In 1948, the British government abolished the national identity card. The wartime system had served its purpose, and peacetime sentiment favoured privacy over state-administered identity. Nearly eight decades later, the UK remains one of the few developed nations without a mandatory national identity document.
That absence shaped how identity verification works in Britain. Without a single, universal credential, the UK developed a patchwork system: passports, driving licences, utility bills, bank statements, council tax letters, and employer reference letters — each issued by a different authority, each verified differently, each carrying a different level of trust. The burden of stitching these together into a coherent identity fell on the person being verified and the organisation doing the verifying.
This system is now under pressure from every direction. The documents that underpinned it can be fabricated by AI. The physical checks that validated it have been undermined by remote work. The regulatory framework that governed it is being consolidated and strengthened by the Fair Work Agency. And the technology that could replace it — reusable digital identity credentials, cryptographic verification, biometric matching — is mature and available.
The question is not whether UK identity verification will change. It is how fast, and which businesses will be ready.
The current landscape: fragmented and paper-dependent
Today, a UK employer conducting a right to work check follows a process that has not fundamentally changed in decades. The employee presents a physical document — or, since the pandemic, a photograph or scan of one. The employer examines it, compares the photo to the person, checks the dates, and files a copy.
This process has several structural weaknesses that are becoming increasingly difficult to ignore.
It is document-centric, not identity-centric. The check verifies a document, not a person. If the document is genuine but the person presenting it is not the document holder, the check passes. If the document is forged but visually convincing, the check passes. The gap between "this document appears valid" and "this person is who they claim to be" is where fraud operates.
It is point-in-time, not continuous. A right to work check conducted at onboarding tells you about the person's status on that date. If their visa expires, their status changes, or their identity is compromised three months later, the original check provides no protection. The concept of ongoing compliance exists in regulation — follow-up checks for time-limited permissions — but the infrastructure for continuous monitoring is largely absent.
It is repeated endlessly. A person who changes job, rents a flat, opens a bank account, and applies for a mortgage will verify their identity four separate times, to four separate organisations, using variations of the same documents. Each time, the process starts from scratch. There is no mechanism for carrying a verified identity from one context to another.
It is vulnerable to sophisticated fraud. AI-generated documents, deepfake technology, and synthetic identity fraud have outpaced the detection capabilities of visual inspection and manual document review.
The Digital Identity and Attributes Trust Framework
The most significant structural development in UK identity verification is the Digital Identity and Attributes Trust Framework (DIATF), published by the Department for Science, Innovation and Technology (DSIT).
The DIATF establishes rules and standards for organisations that provide digital identity services. It defines how identity should be verified, how credentials should be managed, and how organisations can trust digital identities issued by other organisations.
The framework operates through certification. Organisations that meet the DIATF standards — assessed by independent certification bodies — can become certified providers. Their identity verifications are then recognised across the trust framework, creating a network of interoperable identity services.
For employers, the immediate impact is that certified Identity Service Providers (IDSPs) can conduct digital right to work checks that provide a statutory excuse — the same legal protection as a traditional manual check. Since April 2022, employers have been able to use certified IDSPs to verify the identity of British and Irish citizens for right to work purposes, without needing to see the physical document.
This is a significant shift. For the first time, a digital verification — conducted remotely, without physical documents — carries the same legal weight as a manual check. It establishes the principle that digital identity verification can replace, not just supplement, traditional document-based processes.
The DIATF is still evolving. As of 2026, the framework covers right to work checks for British and Irish citizens, right to rent checks, and certain DBS identity verification processes. The scope is expected to expand, potentially covering right to work checks for all nationalities, financial services KYC, and other regulated identity verification processes.
Reusable digital identity: verify once, use everywhere
The most transformative concept in the future of identity verification is reusable digital identity. The idea is straightforward: instead of verifying your identity separately for every employer, landlord, bank, and government service, you verify once and carry a digital credential that can be presented wherever verification is needed.
The credential does not contain your documents. It contains a cryptographic proof that your identity has been verified to a specific standard by a certified provider. The receiving organisation can check the proof — confirming that the credential is genuine, that it was issued by a trusted provider, and that it belongs to the person presenting it — without seeing the underlying documents.
This model has several advantages:
Privacy. The receiving organisation gets a verified identity claim (e.g., "this person has the right to work in the UK") without receiving the person's passport number, date of birth, or visa details. The minimum data necessary is shared, nothing more.
Speed. A right to work check that currently takes minutes or hours — gathering documents, scanning, checking, filing — becomes a seconds-long verification of a digital credential.
Security. Cryptographic proofs cannot be forged by AI tools. The credential is signed by the issuing provider and can be verified mathematically. No visual inspection required.
Portability. A person who changes job does not need to re-verify from scratch. Their existing credential can be presented to the new employer, who verifies it against the trust framework. The person is verified in seconds, with a stronger assurance level than a manual document check.
Continuous validity. Digital credentials can be designed to reflect current status, not just point-in-time status. A right to work credential linked to a visa expiry date can update automatically when the visa is renewed — or revoke automatically when it expires. This addresses the visa expiry tracking problem that catches so many employers.
The UK government has indicated support for this direction. The DIATF is designed to enable reusable credentials. The GOV.UK One Login service, which is being rolled out across government services, provides a single identity credential for accessing government platforms — a precursor to the broader reusable identity model.
The convergence of RTW, DBS, KYC, and right to rent
Today, a person who takes a new job, rents a flat, opens a bank account, and registers with a professional body will undergo four separate identity verification processes, each governed by different legislation, conducted by different organisations, and using different standards.
The trajectory is towards convergence. A single verified identity — established once, to a high standard, by a trusted provider — should be sufficient for all of these purposes. The underlying identity is the same. The verification standard required is similar. The only difference is the regulatory context.
Several developments are driving this convergence:
Right to work and right to rent. Both are governed by the Home Office and involve verifying immigration status. The document lists, the check procedures, and the penalties for non-compliance are similar. The DIATF already covers both, and the infrastructure for a unified verification is largely in place.
DBS and identity verification. The Disclosure and Barring Service has introduced digital identity verification for DBS applications, allowing certified IDSPs to verify the applicant's identity remotely. This integrates DBS into the same digital identity infrastructure as right to work checks.
Financial services KYC. Know Your Customer requirements in banking and financial services require identity verification to a standard comparable to right to work checks. The DIATF has signalled an intention to extend its scope to cover financial services, which would allow a single verified identity to satisfy both employment and financial verification requirements.
Professional registration. Healthcare professionals, teachers, social workers, and other regulated professionals must verify their identity when registering with professional bodies. Integrating this into the digital identity framework would eliminate yet another redundant verification process.
The endgame is a world where a person verifies their identity once — using a combination of document verification, biometric matching, and database checks — and receives a digital credential that is accepted by employers, landlords, banks, government services, and professional bodies. Each accepting organisation verifies the credential, not the person's documents. The person controls their credential and chooses when and with whom to share it.
What businesses should be preparing for
The transition from document-based to digital identity verification is not hypothetical. It is happening now, incrementally, across the UK economy. Businesses that prepare will have an advantage. Those that do not will be forced to adapt under pressure when the regulatory landscape shifts.
Understand the DIATF and its implications
The DIATF is the regulatory architecture that will govern digital identity in the UK. Businesses should familiarise themselves with its structure, its certification process, and its current scope. Understanding which verification processes can already be conducted digitally — and which will be added — enables planning rather than reactive compliance.
Evaluate your current verification infrastructure
How does your business verify identity today? If the answer is "manually, using paper documents and visual inspection," you are operating on infrastructure that is being systematically undermined by AI-generated fraud and outpaced by regulatory evolution.
Assess where digital verification could replace or augment your current process. For right to work checks on British and Irish citizens, certified IDSPs already provide a digital alternative. For other nationalities, the Home Office online checking service provides database verification. For DBS, digital identity verification is available through certified providers.
Build systems that can accept digital credentials
The businesses that will benefit most from reusable digital identity are those whose systems are ready to accept digital credentials. This means:
- APIs that can receive and verify digital identity credentials from certified providers
- Compliance records that store the verification result and the credential reference, not just a scanned document
- Workflows that treat digital verification as a first-class option, not a secondary process
Building this infrastructure now — even before reusable credentials are universal — positions your business to adopt new capabilities as they become available, rather than scrambling to retrofit.
Invest in continuous compliance, not point-in-time checks
The future of identity verification is continuous. A credential that reflects current status — automatically updated when a visa is renewed, automatically flagged when it expires — replaces the manual process of tracking expiry dates and scheduling follow-up checks.
Businesses that invest in systems capable of continuous monitoring will have better compliance, lower risk, and less administrative overhead than those that continue to rely on periodic manual checks.
Consider the competitive advantage
In the near term, digital identity verification is a compliance tool. In the medium term, it becomes a competitive differentiator. The employer that can onboard a new hire in minutes — with a verified, audit-ready identity check — offers a better candidate experience than the employer that requires a week of document collection and manual processing.
The letting agent that can verify a tenant's identity and right to rent in seconds, rather than days, provides a better service. The financial institution that can complete KYC in a single step, rather than a multi-day process, retains more customers.
The organisations that build verification infrastructure now are not just managing risk. They are building capability that will differentiate them as the regulatory and technology landscape evolves.
The vision ahead
The trajectory is clear. The UK is moving from a fragmented, document-based, point-in-time identity verification system towards a digital, reusable, continuous model. The DIATF provides the framework. Certified providers offer the technology. The regulatory direction — from the Home Office, DSIT, the FWA, and the DBS — is towards digital verification as the standard, not the exception.
The transition will not happen overnight. Physical documents will remain relevant for years. Manual checks will continue to be legally valid. But the direction is irreversible, and the pace is accelerating.
For businesses, the practical implication is simple: the identity verification infrastructure you invest in today should be the infrastructure that serves you as the landscape evolves. Systems built on paper and visual inspection will not scale, will not adapt, and will not protect you against the threats and opportunities that are already emerging.
Certifyd is building the identity verification infrastructure for this future — verified right to work checks, real-time meeting identity verification, and AI-powered threat detection — designed to evolve with the regulatory landscape, not lag behind it. The businesses that build on verified, digital identity today will be the ones ready for whatever comes next.