On 26 February 2026, His Majesty’s Treasury and the Department for Science, Innovation and Technology published updated guidance on Using Digital Identities with the Money Laundering Regulations.
The guidance clarifies how organisations subject to the Money Laundering Regulations (MLRs) can use digital identity services as part of their Customer Due Diligence (CDD) checks, and, crucially, what will satisfy regulatory requirements.
For conveyancers, estate agents, legal professionals and other regulated businesses, it provides long-awaited clarity on what constitutes compliant digital identity verification.
Only certified IDSPs officially meet the standard
The most important takeaway from the guidance is that only certified IDSPs meet the standard to be fully compliant digitally.
Digital identity providers must:
- Be certified against the UK Digital Identity and Attributes Trust Framework
- Be listed on the Government’s Digital Verification Services (DVS) Register
- Deliver identity verification at the appropriate level of assurance
Informal digital checks, unregulated platforms or in-house processes that do not align with the Trust Framework cannot provide the same level of regulatory assurance.
Firms must be able to demonstrate that their digital identity verification provider meets the recognised government standard, and as of the latest guidance, this is only achievable through certification against the UK’s Government Digital Identity and Attributes Trust Framework.
For regulated businesses, this removes ambiguity. To meet the MLR identity verification requirement using digital methods, you should be using a certified IDSP.
The guidance also reinforces the obligation under the Money Laundering Regulations to retain copies of identity documents and Customer Due Diligence information for at least five years from the end of a business relationship or transaction.
This is a statutory requirement and applies regardless of general data minimisation principles under data protection legislation.
What this means for regulated businesses such as estate agents
The updated guidance provides practical direction:
- Digital identity verification is permitted under the MLRs, but only where delivered by certified providers operating within the UK Trust Framework.
- Firms must retain identity and CDD records for at least five years (reg 40 of the MLRs).
- Informal or insecure methods of collecting ID documents do not meet the same regulatory standard and create unnecessary risk.
For conveyancers, estate agents, solicitors and other regulated professionals, the government’s guidance removes uncertainty.
LSAG (Legal Sector Affinity Group) guidance already states: “Electronic verification methods are becoming increasingly more secure and sophisticated and may in fact be lower risk than traditional means in some circumstances.”
This new guidance from the government makes it clear that certified digital identity services are not just an option; they are the compliant way to conduct digital identity verification under the MLRs.
You are advised to speak with your digital ID service provider and ensure your compliance is as robust as possible.
