Assure Start Assure Start

UK Digital Identity & Attributes Trust Framework (DIATF) Consultancy

Expert DVS trust framework consultancy for version 1.0 certification. Gap analysis, GPG 45 1.0 compliance, and statutory register application support.

Get in touch

What is the UK Digital Identity and Attributes Trust Framework (DIATF)?

Supporting organisations since the pilot phase Certifications delivered

The UK digital verification services (DVS) trust framework is a statutory framework under the Data (Use and Access) Act 2025 that came into force on December 1, 2025. Version 1.0 was published on March 6, 2026, introducing the UK CertifID trust mark and building upon Gamma 0.4's high baseline. The framework establishes an enforceable standard for secure, useful, and controllable digital identity and attribute services across the economy.

Since our involvement from the earliest consultation stages in 2019, we've helped organisations through the pilot phase, Gamma 0.4 transition, and now support DVS providers migrating to version 1.0, achieving the UK CertifID trust mark, and joining the statutory register.

Talk to our DIATF experts

Identify your DVS role

The DVS trust framework defines specific provider roles. Understanding which role applies to your service is the first step toward certification.

01

Identity Service Provider (IDSP)

Verify user identities at a single point in time for relying parties.

IDSP process diagram
Learn about IDSP certification
02

Attribute Service Provider (ASP)

Collect, create, verify, and share user attributes about individuals.

ASP process diagram
Learn about ASP certification
03

Holder Service Provider (HSP)

Enable users to store and reuse their digital identity and attributes securely across multiple services.

HSP process diagram
Learn about HSP certification

Other roles include Orchestration Service Providers (OSP) and Component Service Providers (CSP). Contact us to discuss which roles apply to your service.

How we can help

We support startups, scale-ups, and enterprises with every aspect of DVS trust framework compliance, version 1.0 certification, and migration from Gamma 0.4.

01

Gap Analysis

We assess your current systems and processes against DVS trust framework version 1.0 and GPG 45 1.0 requirements, identifying exactly what needs to change for certification.

02

Certification Readiness

We help implement necessary changes and prepare your documentation for successful certification under version 1.0 and listing on the statutory register.

03

Role Determination

We help you identify which DVS trust framework roles apply to your service (Identity, Attribute, Holder, Orchestration, or Component) and how your existing commercial model fits version 1.0 requirements.

04

Version 1.0 Migration

Strategic migration support from Gamma 0.4 to version 1.0, ensuring continuity and compliance with updated GPG 45 1.0 standards.

Certification process

1

Gap analysis

We conduct a comprehensive assessment of your current product and processes against DVS trust framework version 1.0 and GPG 45 1.0 requirements to identify gaps and existing controls.

Our analysis covers the legislative requirements under the Data (Use and Access) Act 2025, including the supplementary codes for right to work, rent, and DBS checks, plus white label certification requirements.

Book now
2
Conducted by a UKAS accredited certification body

Stage 1

A documentation review and initial assessment conducted by an approved conformity assessment body against DVS trust framework version 1.0 and GPG 45 1.0 standards.

3

Remedial work

The process of addressing any gaps or deficiencies identified during the Stage 1 assessment to meet version 1.0 standards.

4
Conducted by a UKAS accredited certification body

Stage 2 (Certification)

A comprehensive assessment by the conformity assessment body to verify that your DVS service meets the applicable version 1.0 requirements and GPG 45 1.0 identity verification standards.

5

Join the statutory register

Once certified against version 1.0, apply to appear on the statutory register of digital identity and attribute services. Certified providers are eligible to display the UK CertifID trust mark.

6

Internal audit and improvement

A self-assessment process conducted by the certified business to maintain ongoing compliance with version 1.0 standards.

We'll help you establish robust internal audit processes, enabling your team to conduct thorough self-assessments and maintain your position on the statutory register.

Start your certification journey

Why work with us

Experience Since Day One

We've been involved with the DIATF since 2019, through all iterations from the pilot phase to Gamma 0.4, and now supporting version 1.0 migration.

Proven Success Record

We're amongst the first consultancies helping organisations achieve certification under version 1.0, navigate white label certifications, and join the statutory DVS register.

Cross-Functional Expertise

We're product, engineering, and compliance experts and can speak your language.

End-to-End Support

From strategic advisory to hands-on implementation, we support your entire DVS certification journey under version 1.0, including GPG 45 1.0 compliance and ongoing surveillance requirements.

Frequently asked questions

What is the UK DVS trust framework?

The UK digital verification services (DVS) trust framework is a statutory UK government framework under the Data (Use and Access) Act 2025. The framework came into force on December 1, 2025, creating mandatory rules for DVS providers. Version 1.0 was published on March 6, 2026, introducing the UK CertifID trust mark and enhanced requirements for secure, privacy-respecting digital identity and attribute services.

What changed with the Data (Use and Access) Act?

The Act received Royal Assent in June 2025 and the DVS measures came into force on December 1, 2025, putting the DIATF on a statutory footing. This creates legal obligations for Digital Verification Services (DVS) providers and introduces official government powers including a statutory register of DVS providers and the UK digital identity trust mark.

Who needs DIATF certification?

Any organisation providing digital identity or attribute services in the UK that wants to be recognised as a trusted DVS provider under the statutory framework. This includes organisations offering white label services. Certification is optional but enables providers to appear on the statutory register of digital identity and attribute services.

What is version 1.0 of the DVS trust framework?

Version 1.0 is the latest publication of the DVS trust framework, released on March 6, 2026. It builds upon Gamma 0.4's high baseline with iterative improvements, introduces the UK CertifID trust mark for certified providers, and aligns with updated GPG 45 1.0 identity verification standards. New certifications will be against version 1.0 once CABs are accredited.

What happened to Beta 0.3 and Gamma 0.4 certifications?

All Beta 0.3 certifications expired on March 31, 2026. Gamma 0.4 certifications remain valid until a specified date or until the service uplifts to version 1.0. Providers should plan migration to version 1.0 to access the UK CertifID trust mark and demonstrate compliance with the latest standards.

What are the new white label certification requirements?

Gamma 0.4 introduces separate certification scopes for 'underpinning services' and 'white label services', with stricter accountability requirements and more frequent evaluation cycles to ensure transparency and trust.

How can consultancy help with version 1.0 migration?

We guide you through migration to version 1.0 of the DVS trust framework, including gap analysis against the new requirements, GPG 45 1.0 compliance, and joining the statutory DVS register. We ensure your service meets all legislative requirements whilst maintaining commercial viability, whether you're upgrading from Gamma 0.4 or starting fresh.