UK Digital Identity Trust Framework (DIATF) Certification

Vidos provides UK Digital Identity Trust Framework certified verification infrastructure supporting W3C, ISO mDL, and OpenID credential standards.

Overview

Vidos is certified under the UK Digital Identity and Attributes Trust Framework (UK DIATF) as an Orchestration Service Provider, Component Service Provider, and Attribute Service Provider. Our service is independently certified against government rules for digital identity services and is listed on the GOV.UK register of digital identity and attribute services.

This certification delivers the verification infrastructure organisations need to accept digital credentials when UK citizens present them across various use cases including age verification, identity confirmation, and attribute validation.

Organisations can integrate Vidos as complete orchestration workflows (OSP), individual verification components within existing systems (CSP), or attribute verification services (ASP). All three approaches use pre-certified infrastructure that integrates in 2-4 weeks rather than the 12-18 months required to build and certify verification capabilities from scratch.

UK Digital Identity

The Data (Use and Access) Act 2025 establishes the statutory framework for Digital Verification Services in the UK, placing the UK DIATF onto a legal footing and requiring certification for any organisation providing digital identity or attribute verification services. The Act also creates an information gateway enabling public authorities to share information with certified identity providers for verification purposes, with user consent (see the official guidance on gov.uk for more information).

The UK government's "Blueprint for Modern Digital Government" mandates that all central government services must issue a digital verified credential alongside any paper or card-based credential by the end of 2027. With this deadline approaching, organisations across multiple sectors need certified verification infrastructure to accept these digital credentials as they become available.

What Vidos Provides

Wallet-Agnostic Verification
Verify credentials from GOV.UK Wallet, private sector DIATF-certified wallets (where standards are supported), and EU Digital Identity Wallets through a single integration.
Multiple Standards Support
W3C Verifiable Credentials, ISO mDL (18013-5), OpenID protocols (OpenID4VC, OpenID4VP), JWT signatures, and JSON-LD with Data Integrity Proofs.
Fast Integration
2-4 weeks from start to production deployment, including API integration, policy configuration, and sandbox testing.
Enterprise-Grade Security
ISO 27001 certified operations, UK Cyber Essentials compliance, 99.95% uptime SLA, and complete audit trails for regulatory compliance. For more information, see our security & compliance centre.

Frequently Asked Questions

What is UK DIATF certification?

The UK Digital Identity and Attributes Trust Framework (UK DIATF) is the government's statutory framework for digital identity services. Any organisation providing digital identity or attribute verification services must be certified against DIATF rules and listed on the Digital Verification Services (DVS) Register overseen by the Office for Digital Identities and Attributes (OfDIA).

DIATF certification ensures services meet stringent requirements for security, privacy, interoperability, and user consent. Vidos is independently certified against the trust framework across three service provider categories, enabling flexible integration approaches for different organisational needs.

What roles is Vidos certified for?

Orchestration Service Provider (OSP): Handles complete verification workflows for organisations that want to delegate the entire verification process. The service coordinates all necessary checks and returns verification results through a single API. This approach works when organisations want verification infrastructure without building internal capabilities or pursuing their own DVS certification.

Component Service Provider (CSP): Provides verification components that integrate directly within existing services. Organisations build their own orchestration while using Vidos components for specific verification functions. This works when organisations need certified verification components within their existing architecture, or when other DVS providers want to incorporate government-certified verification capabilities into their own service offerings.

Attribute Service Provider (ASP): Verifies and validates attributes within credentials from any issuer, confirming that credential attributes meet organisational and regulatory requirements regardless of which identity provider or wallet issued the original credential. Other DVS providers can integrate Vidos attribute verification to extend their service capabilities without building this infrastructure themselves.

Who should use Vidos verification infrastructure?

Organisations that need to verify digital credentials (otherwise known as relying-parties):
  • Retailers and hospitality (age verification)
  • Financial institutions (identity verification and customer onboarding)
  • Healthcare providers (patient identity verification)
  • Service providers requiring identity or attribute confirmation
  • Any organisation accepting digital credentials from UK wallets
Organisations certified for supplementary codes who need verification infrastructure:
  • Employers performing Right to Work checks
  • Landlords and letting agents performing Right to Rent checks
  • Organisations conducting DBS checks
  • Any entity holding supplementary code certification requiring cryptographic verification capabilities
Other DVS providers that want to incorporate certified verification:
  • Identity Service Providers (ISPs) needing verification components
  • Hosting Service Providers (HSPs) adding verification capabilities
  • Supplementary code certified providers requiring verification infrastructure
  • Any certified provider wanting to extend their service portfolio
System integrators and consultancies building identity solutions for clients who need pre-certified verification infrastructure.

How long does integration take?

Technical teams can integrate Vidos verification services in 1-4 weeks. This includes:
  • API integration and testing
  • Configuration of verification policies
  • Sandbox testing with sample credentials
  • Production deployment with dedicated instances
This timeline assumes standard integration requirements. More complex orchestration or custom policy requirements may extend the timeline, but typically remain under 8 weeks compared to 12-18 months for building and certifying verification infrastructure from scratch.

What about the 2027 government mandate?

The UK government's Blueprint for Digital Government mandates that all central government services must issue digital credentials alongside physical documents by the end of 2027. This means every government service providing physical documents (driving licences, certificates, proof-of-entitlement letters) must also offer digital credential equivalents.

Organisations integrating verification infrastructure now gain:
  • Operational experience before widespread adoption
  • Process refinement while volumes are manageable
  • Competitive advantage by offering digital credential acceptance early
  • Infrastructure readiness as new credential types become available
  • Future-proof capabilities supporting evolving standards and requirements

What about Right to Work, Right to Rent, and other regulated checks?

The UK government has announced plans to enable digital verification for regulated checks including Right to Work and Right to Rent. These specific use cases require certification against DIATF Supplementary Codes in addition to core DIATF certification.

Vidos provides the core verification infrastructure that can be integrated by organisations and other DVS providers who hold the necessary supplementary code certifications. When a digital credential is presented for Right to Work or Right to Rent verification, Vidos verifies the cryptographic validity and attributes of that credential, while the certified organisation makes the regulatory determination based on those verified attributes.

This layered approach allows supplementary code certified providers to leverage Vidos verification infrastructure without building and certifying their own cryptographic verification capabilities.

Can other DVS providers integrate Vidos services?

Yes. Vidos is designed as enabling infrastructure for the UK digital identity ecosystem. Other certified DVS providers can integrate Vidos services in several ways:
  • As verification components (CSP role) within their own service offerings, maintaining their customer relationships and orchestration while using Vidos for underlying verification
  • As attribute verification (ASP role) to extend their capabilities without building attribute verification infrastructure
  • As complete workflows (OSP role) where they want to offer verification to their customers without pursuing their own verification certification
This approach allows DVS providers to focus on their core capabilities while leveraging Vidos for trust framework certified verification infrastructure.

How does Vidos handle credential privacy?

Vidos implements privacy-preserving verification following UK DIATF requirements:
  • Data minimisation - only processing data necessary for verification
  • Selective disclosure - verifying only the attributes required for each use case
  • No credential storage - verification results are returned without storing credential contents
  • Complete audit trails - logging verification events without exposing credential data
  • User consent - all verification requires user presentation of credentials
These privacy protections align with GDPR requirements and UK data protection principles, ensuring credentials can be verified without creating unnecessary data repositories.

What's included in the certification?

UK DIATF certification includes:
  • Technical assessment of cryptographic verification capabilities
  • Security evaluation of infrastructure and operations
  • Privacy assessment against DIATF requirements
  • Interoperability testing with multiple credential formats
  • Operational readiness review of processes and procedures
  • Ongoing compliance monitoring and regular re-certification

Get Started

Ready to integrate UK DIATF certified verification infrastructure?

Contact Our Team to discuss your verification requirements and compliance needs →
Contact our team