Yesterday, we published the final release of version 1.0 of the UK digital verification services trust framework. The 1.0 version will come into force from 1 September 2026, or from the date at least one conformity assessment body (CAB) is accredited against the 1.0 certification scheme, whichever is later.
All services currently certified against the 0.4 trust framework must uplift to 1.0 to maintain certified and registered status. We explain the uplift paths that are available to you in this blog post.
If you have a new service that has not yet been certified against the trust framework, or an existing service that no longer holds a valid certification, you will follow the standard certification route. This is also outlined below.
Uplifting an existing certified service to 1.0
An approved and accredited CAB can certify your service against the 1.0 trust framework no earlier than 1 September 2026.
All existing services will have a bespoke timeline for transition, based on their existing certification cycle. Every service will have at least 15 months to uplift.
If your service is already certified when the 1.0 trust framework comes into force, then:
- at the next evaluation activity for your service, you can choose to either stay on the 0.4 trust framework for an additional year or to uplift to 1.0
- at the evaluation activity after that, the service must uplift to 1.0, otherwise its certified status will cease and the service will be removed from the DVS register
By an “evaluation activity”, we mean either a surveillance audit or a full audit for services currently certified against the trust framework.
Example
If your service was certified against 0.4 on 1 June 2026, your next surveillance audit should take place on or around 1 June 2027. You will have an option of either retaining certification against 0.4 or you can uplift to 1.0 during that surveillance audit.
If you decide to stay on 0.4 at this surveillance audit, when you get your second surveillance audit, on or around 1 June 2028, your service must be evaluated against 1.0.
If your service cannot meet the requirements in 1.0, or you decline to uplift, your certificate will expire at the end of your ordinary surveillance window.
You can choose to uplift sooner via a delta assessment
If you wish to uplift your service to 1.0 sooner than your next evaluation activity you may be able to do so via an out-of-cycle delta assessment.
A delta assessment will only evaluate the rules that have changed between 0.4 and 1.0; it is not a full, top-to-bottom audit of your service.
Delta assessments are only available if your service:
- undertook a full audit to uplift to the 0.4 trust framework last year, and
- your service is already on a three-year evaluation cycle.
You won't be able to have a delta assessment if your service is on a two-year cycle.
This delta assessment does not replace your ordinary cycle of evaluation activities. It will focus solely on the new requirements of the 1.0 trust framework. It enables you to make a choice of uplifting sooner than the service’s existing certification cycle, if you wish to.
Example
If your service certified against 0.4 on 1 June 2026, your service would have its:
- first surveillance audit on or around 1 June 2027, at which it could stay on 0.4 or uplift to 1.0, and
- its second surveillance audit on or around 1 June 2028, at which it must uplift to 1.0.
A delta assessment means you can uplift to 1.0 without a full surveillance audit at any time before 1 June 2028.
If the service completed a delta assessment on 1 December 2026:
- the service would uplift to 1.0 immediately
- the service would stay on its existing three-year certification cycle
- the service would still undertake a surveillance audit on or around 1 June 2027 and 1 June 2028, assessed against 1.0
- the service must undertake a full audit before 1 June 2029 to maintain its certification
New services
As the 1.0 trust framework has not come into force, if your service is not currently certified and you want it to be, you will be evaluated against the 0.4 version of the trust framework.
After 1 September 2026, and only when the first CAB is accredited, all new services will be certified against the 1.0 trust framework only.
Start preparing for uplift
If you are a service provider, it is your responsibility to plan for and manage your uplift. You should start to implement the 1.0 trust framework in your service from today, so you are ready to uplift. You should also speak with your CAB to agree a plan for evaluating your service(s).
We believe this transition process gives every service provider a flexible, responsive uplift process that can meet its needs. If you have any questions you can contact either OfDIA or your CAB.
Services certified against 1.0 get a trust mark
We are very excited for this new trust framework. Not only because it reflects the input from the industry and other key stakeholders, but also because certification against 1.0 means issuance of the trust mark to services certified and registered against this version. This is an exciting step for the ecosystem as the trust mark is another way of increasing trust in services that meet the requirements set by OfDIA for the creation and operation of trusted digital verification services.
Leave a comment