OfDIA updates register of identity verification firms certified under DIATF

Shopping for digital identity verification isn’t like shopping for a new outfit. There are no stores to visit, the product is intangible, and – critically – you need to be absolutely sure you trust the entity that issues and handles it.

The UK government is trying to make it easier to know which digital identity and ID verification providers are trustworthy. A blog post from the Office for Digital Identities and Attributes (OfDIA) notes an update to their register of digital identity and attribute services, and the creation of a new trustmark to be issued to “high-quality identity verification services” available on Gov.uk.

The register allows organizations and end users to verify if the service they are interacting with has been certified against the UK digital identity and attributes trust framework (DIATF) and supplementary codes. A beta version currently lists 55 firms that have been certified.

Many familiar names from the biometrics and digital identity sector are accounted for. Veridas, Yoti, Mastercard, Onfido, IDVerse, LexisNexis Risk Solutions, Daon, Veriff, iProov, FacePhi and Jumio are all certified against the DIATF. So is the Gov.uk One Login. The list shows a few renewals and several certifications expiring in 2025.

In terms of conformance assessment bodies, most of the certifications have been issued by the Age Check Certification Scheme (ACCS). Kantara Initiative has issued fourteen certificates. In December 2024, Kantara added three new names to its list, granting DIATF certification to Persona Identities, Konfir and Verify365. It also issued the certificate to the Department for Science, Innovation and Technology for Gov.uk One Login.

A lone firm, SQR Group Limited, received certification from the British Standards Institution, or BSI Group. AVID Certification Services Ltd., trading as Digital Identity Systems Certification, is also an approved conformity assessment body.

No longer included among approved conformity assessment bodies is National Quality Assurance (NQA), which OfDIA says “has been removed from this list as they are no longer part of the UK digital identity and attribute trust framework pilot.” No reason is given for why NQA is no longer participating.

Building trust in ‘technology-agnostic, standards-based’ digital ID ecosystem

OfDIA says that together, its register and trust mark will make it “easy to know whether a digital identity and attributes service is good enough, or it isn’t.”

The trustmark is still being designed, but every one issued will have a six-digit number attached, which can be entered into the register to verify its authenticity. OfDIA says “after the Data (Use and Access) Bill becomes an Act of Parliament, once services have been certified against a version of the trust framework recognized in law and they join our register on the basis of their certification, we will begin issuing the trustmarks.”

Article Topics

DIATF certification  |  Digital Identity and Attributes Trust Framework (DIATF)  |  Gov.UK  |  Identity Service Providers (IDSP)  |  identity verification  |  OfDIA  |  One Login  |  Persona  |  trust framework  |  UK  |  UK digital ID  |  Verify365