The data flows of Universal Credit

Over the last year, medConfidential has been examining the systems and information flows in and around Universal Credit – a key example of what the former UN Rapporteur on Extreme Poverty, Philip Alston, calls the ‘Digital Welfare State’.

Phil and Sam would like to thank the many organisations working on UC for their help and support, especially Child Poverty Action Group (CPAG). The project, funded by the Open Society Foundations, and working alongside front line support services, charities, campaigners and lawyers will continue.

Today we publish our first report, looking at four key areas:

One focus (Annex 1) covers what DWP knows, and what it should know about how and when claimants are paid. DWP officials have denied to Parliament and the High Court that UC has access to information that HMRC holds; whether DWP didn’t ask, or if HMRC withheld that info from DWP is as yet unclear.

DWP’s own documentation tells claimants which months they will be thrown off Universal Credit due to DWP’s systems’ inability to read a calendar. And indeed the Court recently ruled, in a case brought forward by CPAG, that DWP’s “refusal to put in place a solution to this very specific problem is so irrational that I have concluded that the threshold is met because no reasonable [Secretary of State for Work and Pensions] would have struck the balance in that way.”

Annex 2 examines how risk based verification (RBV) has been used in the benefit system – in particular around housing benefit and council tax support, but elsewhere too – and what that reveals about DWP and fraud.

As we cover in Annex 2A, DWP documents imply UC has been designed so that GOV.UK Verify can never work for 20% of claimants, i.e. those deemed ‘high risk’, against whom 75% of ‘counter-fraud’ resources are targeted – whose cases may in fact be more complex than genuinely risky. (This mandatory ranking process, also known as ‘stack ranking’, is the same process that led to the 2020 A-level grading fiasco.)

Annex 3 takes a deeper dive into how the wider Government fraud agenda impacts on DWP, noting that while DWP may keep trying to keep things secret from both the public and Parliament, the Cabinet Office has recently instituted Government-wide oversight of ‘Fraud and Error’…

Annex 4 addresses DWP’s response to COVID-19, and its effects on UC information flows; what changed, and what didn’t. Annex 4B briefly also covers the ‘home testing’ process for COVID, which uses DWP and Government ‘counter-fraud norms’ – i.e. a credit history check on every applicant – a process DWP is considering as it’s ‘in-house’ identity approach “to replace Verify”.

And, bringing things all together, the core report covers the core parts of UC, and serves as a reference point for our ongoing and future work.

As this work was done chronologically, you may wish to begin with the Annex that interests you most – or, if you prefer, read the Annexes in order and then the main report.

Wider lessons for Government

DWP chose what to automate, and those choices primarily benefited DWP.


Annexes 2A, 3, and 5 contain wider lessons for government, that Departments would already know if they had cared to look; but sometimes the best internal lessons come from outside.

DWP’s own documentation tells claimants which months they will be thrown off Universal credit due to DWP’s systems’ inability to read a calendar. CPAG recently won a case against DWP, where the judge said:

DWP’s “refusal to put in place a solution to this very specific problem is so irrational that I have concluded that the threshold is met because no reasonable [Secretary of State for Work and Pensions] would have struck the balance in that way.”

UC is a large canary in the coal mine, but the ‘fraud’ approach is metastasising across government and will have consequences for all Government uses of data.