GOV.UK One Login regains DIATF certification by Kantara but role questions linger

GOV.UK One Login has regained certification to the UK’s Digital Identity and Attributes Trust Framework (DIATF), after going through an assessment by the Kantara Initiative.

With recertification, the Department for Science, Innovation and Technology’s (DSIT’s) One Login re-enters the trust register operated by the Office for Digital Identity and Attributes (OfDIA).

The app’s biometrics capabilities are provided by iProov, along with subcontractors Veriff and new Signicat subsidiary Inverid. iProov had allowed its certification to lapse earlier this year, temporarily throwing One Login off the list. Kantara’s DIATF list shows iProov’s OIDC Bridge, Dynamic Liveness, BFC Document Verification and iProov ID were certified on October 16, 2025.

The certification covers the identity role, medium-level identity profiles M1A and M1B, to the medium level of authenticator and protection quality. M1A and M1B each involve one piece of documentary evidence and a verification score of 2.

The conformance certificate expires on October 30 of this year.

The government’s digital identity app is up to 13 million registered users, and it has been used for 120 different public services, according to Government Digital Service (GDS) figures from mid-January. A GDS blog post suggests the program is improving the security of access to government services as the department lays the groundwork for the government-provided digital wallet and mobile driver’s license (mDL) coming later this year.

Lord Christopher Holmes notes in a LinkedIn post that Minister responsible for Digital ID Josh Simons presented digital ID as digital public infrastructure (DPI) intended to eliminate duplicative data-gathering by government departments.

He replied that “the perimeters of GOV.UK One Login need to be clearly stated, to which he agreed.

“I also suggested that it was at least unfortunate that the Government had cited illegal immigration as the reason for pushing forward with digital ID,” Lord Holmes adds.

“The narrative needs rapid reconstruction, depoliticization and positioning in positive societal use cases.”

The post also quotes figures from Yoti’s Julie Dawson of 11,000 jobs in the UK’s private digital identity sector, counting only DIATF-certified providers, and their organization’s ability to cover 80 percent of use cases today.

Earlier this month, Simons stated in response to written questions submitted to parliament that the government anticipates verification of the digital ID will be through a “robust digital process” rather than flashing an image on a phone’s screen. He reiterated that the app will be built in-house, but potentially with “specialist external services or expertise.” Labour MP Mike Tapp said cost estimates are impossible until the impending public consultation is complete.

Article Topics

biometrics  |  certification  |  DIATF certification  |  digital identity  |  Gov.UK  |  Inverid  |  iProov  |  Kantara  |  One Login  |  UK digital ID  |  Veriff