UK Digital Verification Services

The UK Digital Verification Services (DVS) Trust Framework is a statutory set of government-approved rules designed to ensure that digital identity and attribute services are secure, inclusive, and trustworthy. 

Maintained by the Office for Digital Identities and Attributes (OfDIA) and established under the Data (Use and Access) Act 2025, the framework provides a standardised methodology for individuals to digitally prove who they are or verify specific information about themselves. It is built upon core principles of privacy, transparency, inclusivity, interoperability, proportionality, and good governance, ensuring that certified providers meet rigorous national standards for data protection and service delivery. By participating in this framework, organisations help create a more secure and efficient digital economy where verified information can be shared and reused with confidence across various sectors.

Transitioning to the UK Digital Verification Services (DVS) Trust Framework (1.0)

Overview and Statutory Alignment

The transition from the gamma (0.4) version to the 1.0 pre-release marks a significant milestone as the framework becomes the first revised statutory trust framework under the Data (Use and Access) Act 2025. Now officially renamed the UK Digital Verification Services (DVS) Trust Framework, it aligns its terminology with the new legislation and transitions from a broad scope to one focused exclusively on the identities and attributes of natural persons (individuals), removing organisational identity requirements.

The UK CertifID Trust Mark

A core addition to version 1.0 is the UK CertifID trust mark, a registered trademark owned by the Secretary of State. Registered services that have met the rigorous standards of the 1.0 publication can use this visual signal to demonstrate to users and relying parties that their service is secure and subject to oversight by the Office for Digital Identities and Attributes (OfDIA).

Structural and Operational Role Changes

Version 1.0 introduces stricter rules regarding the certification of service roles to ensure clarity for the market:

Separation of Orchestration and Component Roles: Services certified as orchestration or component providers cannot hold concurrent certifications for any other role; these must now be certified separately.

New Orchestration Requirements: Orchestration providers must now have a mechanism to confirm if the services they orchestrate are listed on the DVS register, facilitating real-time trust across the ecosystem.

Supply Chain Risk Management: Providers must now explicitly use their risk management frameworks to capture "supply chain frailty," specifically the risk of partners losing their certification or the impact if the provider themselves loses certification.

Enhanced Standards for Inclusivity and Security

Universal Inclusivity and Accessibility: Rules regarding inclusive design and accessibility monitoring, which previously applied mainly to identity and attribute providers, are now mandatory for all provider types, including orchestration and component services.

Fraud Victim Support: Following the replacement of Action Fraud by Report Fraud, the framework now incorporates detailed mandatory steps for supporting victims of identity theft, including vulnerability assessments and signposting to support services.

Data and Metadata Protection: The prohibition against processing identity and attribute data for third-party marketing has been extended to include metadata, recognising that metadata can reveal sensitive information about individuals.

Identity Re-verification: Version 1.0 mandates that any identity held in a holder service account that has been inactive for 14 months must be checked again before it can be reused or shared.

Modernised Technical Guidance

The transition is supported by a reformatted and modernized data schema aligned with international standards. Furthermore, all supporting documents (such as GPG 45 and GPG 44) have been assigned version numbers and numbered paragraphs to improve navigability and enable precise regulatory cross-referencing. The vouching guidance has also been rewritten to provide a clearer scoring methodology for using vouches as evidence at lower levels of confidence.

Executive Delta Analysis

Navigate the transition to the UK digital verification services (DVS) trust framework (1.0) with Moresburg’s Executive Delta Analysis of the shift from the gamma (0.4) version.