The attestation-verification gap
An intake that scales how hard it asks to what the submission decides: a one-line self-declaration for a minor comment, a binding identity-linked attestation for a formal proceeding, on a form built so identity verification can be switched on later without a redesign.
There is a fundamental UX and trust gap between attestation ("I declare that this is true") and verification ("I can prove that this is true"). Most provenance mechanisms for government submissions will, for the foreseeable future, rely on attestation rather than verification. The design challenge is to make attestation meaningful without the infrastructure cost of verification.
Government needs an assertion from a submitter to carry real weight without standing up full verification infrastructure for every submission. The confidence has to come from binding the assertion to an identity and attaching after-the-fact consequence, scaled to what the process decides, rather than from inspecting evidence up front.
The gap between attestation and verification is itself an equity issue: well-resourced submitters (organizations, law firms, lobby groups) can afford verified credentials, creating a de facto two-tier system where verified submissions carry more weight. Explicitly state that unverified attestation is a valid and respected submission method, and do not build UI that visually privileges verified over attested submissions in ways that imply non-verified input is suspect.
Because an attestation only carries weight when it can be checked later or is backed by consequence, the response makes the declaration binding without verifying it up front. It ties each submission to an identity, where even a pseudonym is enough to catch a pattern of false attestation after the fact, and scales the consequence to what the process decides: quiet reputational discounting for an ordinary comment, formal sanction for a royal-commission or planning submission. The request is framed as a norm ('most people tell us how their submission was prepared'), not a penalty under threat, and a verified-identity slot sits ready for the same form to switch on as myGovID or an EUDI Wallet becomes available.
No surface has been built yet; the approach above is the brief for one.
- Established
The individual components — attestation forms, identity verification, risk-based assurance levels — are each settled.
- Frontier Headline
As a coherent response that pulls them into a submission intake scaling assurance to the stakes, tying the assertion to consequence, and keeping access open — not yet attempted for government consultation contexts.
The attestation-verification spectrum in identity systems. Digital identity frameworks distinguish self-asserted attributes (the user claims something), attested attributes (a third party vouches), and verified attributes (a trusted entity has inspected evidence). The eIDAS QEAA framework formalizes this: a Qualified Electronic Attestation is issued by an accredited Trust Service Provider who has verified the underlying attribute. Most government submission processes currently operate at the self-assertion level, the weakest point on the spectrum. See Corbado.
Legal attestation with professional consequences. The legal profession's AI disclosure model shows how self-attestation can carry real weight when paired with professional accountability. A lawyer certifying that their brief was human-verified is making a self-declaration, but false certification triggers Rule 11 sanctions, bar discipline, and reputational damage. The attestation is meaningful not because it is verified at submission time but because it is verifiable after the fact and carries consequences.
Risk-based verification in digital identity. Best-practice frameworks apply verification intensity based on risk: low-risk actions use self-assertion; medium-risk actions use attested credentials; high-risk actions require full verification. This maps to consultation submissions: a comment on a minor regulatory change might accept self-attestation, while a submission to a royal commission or a formal planning objection warrants higher assurance. See Ping Identity.
High transferability for the framework; the implementation is the design problem. The attestation-verification gap is a design space to navigate, not a bug to fix. The key insights: make the attestation binding (connect the declaration to the submitter's identity, even if pseudonymous, so a pattern of false attestation can be identified retrospectively); make the consequences proportionate (reputational discounting for most consultations, punitive consequences reserved for formal proceedings); design for norm-setting rather than enforcement (normalize disclosure, framing intake as "most people tell us how their submission was prepared" rather than "you are required to certify under penalty of…"); and bridge toward verification over time, designing the attestation UI so identity verification (myGovID from December 2026, EUDI Wallet from end of 2026) can be layered on without redesigning the form.
The attestation-verification gap concerns the assurance of citizen submissions, so it does not directly govern automated decisions. Its core principle still applies on the agency side: an assertion must be either independently verified or carry real after-the-fact consequence, which is exactly what an unaccountable automated process that issues adverse determinations violates.