The UK Government has unveiled a pre-release of the latest version of its Digital Identity and Attributes Trust Framework (gamma 0.4).
Described as a “pre-release,” this iteration of the framework is not yet ready for certification. However, its early publication provides clarity on forthcoming standards, allowing service providers to prepare ahead of certification opportunities, expected to begin early next year.
Once accredited Conformity Assessment Bodies (CABs) are ready, the framework will be finalized without changes to its current requirements.
The gamma version incorporates stakeholder feedback since the previous beta release in June 2022, with five new updates. Two new certification roles, Holder Service Provider and Component Service Provider, have been added for digital wallets and facial authentication services. There have also been updates on inclusion monitoring and data-sharing mechanisms have been introduced. Providers will also face stricter requirements to assist users in case of issues.
Additionally, a section addresses the growing use of biometric systems, ensuring they are tested for fairness and effectiveness across demographic groups. New rules regulate providers’ participation in the forthcoming register of digital identity services, outline data protection requirements during transfers, and provide guidance on promoting certified status to avoid user confusion.
Framework restructure timeline
The framework has been restructured for better navigation, with a new rule numbering system and the removal of ambiguous “should” expectations to improve auditability. According to officials, these changes raise the standards for providers operating within the framework.
Taking it back to the very beginning on February 11, 2021, the UK government released its first version of the UK DIATF, which laid out voluntary guidelines for organizations developing or using digital identity systems. A year later, the framework moved into public beta testing, allowing stakeholders across sectors to provide feedback. A focus was placed on interoperability between systems to align with international standards like eIDAS (European standards for electronic identification).
By this time, the framework began accrediting organizations via certification bodies such as UKAS, and a trust mark was introduced for certified providers. In 2023, the UK government mandated the use of DIATF-certified digital identity systems in certain areas, like Right to Work, Right to Rent, and DBS (Disclosure and Barring Service) checks, and encouraged the development of portable digital IDs to improve user experience and reduce duplication in identity verification processes.
Updates focused on making digital identity systems more inclusive, particularly for individuals lacking traditional identity documents, and there was the introduction of provisions for alternative data sources, such as bank statements and utility bills, for identity verification.
Looking ahead
Although certification under gamma 0.4 is not yet available, providers are encouraged to prepare for the new rules. The Office for Digital Identity and Attributes (OfDIA) will conduct an annual review of the framework, with further stakeholder engagement planned following the passage of the Data (Use and Access) Bill.
A key component of this framework is its emphasis on managing and validating attributes, specific pieces of information that define an individual or entity. These attributes can range from basic details like name and address to more complex data, such as biometric or legal credentials.
Article Topics
biometrics | certification | DIATF certification | digital identity | Digital Identity and Attributes Trust Framework (DIATF) | identity verification | standards | UK
