The Home Office’s refusal to issue alternative proof of immigration status outside of its electronic visa (eVisa) system could be deemed unlawful in 2026 if a judicial review against the policy is successful.
On 31 December 2024, the immigration documents of millions of people living in the UK expired after being replaced by the Home Office with a real-time, online-only immigration status.
While the department has been issuing eVisas for several years – including to European Union (EU) citizens who applied to the European Union Settlement Scheme (EUSS) after Brexit, those applying for Skilled Worker visas, and people from Hong Kong applying for the British National (Overseas) visa – paper documents have now been completely phased out.
Instead, people are now expected to use a UK Visas and Immigration (UKVI) digital account to generate “share codes”, which they must use to prove their immigration status when dealing with a range of third parties, including employers and letting agencies.
As a result, a number of individuals experiencing issues with their eVisas have instructed law firm Deighton Pierce Glynn (DPG) to challenge the Home Office over the system.
“Two of our clients, BSC and JS … have now been appointed as Lead Claimants in the policy challenge which continues,” wrote the law firm in a blog post about the action.
This [court case] is a significant development … which will mean that individuals … are no longer left at the mercy of the eVisa system to prove their lawful immigration status in the UK Deighton Pierce Glynn
“In the case of BSC, a recognised refugee and survivor of trafficking, the eVisa displayed her trafficking name and date of birth. The consequences of this were wide-ranging, but most significantly, they were retraumatising, and put her at risk of losing public funds she relied on to survive.
“Whilst for JS, a vulnerable adult, the eVisa incorrectly stated that she had no recourse to public funds. As a consequence, she was denied access to public funds and had to rely on limited asylum support payments for months longer than she should have. In both cases, the eVisas were fixed months later after we issued the claims.”
DPG added that its clients were granted permission to proceed with the challenge in October 2025 by the Cardiff Administrative Court, on the basis that the grounds are arguable and that it is in the public interest for the legality of the Home Office’s policy to be determined.
The case will be heard in the Cardiff High Court on 3 and 4 March 2026.
“This is a significant development which has taken our clients a step closer to establishing a much-needed safeguard in the eVisa system, which will mean that individuals such as our clients are no longer left at the mercy of the eVisa system to prove their lawful immigration status in the UK,” it wrote.
No alternatives
Highlighting the Home Office’s refusal to issue alternative proof of immigration status despite the well-documented issues individuals are having with the system, DPG said the challenge will focus on the fact that the statutory framework does, in fact, give the home secretary the discretion to allow alternatives where appropriate.
“Her refusal to do so is therefore arguably unlawful as it is a fetter of her discretion and irrational,” it wrote, adding that while the Home Office has implemented several “workarounds” for those experiencing issues – including ways for landlords, employers and others to verify immigration status using the system, as well as means to report eVisa issues via an online form and helpline – such avenues are often “inadequate”.
DPG said this was largely due to delays on the Home Office’s end, “which leaves individuals without proof of their lawful status and exposed to the full force of the hostile/compliant environment”.
Speaking with Computer Weekly, DPG solicitor Unkha Banda said although the firm had been receiving a high volume of referrals related to the eVisa system before the phasing out of paper documents on 1 January 2025, there was a notable uptick in referrals after that date as people started facing real consequences of not having a working eVisa.
Banda added that a successful case could “open the doors for everyone to be able to benefit from it”, particularly if the Home Office is legally forced to start issuing and accepting alternative proof of status.
“That means if there are problems with an eVisa that the Home Office are taking a long time to fix, for whatever reason, then people will have something else to rely on, so there isn’t that gap in terms of access to rights and entitlements,” she said, highlighting that the case could also reduce similar gaps that may spring up with the government’s roll-out of mandatory digital ID.
“Digital IDs are going to be implemented for everyone, and I imagine the system will probably be similar to this, so if we can find ways of fixing this system before it’s rolled out to 70 million people, it would be fantastic.”
Over 10 million eVisas have now been issued, and the vast majority of people with an eVisa continue to use them without any problems Home Office spokesperson
“The Home Office can take immediate steps to reduce the anxiety that migrants are experiencing by giving them the safety of a physical or digital backup that will allow them to prove their status in any circumstances,” said Sara Alsherif, migrants digital justice programme manager at Open Rights Group (ORG), at the time, which collaborated with the authors on creating the report.
“However, root and branch reform of this system is also needed, and lessons must be learnt, especially as the government intends to roll digital ID out to everyone in the UK.”
Responding to the issues raised by the judicial review, a Home Office spokesperson said: “Over 10 million eVisas have now been issued, and the vast majority of people with an eVisa continue to use them without any problems.
“They cannot be lost, stolen, or tampered with, and provide a secure digital way to prove someone’s right to work or enter this country lawfully. We stand ready to support any users who encounter difficulties creating or using their eVisa accounts.”
While groups like ORG and the3million have directly proposed alternatives to the Home Office, such as the use of QR code or “stable token” systems, the department’s eVisa policy team insisted as far back as December 2023 that it would not “compromise on the real-time aspect” of the eVisa checks, as “any check of an individual’s immigration status must be done in real time to reflect the current immigration status held” on its systems.
“As we warned, people are having problems using eVisas to travel back to the UK,” said the ORG at the time. “We asked the Home Office to make the simple change of allowing people to have a QR code. This could be saved or printed without having to rely on a flawed online-only system.
“Many refugees are still waiting for their eVisas,” it said. “Without them, they cannot work, set up a bank account, rent somewhere to live or claim benefits. The Home Office needs to sort out this mess urgently.”
The Home Office also states in the eVisa terms and conditions that it will take no liability for any problems or disruptions, and direct or indirect losses, when using a UKVI account – including for “any information that is lost or corrupted while data is being transmitted, processed or downloaded from the UKVI account” – which ORG said implies the department “is already aware of the many technical issues with the eVisa scheme and is pre-emptively protecting itself against legitimate legal claims”.
ORG and others have said the use of eVisas should be seen in the context of the UK’s “hostile environment” approach, which is intended to make life in the UK as difficult as possible for people choosing to live there.
For Banda, the fact that the Home Office has known about all of these issues with digital-only visas for so long, without taking meaningful action to resolve them, is “quite concerning”.
She also said that despite DPG and many other organisations trying to get a sense of how widespread the problem is, the department is refusing to provide figures on the number of people reporting issues or how long it takes on average to get problems solved.
Given that millions of people are now required to prove their immigration status via the system, even a 1% error rate would mean tens of thousands of people are affected at the very least.
Computer Weekly contacted the Home Office about error rates with the eVisa system, but received no on-the-record response.
Speaking on condition of anonymity, those affected variously told Computer Weekly that the entire experience had been “anxiety-inducing,” and described how their lives had been thrust into “uncertainty” by the transition.
Each also described how the “inordinate amount of stress” associated with not being able to reliably prove their immigration status had been made worse by a lack of responsiveness and help from the Home Office, which they accused of essentially leaving them in the lurch.
According to Banda, while clients are instructed to report their issues to the Home Office first before DPG takes them on, unless the case is particularly urgent, the vast majority are given vague responses without time frames.
“Most of the time, by the time the case gets to us, nothing has changed, but we found that once we get involved and start sending pre-action letters, then they start fixing the eVisas,” she said, adding that sometimes clients’ eVisa issues are being resolved after a case has already been issued.
On the legal recourse available to people once their problems have been fixed, Banda noted that while a judicial review can only be taken forward if the issues are still active, those affected can still make civil claims for compensation if they were negatively impacted in the interim by, for example, losing out on employment or being denied benefits.
“In cases where we send pre-letters and then the Home Office fixes it, you can’t then go to court,” she said. “Or, for example, if you go to court and they fix it before the judge looks at it, then the government would start arguing that the whole case is academic because the eVisa has been fixed.”
It should be noted that even if people’s eVisa issues are resolved once, Computer Weekly has heard concerns that, because of how the system is set up to trawl dozens of disparate government databases in real time, every time a status is needed, the same people could once again find themselves without access to a working eVisa.
In a follow-up Freedom of Information request to the ICO about the volume of eVisa-related data protection complaints made in the past year, the regulator said that searching through the approximately 425 cases linked to the Home Office in that time would exceed the cost limit.
The ICO added that it does not record the requested information in a way that is easily reportable, meaning it would be required to manually search hundreds of records to identify the information requested.
The app works with passports or ID cards, is built to be “completely anonymous” for the people who use it, works on any device (smartphones, tablets, and PCs), and is open source. “Best of all, online platforms can easily rely on our age verification app, so there are no more excuses,” said European Commission president Ursula von der Leyen at a press conference on Wednesday. “Europe offers a free and easy-to-use solution that can protect our children from harmful and illegal content.”
High Expectations
“It is our duty to protect our children in the online world just as we do in the offline world. And to do that effectively, we need a harmonized European approach,” von der Leyen said at Wednesday’s press conference. “And one of the central issues is the question, how can we ensure a technical solution for age verification that is valid throughout Europe? Today, I can announce that we have the answer.”
This answer takes the form of an open source app that any private company can repurpose, as long as it complies with European privacy standards and offers the same technical solution throughout the European Union. The user downloads the app, agrees to the terms and conditions, sets up a pin or biometric access, and proves their age through an electronic identification system, or by showing a passport or ID card (in which case biometric verification is also provided). The app does not store your name, date of birth, ID number, or any other personal information, according to the European Commission—only the fact that you are over a certain age.
After that, when a person using the app wants to access a social network (minimum age: 13), pornographic site (minimum age: 18), or any other age-protected content, if they are logged in from a computer, they need only scan the QR code shown on the site they want to visit. If, on the other hand, the person logs in from a smartphone, the app sends the proof of age directly. The platform does not access the document with which the user proved it in the first place.
Adoption Event
The need to introduce a common system for the entire European Union has been discussed for some time, and according to commission technicians, the technical work is now complete. Of course, it will still be possible to circumvent the system—all it takes is for an adult to lend their phone to a younger friend—but the technological architecture exists, and it will be up to EU member states to decide whether to integrate it into national digital wallets or develop independent apps.
“No More Excuses”
For the app to really be effective, platforms must be obligated to verify the age of their users—that’s where things get tricky. The Digital Services Act, which went into effect in 2024, requires “very large online platforms”—those with more than 45 million monthly users in the European Union—to take concrete steps to mitigate systemic risks related to child protection, with heavy penalties for noncompliance.
“And that’s why Europe has the DSA: to call online platforms to their responsibilities. Because Europe will not tolerate platforms making money at the expense of our children,” European Commission executive vice president Henna Virkkunen told a press conference. She added that after an investigation into TikTok, the European institutions plan to take similar action against Facebook, Instagram, and Snapchat, as well as four porn sites. “Since the platforms do not have adequate age verification tools, we developed the solution ourselves,” he concluded. In short, as von der Leyen also remarked, “there are no more excuses.”
Bare Minimum
So far, this is the European framework that sets the general rules. On this basis, member states can consider more restrictive measures. Italy was among the first to discuss how to regulate the use of social media by minors but has so far not landed on anything concrete. Elsewhere in the EU, France’s Emmanuel Macron has been a trailblazer on the issue, pushing France to discuss a rule to ban social networks for minors under the age of 15 entirely. So far, this measure has received broad political support—but the outcome depends largely on compatibility with the Digital Services Act and the availability of effective age verification systems like the app the European Commission just released.
This article originally appeared onWIRED Italiaand has been translated.
Anthropic is moving into a new London office as it seeks to expand its research and commercial footprint in Europe, setting up a scrap between the leading AI labs for talent emerging from British universities.
Anthropic’s new, 158,000-square-foot office footprint will have space enough for 800 people—four times its current head count—giving it room to potentially outscale OpenAI, which itself recently announced an expansion in London.
“Europe’s largest businesses and fastest-growing startups are choosing Claude, and we’re scaling to match,” says Pip White, head of EMEA North at Anthropic. “The UK combines ambitious enterprises and institutions that understand what’s at stake with AI safety with an exceptional pool of AI talent—we want to be where all of that comes together.
UK government officials had reportedly attempted to coax Anthropic into expanding its presence in London after the company recently fell out with the US administration. Anthropic refused to allow its models to be used in mass surveillance and autonomous weapon systems, leading to an ongoing legal battle between the AI lab and the Pentagon.
As part of the expansion, Anthropic says it will deepen its work with the UK’s AI Security Institute, a government body that this week published a risk evaluation of its latest model, Claude Mythos Preview. According to Politico, the UK government is one of few across Europe to have been granted access to the model, which Anthropic has released to only select parties, citing concerns over the potential for its abuse by cybercriminals.
The increasing concentration of AI companies in the same London district is an important step in creating a pathway for research to translate into AI products, says Geraint Rees, vice-provost at University College London, whose campus is around the corner from Anthropic’s new office.
“This cluster didn’t emerge from a planning document. It grew because serious researchers and companies understand that proximity isn’t a nice-to-have,” he said last month, speaking at an event attended by WIRED. “That’s how the innovation system actually works. It’s not a clean, linear transfer from lab to market. It’s messier, richer, more human than that.”
The increasingly long-in-the-tooth Computer Misuse Act (CMA) of 1990 remains an albatross around the neck of British cyber security professionals, and even though the UK government committed last December to reforming it, every minute of delay is holding back the nation’s security innovation, resilience, talent, and ability to defend itself against cyber attacks, campaigners have warned.
Ahead of the National Cyber Security Centre’s (NCSC’s) upcoming CYBERUK conference in Glasgow, the CyberUp Campaign for reform of the Computer Misuse Act (CMA) has published a new report, titled Protections for Cyber Researchers: How the UK is being left behind to maintain pressure on Westminster.
The CMA defines the vague offence of unauthorised access to a computer, which the campaigners want changed because it was written 35 years ago and fails to account for the development of the cyber security profession, and the fact that in the course of their day-to-day work, cyber pros may sometimes need to hack into other systems.
“Cyber attacks are growing in scale, sophistication and severity, with a devastating impact on infrastructure, businesses and charities,” said a CyberUp campaign spokesperson.
“While other countries have moved to refresh their cyber laws in response, the UK’s Computer Misuse Act hasn’t been updated since before the modern internet – hardly the best platform for accelerating our defences into the next decade.”
The group’s report highlights how other nations, Australia, Belgium, France, Germany, Hong Kong, Malta, Portugal, and the USA, have already secured legal protections for cyber professionals that enable them to go about their business without fear of prosecution.
In Portugal – Britain’s oldest formal ally under a treaty dating back to the 14th Century – the government last year published Decreto-Lei 125/2025, implementing the European Union (EU) Network and Information Systems (NIS2) Directive and revising the country’s cyber crime law to ensure that ethical hackers and professional cyber security practitioners working in good faith are both recognised and protected.
Portgual’s laws now accept some elements of cyber work may have to happen without explicit permission or involve unanticipated technical overreach that has a legitimate purpose.
As such, Portugal says that security work undertaken in good faith won’t be punished as long as the researcher fulfills a set of conditions. For example, they can act only to find vulnerabilities and these must be reported immediately, they must avoid taking harmful actions, like conducting DDoS attacks or installing malware, and they must respect the integrity of any data they may find or access and delete it within 10 days once the issue is addressed.
CyberUp said Portugal’s example demonstrates how cyber crime laws can be modernised to legally protect research carried out in the public interest.
“Portugal has demonstrated how to modernise their equivalent law through cyber legislation. We urge the government to follow this example and act swiftly through the Cyber Security and Resilience Bill to achieve meaningful reform, or risk lagging even further behind our peers,” the spokesperson said.
Defence Framework
Working with cyber security experts and legal advisors, the CyberUp campaign has developed its own Defence Framework that would allow cyber professionals to present a statutory defence in court as long as they adhere to the Framework’s four core principles.
Harm Vs. Benefit: The benefits of the activity must outweigh the potential harms;
Proportionality: Cyber pros must take all reasonable steps to minimise the risks of their activity;
Intent: They must act honestly, sincerely, and clearly direct themselves towards improving security;
Competence: Their qualifications and professional memberships should demonstrate they are suitably equipped to perform cyber security work.
The campaigners say this framework will bring clarity and confidence to the security sector, enabling cyber pros to run essential research tasks without fear of criminal prosecution, helping organisations operate to recognised legal standards, and enabling a more open and collaborative relationship between the cyber sector and the UK government.
Entertainment1 week ago
Tech1 week ago
Tech1 week ago
Fashion1 week ago
Tech1 week ago
Politics7 days ago
Entertainment4 days ago
Politics6 days ago