New Government Guidance on Digital ID for AML Checks
Danny Dean
July 10, 2026
•
5
min read
On 26 February 2026, HM Treasury and the Department for Science, Innovation and Technology (DSIT) published joint official guidance confirming that regulated firms can use certified digital identity verification to meet their obligations under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017). The Solicitors Regulation Authority (SRA) has confirmed, in SRA Update 148, that the guidance applies directly to the firms it supervises.
For regulated firms, this is a significant moment: digital ID is now officially recognised as a legitimate route to meeting client due diligence (CDD) obligations. The question is no longer whether digital verification is acceptable, but whether your firm is doing it properly, with the right provider.
What does the new guidance actually say?
Designated as official government guidance for MLR 2017 compliance, it confirms three things:
• Certified digital verification services (DVS) count. A DVS certified against the UK trust framework and listed on the government’s DVS Register can be treated as a reliable and independent source of identity information, with appropriate anti-impersonation assurance.
• Regulation 28 can be satisfied digitally. Firms can fulfil their Regulation 28 identity verification obligations for individual clients using a certified and registered DVS, and can use one to support verification of company directors.
• Uncertified services do not meet the standard. Services not certified and listed on the DVS Register cannot reliably be deemed suitable for identity verification under the MLR 2017.
If your firm still relies on manual verification, the case for switching is now strong: faster onboarding, less admin, and a better audit trail.
Which providers count? Check the DVS Register
This is the detail that deserves the closest attention. Government backing applies to certified and registered providers, not to digital verification in general. A provider must be certified against the UK Digital Identity and Attributes Trust Framework (DIATF) by an independent, UKAS-accredited body, and must appear on the DVS Register maintained by the Office for Digital Identities and Attributes on GOV.UK.
If your current provider is not on the register, the guidance weakens your compliance position rather than strengthening it, because there is now an official benchmark your checks fail to meet. Checking the register should be the first step in any review of your digital onboarding.
Digital ID does not replace your judgement, it supports it
Using a digital verification provider does not remove a firm’s responsibility for CDD. Firms still need to:
• Assess client risk and apply a corresponding level of due diligence to each client
• Look beyond identity, since digital ID does not cover every aspect of CDD, such as the purpose and intended nature of a business relationship
• Keep proper records in line with Regulation 40 of the MLR 2017
• Review new technology properly, as Regulation 19(4)(c) requires when adopting new technologies
Digital ID is a powerful input into your CDD process, not a substitute for it. Firms remain ultimately accountable, even when the verification itself is handled digitally.
What good digital ID actually looks like
With certified digital ID now backed as a credible route to CDD, the focus shifts to provider quality. Not all digital verification is equal, and firms remain responsible for the checks they rely on. What should you be looking for?
Certification you can point to. The guidance sets the baseline: DIATF certification and a place on the DVS Register. Beyond that, look for independent validation of the technology itself. Verify by Tiller’s identity verification process is certified against the DIATF, with liveness detection certified to ISO/IEC 30107-3 iBeta Level 2.
Document coverage. A provider should cover far more than UK passports and driving licences. Verify by Tiller checks against roughly 1,900 ID document types across 186 countries, making it well suited to firms with international clients.
Address verification. Identity only goes so far if you cannot also confirm where someone lives. Verify provides real-time address verification across 53 countries, matching directly against government databases, credit agencies, utility companies, and landline telecoms data, with GDPR-compliant handling.
Biometric verification. A document check on its own is not enough. Strong digital ID confirms the document belongs to the person presenting it. Verify uses a 3-phase biometric face match with passive liveness detection: a client completes their check with a single selfie while the technology detects deepfakes, masks, and screen replays in real time. It is a far stronger check than a manual document review, with far less friction.
A proper audit trail. Firms must demonstrate what checks were carried out, when, and with what result. The Verify portal lets your team review every check, flag exceptions, and download a comprehensive report for each client: the documented trail Regulation 40 requires, with risk-based decision-making kept firmly with your team.
Ease of use for clients. The case for digital ID only holds if clients complete the process without dropping off. Verify’s desktop, tablet, and mobile self-serve app lets clients carry out their own checks at a time and place that suits them.
What this means in practice
For firms already running digital onboarding, this confirms that done properly, through a certified provider, digital ID is a fully legitimate route to CDD compliance. For firms still weighing the switch, the direction of travel is clear: the framework is in place, the technology is mature, and the benefits speak for themselves.
Frequently asked questions
Can digital ID be used for AML checks in the UK?
Yes. Joint guidance from HM Treasury and DSIT, published on 26 February 2026, confirms firms can fulfil their Regulation 28 identity verification obligations using a DVS certified against the trust framework and listed on the DVS Register.
What is the DVS Register?
The official GOV.UK list of digital verification services independently certified against the trust framework, maintained by the Office for Digital Identities and Attributes. Services not on it cannot reliably be relied on for MLR 2017 identity verification.
Does using a digital ID provider remove my firm’s CDD responsibility?
No. Firms remain fully accountable: assessing client risk, understanding the purpose of the relationship, keeping Regulation 40 records, and considering Regulation 19(4)(c) when adopting new technology.
Has the SRA confirmed the guidance applies to law firms?
Yes. The SRA highlighted it in SRA Update 148, confirming it as official government guidance for MLR 2017 compliance and encouraging firms to consider whether digital ID would benefit them and their clients.
In short
The UK Government has made the case for certified digital ID. The compliance question is now less about whether to use it, and more about whether the provider and process you rely on are genuinely fit for purpose.
Verify by Tiller is built for exactly that: DIATF-certified identity verification, ICAEW-accredited, independently reviewed by BDO, and designed to sit within a risk-based AML process rather than replace your team’s judgement.
If you are reviewing your firm’s approach to digital ID in light of this guidance, our team is happy to walk through how Verify fits your existing workflow.
Join our newsletter to stay up to date on features and releases.
Finance
5
min read
Jersey Finance features Verify by Tiller in its Fintech Spotlight Series
Verify by Tiller has been featured in Jersey Finance's Fintech Spotlight Series, detailing a client remediation programme completed in two months by a single compliance officer, using bulk upload and automated monitoring to meet JFSC standards.
In Guernsey, The Era of Wet-Ink Verification is Ending
The GFSC's May 2026 AML/CFT Handbook update formalises digital verification in Guernsey as the CDD standard. Here's what changed and what your firm needs to review.
JFSC AML Handbook Updates Coming 31 May 2026… Here’s What You Need to Know
Critical changes to the JFSC AML Handbook are coming May 31, 2026. Get a clear breakdown of the new rules for complex structures and enhanced background checks and learn how to update your compliance process now to avoid risk.