date.