A Photocopied Passport Is Not Proof. It Never Was.
maximum penalty per illegal worker
Fair Work Agency launches
to verify with Certifyd
The reality of right to work in the UK.
Right-to-work identity verification with Certifyd goes beyond document checks. The current system — examining a passport or share code and keeping a copy on file — proves a document exists, not that the person presenting it is the document holder. Certifyd adds a cryptographic identity layer: the worker’s identity is device-bound through a passkey, verified in real time, and linked to their right-to-work documentation. The result is tamper-proof verification records that prove not just that a check was done, but that the verified person is who they claim to be.
UK employers are legally required to conduct right-to-work checks on every employee before they start work. The prescribed process involves examining original documents (passport, biometric residence permit, or share code) and keeping a dated copy. Failure to conduct these checks can result in civil penalties of up to £60,000 per illegal worker under the Immigration, Asylum and Nationality Act 2006, and potential criminal prosecution.
But the current system has a fundamental flaw: a photocopied passport proves that a passport was photocopied. It does not prove that the person who presented it is the passport holder. Names can be borrowed, documents can be shared, and biometric residence permits can be presented by the wrong person. The ‘statutory excuse’ — that you conducted the check in good faith — requires reasonable checks, not just paperwork.
The Fair Work Agency, launching in April 2026, will consolidate enforcement powers from HMRC, the Gangmasters and Labour Abuse Authority, and the Employment Agency Standards Inspectorate. It will have enhanced powers to enter any business and demand evidence of compliance. Certifyd creates tamper-proof verification records that go beyond the current standard: each check is linked to a device-bound, cryptographically verified identity that cannot be forged, shared, or transferred.
This is broken.
Here's why.
Photocopied passports prove a document was examined, not that the presenter is the document holder.
Share codes verify immigration status but don’t verify the identity of the person using them.
Right-to-work checks are point-in-time — they don’t confirm ongoing eligibility.
The Fair Work Agency will demand stronger evidence than filing cabinets of photocopied documents.
Simple verification.
Every time.
Worker registers their device with Certifyd, creating a cryptographic identity bound to their phone
Right-to-work documentation is linked to their verified identity — not just filed in a drawer
At each assignment or employment event, the worker’s identity is re-verified in real time through their device
A tamper-proof audit record is created: who was verified, when, how, and linked to which documentation
Ready to see it in action?
Book a demo or tell us about your needs.
“A lot of people are sleeping on what’s about to happen. The Fair Work Agency will have the right to walk into any business — butchers, dog kennels, anyone — and ask for an audit.”— HR Director, UK employer
Common questions.
No. Employers must still examine the prescribed documents (passport, BRP, or digital share code) as required by law. Certifyd adds an identity verification layer on top: it confirms that the person presenting the documents is who they claim to be, through device-bound cryptographic authentication. This strengthens the statutory excuse by demonstrating that the employer took additional steps to verify identity, not just documents.
The Fair Work Agency consolidates enforcement powers from multiple bodies into a single agency with enhanced inspection and penalty powers. It will be able to enter any business and demand evidence of right-to-work compliance for every worker. Businesses that can provide tamper-proof, per-worker verification records will be significantly better positioned than those relying on traditional document-based processes.
Share codes are generated through the Home Office’s online service and verify a person’s immigration status. Certifyd complements this by verifying the identity of the person using the share code — confirming through device-bound authentication that they are who they claim to be. The share code proves right to work; Certifyd proves the person is who they say they are. Together, they provide stronger assurance than either alone.
Workers with time-limited right to work (visas, graduate visas, pre-settled status) require follow-up checks before their permission expires. Certifyd creates a timeline of verification events linked to the worker’s cryptographic identity, making it easy to demonstrate that follow-up checks were conducted on the correct person at the correct time. Each re-verification is a new tamper-proof record in the audit trail.
Explore more use cases.
Make your right-to-work checks audit-proof
Book a demo to see how Certifyd works for your team, or tell us about your verification needs and we'll get back to you within 24 hours.
Read: Fair Work Agency — What Changes