UK’s OfDIA assigns international digital identity standards role as DVS ‘backbone’

One of the key principles driving digital identity is that, in keeping with the shape of the digital world, it should work across borders. That requires global agreement on certain fundamentals.

This, says the UK’s Office for Digital Identities and Attributes (OfDIA), is why international standards matter for the UK’s digital verification services (DVS) trust framework.

International standards, says OfDIA in a blog post, describe what “good” looks like, in terms of security, privacy, identity assurance and interoperability. They serve three critical functions: building trust, enabling cross-border use, and “keeping the system flexible and future‑ready.”

In terms of trust, they establish “a familiar and credible baseline” that people feel they can rely on. Trust marks, certifications and other distinctions help develop an ecosystem of trusted providers and actors in the digital ID sector.

They “provide a common language for how identity services can be checked and trusted,” which makes it easier for countries to adopt compatible systems. At the same time, they allow for evolution over time, as new risks, technologies and use cases emerge.

Alignment with standards is good policy, strategy

For these reasons, the UK considers it vital to have a place at the table when Standards Development Organisations (SDOs) work up drafts. The UK’s engine for that is the British Standards Institution (BSI), which coordinates UK input into international standards bodies such as ISO, IEC and CEN/CENELEC.

Proactive input means “having the opportunity to reflect UK values and requirements into the standards that future technologies will follow, rather than simply adopting what others decide,” OfDIA says. The UK regulator can prioritize public policy cornerstones such as privacy, inclusion and proportionality, and support trusted national frameworks like the DVS trust framework.

Which is to say, “international standards aren’t just technical documents. They’re an important policy tool.” Aligning the DVS trust framework with global standards positions UK digital identity services to succeed internationally, making cooperation with international partners more transparent and ensuring innovation can scale without weakening protections.

“In many ways, standards act as the backbone of the digital world. Most people never see them, but they quietly shape how systems connect, how trust is assessed, and how digital markets function.”

Misleading language could put certification at risk 

Clarity and trust are interconnected. Another post on OfDIA’s blog examines how DVS providers should describe and explain their certification in different use cases. It aims to cut a path through the thicket of technical and administrative language that can make people feel lost.

The post makes several key distinctions. “A DVS can only be certified against the DVS trust framework and supplementary codes published under the Data (Use and Access) Act 2025.” It can’t be certified against the Money Laundering Regulations, or “a specific compliance regime, such as the anti-money laundering regime.”

So, stay away from statements that claim a business is “certified for anti-money laundering (AML),” which are inaccurate. Likewise, avoid implying that trust framework certification alone denotes compliance with a specific regulatory framework.

The piece identifies two key areas certified DVS providers should focus on when describing their certified service. These are, for one, the supplementary codes a service is certified against, which “contain rules which build on the trust framework rules to show how DVS can meet additional needs in specific use cases.” Two, providers can describe what their service does, and what use case or sector it is designed for, or commonly used in.

They may also describe their product in general terms as “supporting organizations operating in regulated sectors, so long as this statement is accurate (i.e. you do actually have a customer base in that sector).” So, you can say a product supports organizations operating in the financial services sector – as long as that’s true.

“Clarity, consistency and accuracy in the description of certified DVS are essential to maintaining trust in the DVS ecosystem,” the piece says. And the rules are non-negotiable: “inaccurate or misleading claims about your service will put your certification at risk.”

There is some irony in OfDIA’s post, given the somewhat polymorphic nature of the UK’s trust framework itself. Originally called the Digital Identity and Attributes Trust Framework (DIATF), it is now called the Digital Verification Services (DVS) Trust Framework 1.0, covering certified DVS.

Article Topics

British Standards Institution  |  digital ID  |  digital identity  |  digital verification service (DVS)  |  OfDIA  |  regulation  |  standards  |  UK  |  UK digital ID