DVS measures in the Data Act have come into force
The majority of the measures in Part 2 of the Data (Use and Access) Act 2025 have come into force today, 1 December 2025.
Digital identity
A better register of digital identity and attribute services
Posted by:
Aniqa, Posted on:
-
Categories:
Digital identity, Register of digital identity and attribute services
The GOV.UK register of digital identity and attribute services makes it easy to check and find digital verification services that you can trust. It's a digital service, so we've been making continuous improvements to the register in line with the …
Confirming user understanding: what to do and what not to do
Posted by:
John Peart and Dr Tom Fisher, Posted on:
-
Categories:
Digital identity, UK digital identity and attributes trust framework
We’ve been asked what a ‘good’ confirmation of user understanding, that meets the requirements of the trust framework, looks like.
Notifying users of changes to their holder service accounts
Posted by:
Dr Tom Fisher, Posted on:
-
Categories:
Digital identity, UK digital identity and attributes trust framework
Holder service providers must have processes in place to get in touch with users if there’s a change to their account or you’ve received a request to close their account. For gamma (0.4) certification, those processes must be multi-channel.
Building trust through independent, accredited conformity assessment
Posted by:
John Peart and Livia Ralph, Posted on:
-
Categories:
Certification, Digital identity, UK digital identity and attributes trust framework
The United Kingdom Accreditation Service (UKAS) has granted accreditation to Kantara Initiative; making it the first UKAS-accredited conformity assessment body (CAB) certifying under the UK government’s Digital Identity and Attributes Trust Framework.
What are valid certificates under the UK digital identity and attributes trust framework?
Posted by:
Livia Ralph, Posted on:
-
Categories:
Certification, Digital identity, Register of digital identity and attribute services
You need to have a valid certificate if you want to prove your service conforms with the UK digital identity and attributes trust framework, and want to apply to be listed on the GOV.UK register of services.
“Must” and “could” in the trust framework and whether the rules apply to your service
Posted by:
John Peart, Posted on:
-
Categories:
Certification, Digital identity, UK digital identity and attributes trust framework
If a Part or Section in the trust framework applies to your role, then all of the rules in that Part or Section apply to your service. Your service must conform with all of the “must” rules, and service providers can choose whether or not to implement any “could” rules.
How OfDIA is driving adoption of secure digital verification services
Whether applying for a credit card or starting a new job, digital verification services (DVS) are already saving people and businesses time and money. But to make sure the benefits of DVS are realised in sectors right across the economy, …
Using data brokers as authoritative sources under GPG 45
Posted by:
John Peart, Posted on:
-
Categories:
Digital identity, UK digital identity and attributes trust framework
Digital verification services sometimes want to use “data brokers” for this purpose and we’ve been asked how they should be treated.
You should plan to renew your certification sooner than you think
Posted by:
John Peart, Posted on:
-
Categories:
Certification, Digital identity, Register of digital identity and attribute services
You can avoid your service falling off the GOV.UK register by asking your conformity assessment body to complete your recertification process up to 60 days early. You won't lose the remaining time on your current certificate if you do this, and it will help you to avoid any unnecessary disruption.
Related content and links
