IT Brief UK - Technology news for CIOs & IT decision-makers
United Kingdom

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

Uk company director holding smartphone face scan identity verification worried expression british office building digital lock graphics
#
Cybersecurity
#
Money Laundering
#
Digital Identity

Concerns grow over UK digital ID checks for company directors

Thu, 7th Aug 2025
Author image
By Shannon Williams, News Editor

The government's announcement that Companies House will formally begin enforcing digital identity verification for company directors and people with significant control (PSCs) has drawn mixed reactions from industry experts. The move, set to impact up to seven million people, aims to bolster corporate transparency and reduce fraud, but concerns are emerging about the security and effectiveness of the underpinning technology.

This new requirement, which mandates directors and PSCs to verify their identities within a phased 12-month period from mid-November, marks a significant attempt to clamp down on economic crime. Under the revised system, new directors will not be able to incorporate a company or assume a director position without first confirming their identity. Meanwhile, existing directors and PSCs are required to comply with the verification process in line with their next annual confirmation statement or within a year of the new rules commencing.

Jonathan Frost, Director of Global Advisory for EMEA at BioCatch, supports the intent behind these regulations but warns the staggered rollout could be a flaw. With over 15 years of experience in fraud intelligence, including a lengthy tenure at the City of London Police's National Fraud Intelligence Bureau, Frost emphasises the risks. "The proposed 12-month phased rollout leaves a clear window for criminals to abuse," he states. "Banks invest vast sums into double-checking Companies House data, distracting from their efforts to tackle economic crime."

In his commentary, Frost notes that weaknesses in Companies House data are already being exploited by fraudsters. The National Economic Crime Centre, he highlights, has previously warned that improper use of companies creates a substantial money laundering risk. "Companies House must act swiftly to introduce robust controls to close this window of vulnerability and prevent serving as a gateway for fraudulent filings that undermine the integrity of bank due diligence and facilitate economic crime," Frost urges.

He further advocates for a smarter approach: "Like banks, the agency should focus on behavioural insights, monitoring device use, behavioural patterns, and anomalies across the lifecycle of a company, to detect suspicious activity without adding friction for genuine users." Frost's call is clear - without agile, proactive measures, an open period exists where illicit actors might exploit the regulatory transition.

Parallel to concerns about regulatory loopholes, the technical framework selected for this shift is itself under scrutiny. The government's 'GOV.UK One Login' system is intended to underpin identity checks for Companies House. Yet, Michael Perez, Director at Ekco, raises serious questions about its readiness and security standards. According to Perez, the system "has yet to fully meet the government's own cybersecurity standards." He cites worrying findings such as incomplete implementation of Secure by Design principles, overseas admin access, insecure logins for live environments, and more than half a million unresolved vulnerabilities.

"Requesting millions of individuals to submit sensitive identity documents via a platform that hasn't fully adopted Secure by Design principles introduces significant risk," Perez argues. "It concentrates vulnerability and could expose users to breaches at a time when public confidence in digital systems is already under pressure."

Perez stresses that while the ambition to reduce fraud and strengthen trust is laudable, robust protections must underpin any platform trusted with sensitive identity data. "At present, the platform is asking individuals and businesses to share critical information without the necessary safeguards in place, setting a concerning precedent," he adds. In his view, the government needs to provide greater assurance to the public: "The public deserves systems that are thoroughly tested and secure by design. Without that, expanding One Login's use risks eroding trust not only in this platform, but in the broader vision for digital government."

As the deadline for digital identity verification approaches, the government faces mounting pressure to address both regulatory loopholes and technical vulnerabilities. The coming months will test whether its approach can secure both the integrity and security of the UK's corporate ecosystem, without undermining public trust in digital reform.

Related stories
CrowdStrike gains ISO AI governance boost for Falcon
MOTHER AI unveils UK-built sovereign language model
Voxelo unveils AI studio turning product videos into 3D
Integrated Quantum unveils quantum-resilient AI data layer
Check Point unveils AI-ready continuous exposure management

Top stories

AI data matching: boosting accuracy & cutting costs
UK bill accelerates shift to offensive cyber security
Komodor bolsters leadership for AI driven SRE growth
Cyderes names Lana Knop Chief Product Officer for AI push
Canada’s AI push hinges on data centres & clean power