Property sector seeks clarity on digital ID rules
The government has published the Digital Verification Services Trust Framework 1.0 alongside guidance on the use of digital identity checks for customer due diligence under the Money Laundering Regulations. Credas Technologies warned that key compliance thresholds remain unclear for property firms.
The guidance says only digital verification services certified against the UK Digital Identity and Attributes Trust Framework and listed on the government's Digital Verification Services (DVS) register can be used for customer due diligence. It adds that providers should display a new 'UK CertifID' trust mark to show their certification status.
It adds: "digital verification services which are not certified and therefore not on the DVS register cannot reliably be deemed suitable for identity verification in compliance with the MLRs."
Property businesses and other regulated firms have increased their use of remote checks as transactions move online and fraud methods evolve. The updated framework sets out what certified services must do and how they must be assessed, including requirements for security controls and biometric testing.
Confidence levels
The framework defines four Levels of Confidence under Good Practise Guide 45: Low, Medium, High, and Very High. Credas said neither the framework nor the guidance specifies which level property professionals must use to comply with the Money Laundering Regulations.
Without a stated threshold, firms may interpret requirements differently, leading to inconsistent practice. That could affect procurement decisions when selecting identity verification providers, as well as how firms document their approach in compliance policies and audits.
Credas urged sector regulators to set clearer expectations for the appropriate Level of Confidence in regulated property transactions, citing a changing risk environment and more sophisticated AI-generated fraud.
Jon Parish, Compliance Manager at Credas, said: "The Data (Use and Access) Act placed the Digital Identity and Attributes Trust Framework on a statutory footing in 2025, and this guidance reinforces that by confirming certified digital verification services are the compliant route under the MLRs. However, while the guidance addresses which providers are suitable, it doesn't specify which Level of Confidence firms should use. Without clarity, firms are left to interpret the standard themselves - creating potential compliance inconsistency."
Procurement impact
The guidance draws a sharper distinction between certified and non-certified digital identity checking services for customer due diligence. This is likely to prompt regulated firms to review vendor lists and onboarding processes, and increase the importance of how certification status is communicated in the market. It highlights the 'UK CertifID' trust mark as an indicator that a provider is certified and listed on the register.
For property professionals, identity checking can involve a mix of in-person verification and remote processes. Email remains widely used in many transactions, including for sending identity documents. Credas said its research found that 62% of homebuyers have shared identity documents via email during property transactions.
Credas argued that email does not provide a structured verification process, a defined assurance level, or a secure compliance trail.
Fraud pressures
The framework's focus on biometric testing reflects rising concern about identity fraud. Synthetic identities, impersonation attempts, and manipulated images and videos have become easier to produce and distribute. Firms that rely on remote checks face pressure to show that their verification processes can resist these attacks and to provide evidence of the checks carried out.
Neil Williams, CTO at Credas, said the publication marks progress but leaves an open question for firms making risk decisions.
"The Trust Framework and guidance represent a significant step forward in the adoption of secure and trusted methods of digital identification that protects not only property professionals but their clients as well. But as AI-generated fraud becomes more sophisticated, we need greater specificity. The framework now introduces strict biometric testing standards to combat these threats, but without clarity on required Levels of Confidence, firms lack clear direction on what 'compliant' actually means in practice," said Williams.
Provider landscape
Credas said it was the first identity service provider in the UK to achieve certification at a 'very high' Level of Confidence under the UK Government Digital Identity and Attributes Trust Framework, and that only a small number of providers operate at that standard.
Founded in 2016 and based in Cardiff, the company said it verifies more than 4 million individuals a year and supplies identity verification and compliance software to legal, property, and business professionals.
Suppliers and regulated firms are now calling on regulators to translate the framework into practical expectations for sectors with different risk profiles. Further guidance on Levels of Confidence would shape internal policies, how firms evidence compliance decisions, and how they assess identity verification providers listed on the government register.