Today marks a significant milestone for digital identity in the UK. HM Treasury and the Department for Science, Innovation and Technology (DSIT) have published joint official guidance confirming that certified Digital Verification Services (DVS) can be used by regulated entities to fulfil their identity verification obligations under Regulation 28 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the Money Laundering Regulations).
This is the first time the UK Government has formally recognised the Digital Identity and Attributes Trust Framework (DIATF) as a valid compliance pathway for anti-money laundering requirements.
For businesses across sectors—from financial services and legal to property, gambling, and high-value goods—this guidance removes a critical uncertainty that has held back digital identity adoption.
What the guidance actually says
The joint guidance, published through the Office for Digital Identities and Attributes (OfDIA), establishes several key principles:
1. DIATF-certified DVS can fulfil Regulation 28 obligations
The guidance explicitly states that DVS which are certified against the DIATF and listed on the DVS Register "can be treated as a reliable and independent source of information, with appropriate anti-impersonation assurance."
This means regulated entities can use certified digital identity services to verify customer identity and meet their customer due diligence (CDD) requirements under the Money Laundering Regulations.
2. Certification and registration are both required
It's not enough for a DVS provider to claim DIATF certification. To qualify for this regulatory recognition, a provider must be:
DVS which are not certified and therefore not on the DVS register cannot reliably be deemed suitable for identity verification in compliance with the Money Laundering Regulations.
This is a critical distinction. The guidance creates a clear dividing line between certified providers (who meet the regulatory standard) and non-certified providers (who don't).
3. Use extends to company directors
The guidance confirms that regulated entities may also use certified and registered DVS to support verification of company directors—an important clarification for businesses conducting corporate due diligence.
4. Wider MLR responsibilities remain
Using a certified digital identity doesn't remove other compliance obligations. Regulated entities must still:
Why this matters
This guidance follows a public consultation HM Treasury conducted in 2024, during which industry groups, including techUK, consistently called for clearer regulatory recognition of digital identity.
The consultation received over 200 responses, many highlighting that while businesses wanted to use digital identity for customer onboarding, uncertainty about whether it satisfied MLR requirements created hesitation—particularly among smaller firms without dedicated compliance teams.
That uncertainty has now been removed.
The regulatory journey to this point
This guidance didn't emerge in a vacuum. It represents the culmination of several years of policy development:
2023-2024: DIATF development
DSIT developed the Digital Identity and Attributes Trust Framework, establishing clear rules and standards for DVS provision across the UK.
2024: Public consultation
HM Treasury consulted on improving the effectiveness of the Money Laundering Regulations, with a dedicated section on digital identity's role in combating money laundering.
2025: Statutory footing
The Data (Use and Access) Act 2025 placed the DIATF on a statutory footing, removing earlier uncertainty about the legal standing of certified providers.
July 2025: Commitment to guidance
HM Treasury is committed to producing joint guidance with DSIT as part of its consultation response, published in the Financial Services Growth and Competitiveness Strategy.
February 26, 2026: Official guidance published
Today's publication delivers on that commitment, providing the formal regulatory recognition the industry has been seeking.
Who this affects
The Money Laundering Regulations apply to a broad range of "obliged entities," including:
All of these sectors can now use DIATF-certified DVS for identity verification with regulatory confidence.
What this means for SmartSearch customers
SmartSearch is certified against the DIATF and listed on the DVS Register.
For SmartSearch, this validates our customer-first approach to technology development. We invested in DIATF certification from the outset—not as a compliance checkbox, but as a commitment to giving our customers the certainty they need. Today's guidance confirms that businesses using our platform are on the right side of regulatory expectations.
This means:
✓ You can use SmartSearch to fulfil your Regulation 28 obligations - Our digital identity verification meets the Government's standard for "reliable and independent" sources with "appropriate anti-impersonation assurance."
✓ You have regulatory certainty - This isn't an interpretation or best practice—it's official Government guidance for Money Laundering Regulations compliance.
✓ You're protected if audited or questioned - When supervisory bodies or regulators ask how you verify identity, you can point to official guidance confirming that DIATF-certified services meet the requirement.
✓ You can onboard customers faster - With regulatory uncertainty removed, you can confidently deploy digital identity verification at scale without fear of non-compliance.
What hasn't changed
It's crucial to understand what this guidance doesn't alter:
You remain responsible for customer due diligence
Using a certified DVS doesn't outsource your MLR obligations. You're still ultimately liable for:
Digital identity supports verification—it doesn't replace judgment
Technology enables compliance by making identity verification faster, more accurate, and more secure. But it doesn't eliminate the need for human oversight, risk assessment, and decision-making.
Not all digital identity providers are equal
The guidance creates a clear distinction: certified providers on the DVS Register meet the standard. Non-certified providers don't. When selecting a digital identity solution, certification matters.
The economic case for adoption
The Government estimates that widespread adoption of digital identity could deliver £701 million per year in economic benefits for the UK.
These benefits include:
But those benefits depend on trust. Businesses and consumers need confidence that digital identity services are secure, reliable, and regulatory-compliant.
The DIATF and DVS Register provide that foundation. Today's guidance from HM Treasury and DSIT reinforces it.
What comes next
The guidance notes that the Government expects to consult on a national Digital ID issued directly by government. This would complement—not replace—the private sector DVS ecosystem.
Additionally, HM Treasury and DSIT will work with sector guidance bodies (like the Joint Money Laundering Steering Group, which produces guidance for financial services) to ensure sector-specific guidance encourages appropriate use of digital identity for CDD measures.
How SmartSearch delivers DIATF-certified verification
SmartSearch's identity verification platform combines:
Biometric liveness detection (99.8% deepfake catch rate)
Real-time facial recognition that confirms the person is physically present and not using a photo, video, deepfake, or mask.
Document forensics across 200+ countries
Advanced image analysis that detects forged, altered, or fraudulent identity documents with greater accuracy than manual visual inspection.
Multi-source identity triangulation Verification across multiple independent data sources to ensure consistency and catch synthetic identities.
Real-time AML screening
Instant checks against 1,100+ sanctions and PEP lists, updated every 24 hours—not annually.
Ultimate Beneficial Owner identification
Trace corporate ownership through unlimited layers to identify the real people controlling entities.
Ongoing monitoring
Continuous screening throughout the customer relationship, not just a static check at onboarding.
Audit-ready compliance records
Timestamped, cryptographically secure documentation for every verification, meeting Regulation 40 record-keeping requirements.
Seamless customer experience
Browser-based verification with no app downloads—customers complete verification on any device in under 60 seconds.
All of this is delivered through a platform certified against the DIATF and listed on the DVS Register, meaning it meets the Government's standard for MLR compliance.
The bottom line
Today's guidance removes a barrier that has held back the adoption of digital identity in regulated sectors. Businesses no longer need to wonder whether certified digital verification services meet Money Laundering Regulations requirements—the Government has confirmed they do.
For SmartSearch, this validates our customer-first approach and our investment in DIATF certification from the outset. We prioritised giving our customers regulatory certainty, and today's guidance confirms that decision was right.
For regulated businesses, this provides the certainty needed to accelerate digital transformation in customer onboarding while maintaining full compliance.
The question is no longer "Can we use digital identity for MLR compliance?" It's "Why wouldn't we?"