What supplementary codes are
We’ve designed the trust framework to be as flexible as possible, so it shows what good digital identity services look like right across the UK economy.
But in some areas, those who rely on digital identity services need to know that specific extra requirements have been followed, for instance to ensure regulatory compliance.
Supplementary codes are sets of rules that codify these extra requirements so far as they relate to digital verification. This means services can be certified as fulfilling them alongside the rules in the main trust framework.
What supplementary codes do
Certification against supplementary codes helps digital identity services show they meet the needs of businesses that need extra reassurance before a digital identity can be used. This might be, for example, to meet particular government guidance or industry regulation.
The codes are written by our team in OfDIA in collaboration with expert stakeholders, and then independently certified against just like the trust framework.
We’ve already developed three codes in collaboration with the Home Office and Disclosure and Barring Service (DBS). They enable digital right to work, right to rent and criminal record checks by allowing providers to show their services meet the specific government guidance – for example, on the documents that can be accepted for these checks.
What supplementary codes don't do
Supplementary codes only codify needs defined by other organisations, which means OfDIA alone will never set new requirements for a use case or sector.
For example, the Home Office allows employers to check an employee’s right to work using a digital identity service if the service can prove the employee holds a valid British or Irish passport, or Irish passport card. In OfDIA, we’ve codified rules which, if followed, mean a service can do this reliably. The code itself hasn’t set requirements on employers: it helps employers understand which digital identity services they can use to meet Home Office requirements.
Importantly, supplementary codes will not be needed for every use case or sector. The trust framework sets stringent rules and builds in flexibility to meet the needs across most sectors of the UK economy.
What’s next for supplementary codes
Our next priority is improving the existing supplementary codes. We already certify providers against the additional Home Office and DBS requirements above, but we want to make these rules even clearer by publishing them separately on GOV.UK.
We are also working with expert stakeholders to understand if new supplementary codes are necessary to drive digital identity adoption in other use cases and sectors. We will continue to engage widely on this issue, and welcome continued input on what extra rules might be needed, where and why.
If we find new codes are needed, we will work with stakeholders to make sure we get these rules right to increase adoption, safety and trust in digital identity products across the UK economy.
Sign up to email alerts to receive an update whenever we publish a new blog post.
Leave a comment