The UK has issued a pre-release of the 1.0 publication of its digital verification services (DVS) trust framework, which replaces the Digital Identity and Attributes Trust Framework (DIATF), “for business readiness purposes,” according to a government announcement. It comes with a slew of supporting documents released by the Office for Digital Identities and Attributes (OfDIA) and Department for Science, Innovation and Technology (DSIT), wherein the majority of the changes in the latest version of the trust framework have been made.
The DVS trust framework is defined as “a set of rules for an organization to follow if they want to have their service certified as a trustworthy digital verification service (‘DVS’). A DVS is a service that enables people to digitally prove who they are, information about themselves or their eligibility to do something. The framework aims to make it easier and more secure for people to use these services.”
Major changes in version 1.0 include formal alignment with the Data (Use and Access) Act 2025, which explicitly establishes a statutory role of the DVS trust framework, not the DIATF. DVS trust framework 1.0 also adds the first dedicated rules for orchestration service providers, and “new rules for holder service providers to help relying parties understand and integrate with their services by requiring that they are able to share metadata about confidence in identities, authentication methods, identity and attribute provenance, and binding to the user.”
Efforts have also been made to align with the National Cyber Security Centre (NCSC)’s commitment to encourage the adoption of passkeys: “we’ve made clear how syncable authenticators (of which passkeys are an example) can be used as part of our authentication guidance, which holder service providers are required to follow.”
And, DVS providers can finally display the UK CertifID trust mark, so that “wherever people or businesses see the trust mark displayed, they can be confident that the product or service can be trusted to be secure, meeting the rules set out in the trust framework and subject to oversight by OfDIA.”
There is new guidance on security and fraud, and an extension of the guidance on the processing of identity and attribute data for certain purposes to include metadata.
Supporting documents detail vouching, digital ID best practices
The supporting documents cover an array of topics related to digital identity and biometrics concerns.
How to create a vouch as evidence of someone’s identity (1.0), or “the Vouching Guidance,” provides “guidance on creating, storing and checking evidence of someone’s identity that relies on a ‘vouch’, a formal declaration from a third-party that knows them and is willing to confirm their identity.”
There is the supplementary code for digital right to work checks (1.0) and the supplementary code for digital right to rent checks (1.0). Another supplementary code covers Disclosure and Barring Service identity checks (1.0).
The so-called Good Practice Guide (GPG) 45 on how to check someone’s identity “describes a methodology for creating digital identities in a trustworthy and consistent way and permits a range of checking methods to be used as part of digital identity creation, including phone, post, email, or face-to-face checks.”
The UK digital verification services trust framework data schema (1.0) “describes a data taxonomy, data model and data dictionary for two supporting documents of the the UK digital verification services (DVS) trust framework”: GPG 45 and GPG 44, or “How to use authenticators to protect an online service (1.0),” which offers guidance on the authentication process. The schema aims to “help DVS and relying parties organize and exchange information in a consistent way to enable interoperability.”
How to check whether someone has delegated authority (1.0) explains just that, and How to create, bind and share attributes (1.0) offers “guidance on creating, binding, scoring and sharing attributes” for organizations certified against the DVS trust framework as an attribute service provider.
Article Topics
Department for Science Innovation and Technology (DSIT) | DIATF certification | digital ID | digital verification service (DVS) | DVS Trust Framework | OfDIA | UK CertifID | UK digital ID
Leave a comment