Digidentity GOV.UK Verify
Your Digidentity GOV.UK Verify Profile is your passport for a growing number of government services.
Available services through GOV.UK VerifyYour own Digidentity, be verified
You need our app for your Digidentity. From application to daily use. You will be on the go in a few easy steps.
Request a Digidentity
Forget your passwords for all the different websites. Just request one Digidentity. Keep it simple and safe.

Identification
Register your profile. Create an account and enter your details. Next, you will identify yourself.
Verification
We verify your details. This is to make sure you are indeed who you say you are. For example, based on your passport.
Use it
Congratulations, you have your own super-safe online identity. You can login with authorities and companies, as your true self.
Safe, Simple, Secure, Be Verified
Call it a passport. Or a driving licence. With your Digidentity you can move around freely online. Login safely and easily – every window will open.

Be verified
Are you who you say you are? We verify your details and save it in our patented system with the highest security level.

Easy online
No effort with passcodes or tokens. A username, password and mobile phone, you do not need anything else to browse the internet safely.

All in 1 ID
Authorities, companies: you will be able to use Digidentity on more and more websites.
Safe access to your online service
You like to do business with customers and suppliers online. Because it is fast, cost effective and user-friendly. But is it safe and reliable enough? Do you not risk incurring penalties for violating privacy rules? And which reliability levels are required? Digidentity helps you to make these choices.

We will help you with eHerkenning and Idensys
As broker, we connect you to the eHerkenning system and Idensys. This way you can easily and very reliably do business online with customers and other companies. And you have access to all authentication services of the 3 systems. For eHerkenning you have, in addition to the authentication services, also access to all authorisation registers and signing services within this system.
Read more about eHerkenning and Idensys
We will help you with eIDAS
The EU member states have agreed that, as from September 2018, European citizens and businesses must be able to log in to all Dutch public sector organisations using their own national login scheme. Thus, the European Union aims to regulate rendering electronic transactions within Europe easier and safer.
Read more about eIDASWho is Digidentity?
Your profile often changes on the internet. For example to send messages or to network. But how safe is that? Before you know it, you are leaving a trail of your personal details behind that fraudsters will use for their own purposes.
Read more about Digidentity
A team with a mission
Digidentity offers internet users their own online identity. This is not only our work, it is our mission.
Read more about us
Will you strengthen our team?
Do you also value privacy on the internet? Do you like working on high tech solutions for millions of internet users? Then Digidentity is just the place for you.
Read our vacancieseHerkenning
Digidentity gives you back your privacy on the internet. We offer you one online identity that only you control. Completely digital, without passcodes or tokens. Forget the washing list of usernames and passwords. With your online identity you will be able to deal with an ever-increasing number of companies and government services.
eHerkenning is similar to DigiD. Just like citizens can use DigiD to login with the government agencies, companies, entrepreneurs and professionals can do that with eHerkenning.
An eHerkenning tool is person-bound. It cannot be transferred to someone else, such as a colleague. As user of eHerkenning, you can be authorised by your supervisor to act on behalf of your company with your service providers. 1 or more authorisations are registered when applying for a tool.






Idensys
Your Digidentity, your online identity, secure and easy.
Government agencies and corporates work together in safely logging in on the internet. The newer way of logging in is called Idensys. In the future, various organisations will check whether Idensys works well. As private individual, you can use your Digidentity to log into Idensys in companies who are participating in the testing. Only you are able to use your Idensys login tool. No one else can use it.
Do you want to use Digidentity to use Idensys? This is very simple. The only things you need is a Dutch identity document and a smartphone. And did you create a Digidentity? You may use it as often as you want to. As proof that you are you.
The services you can use with Idensys require your Citizen Service Number (BSN in Dutch). For this reason you can only register with a Dutch identity document that contains your BSN. We only use your BSN when registering and do not store it.
Request a free IdensysGOV.UK Verify
Your Digidentity, your online identity, secure and easy.
Digidentity is a digital identity to simplify your online life and to make it more safe. Also in the United Kingdom. We worked with the British government on GOV.UK Verify. This is a new way to prove your identity online. You can use this to utilise various government services, such as viewing your driving licence or the submission of your tax return.
Registration for GOV.UK Verify is also rather simple with Digidentity. You will be set-up in no time with your identity document and your smartphone. Then you will have an online identity that you can use safely when dealing online with the authorities.
Be verified by DigidentityeSGNG
No more printing, scanning or stamping. Your clients will simply enter a digital signature on their tablets or computers.
Signatures on contracts, employment agreements, purchase agreements, leases, living wills, tenders, policies, building plans and other documents no longer need to be entered on paper. These documents can be attested by a digital signature.
By means of eSGNG by Digidentity, it is possible to sign PDF documents digitally in a legally valid way. To do so, you can use our eSGNG app, or you can integrate the functionality into your own workflow.
Benefits
- Ease: The signatory can conduct his or her business fully digitally at any location and at any time. The signatory can simply sign on his or her mobile phone, laptop or desktop computer, or tablet. eSGNG allows for multiple signatories.
- Cost savings: Thanks to the digital signature, there will be no unnecessary costs for paper, administrative acts and mail.
- Time saving: Reduce operational costs and put an end to manual processes. This way, you will no longer need to send prompts or follow-up by phone: If a signatory still lingers over your contract, you can send them a fast reminder through eSGNG. This will save you time and bother.
- Safe: We fully comply with the latest security standards.
- Legal validity: The qualified digital signature is 100% legally valid and complies with the electronic signature requirements in conformity with eIDAS and article 3:15a of the Dutch Civil Code.
- Environmentally friendly: No paper, no mail.
What is an electronic or digital signature?
An electronic or digital signature is an electronic equivalent of a hand-written signature. An electronic signature consists of electronic data that are attached to a digital document.
The purpose of an electronic or digital signature is to establish:
- the identity of the sender (authenticity and identification) and
- the invariability of the information sent (integrity).
The eSGNG app
You can download the eSGNG app on a tablet from the app store (and soon, it will also become available as a web application). Once you have signed in with your Digidentity account, you can start using eSGNG right away.
Integrating digital signatures into the workflow
Alternatively, you can choose to integrate digital signatures into the existing workflow of your company or organisation. Send, sign and share immediately from the applications that you are already using.
We provide a user-friendly integration of digital signatures into your own application. This may be a portal, a mobile app, document management system (DMS) or any other application in which documents need to be signed in a straightforward and legally valid way.
So:
- No separate application, but entering digital signatures directly from the trusted custom applications
- Signing larges volumes
Interested? Contact us for more information.
Legal validity
According to European and Dutch legislation, there are three types of electronic signatures:
- The ordinary electronic signature (which we call Basic) You can use an ordinary electronic signature to sign your insurance policy. Along with the fact that you pay the premium and that the insurer has your address details, this type offers sufficient reliability (and is thus legally valid).
- The advanced electronic signature (which we call Advanced) An advanced electronic signature is connected to the signatory in a unique way and enables identification of the signatory. This type of signature involves extra checks to verify that the signatory is the right person. This signature is used, for instance, for filing your tax return.
- The qualified electronic signature (which we call Qualified) A qualified electronic signature is a signature with a qualified certificate. Such a certificate is a digital file that has been attached to the original document. There are special authorities that issue these certificates, the so-called Trusted Service Providers (TSP’s) or certification service providers. Like Digidentity, for example. The Dutch government makes use of a certificate that is issued by Public Key Infrastructure (PKI)-Overheid. Agentschap Telecom monitors the certification service providers. Issuing this type of signature even involves a visual check (face to face) to verify that the person concern is who he/she says he/she is.
Out of the various types of electronic signatures, only the qualified electronic signature is legally equated with the hand-written signature under European law. Parties that claim that the signature is false will need to prove this themselves. This does not apply to the other types of electronic signatures: in case of a legal conflict, the signatory himself will need to prove that the signature is legally valid.
eIDAS and the dutch civil code
In 2016, a new European regulation came into force, officially named Regulation (EU) No. 910/2014 of the European Parliament and of the Council, of 23 July 2014, on electronic identification and trust services in the internal market and repealing Directive 1999/93/EC. Quite a mouth full, and in practice the new regulation is referred to as eIDAS. This complex act regulates a vast number of things, but among others, it aligns the use and the value of electronic signatures throughout the European Union. You can read more about eIDAS here
As a result of eIDAS, the Dutch Civil Code has been amended.
Other products
Your Digidentity, your online identity, secure and easy.
PKIgovernment services certificate
PKIgovernment refers to the Public Key Infrastructure (PKI) of the Dutch government. This system organises the issuance and management of digital certificates under authority of the Dutch state. PKIgovernment offers a high reliability level for all certificate types.
PKIgovernment certificates are issued by certificate service providers: Trusted Service Providers (TSP). Digidentity as TSP supplies certificates.
Certified by the government
With a PKIgovernment services certificate you will gain access to the digital window of the government via Standard Business Reporting (SBR). Fast, easy and reliable. With this certificate, you are recognised as reliable sender and you have a secure connection with the electronic mail box of the government.
Safe information exchange
Every company that is connected to Digipoort via a PKIgovernment services certificate can digitally exchange information with the government. That is very useful if your company, for example, regularly has to supply information to the government. A PKIgovernment services certificate ensures that the data is sent safely to the correct government organisations. But also the other way around: information of a government organisation is sent to the correct company.
Application for SBR
With SBR you can compile and supply digitally standardised financial reports. In order to use SBR, you require a PKIgovernment services certificate.
Request
You can gain access to Digipoort (SBR) via our Certificate Store in a few steps.
- Create an account in the Certificate Store.
- Register the subscribing organisation.
- Register the contact person.
- Register the certificate administrator.
- Upload a CSR. How do I generate a CSR (Dutch)?
- Ensure the physical check of the certificate administrator.
- Request the certificate.

PKIgovernment SSL certificates
PKIgovernment refers to the Public Key Infrastructure (PKI) of the Dutch government. This system organises the issuance and management of digital certificates under authority of the Dutch state. PKIgovernment offers a high reliability level for all certificate types.
PKIgovernment certificates are issued by certificate service providers: Trusted Service Providers (TSP). Digidentity as TSP supplies certificates.
Secure your website
A PKIgovernment SSL certificate is used to protect your website.
Use the certificate
A PKIgovernment SSL certificate differs from a PKIgovernment services certificate. You cannot submit a tax certificate with it. For this reason, you do not need to specify a OIN number for a PKIgovernment SSL certificate. Further, both certificates are the same.
Request
With our Certificate Store you can request a PKIgovernment SSL certificate in a few easy steps.
- Create an account in the Certificate Store.
- Register the subscribing organisation.
- Register the contact person.
- Register the certificate administrator. We check them face-2-face.
- Have the abovementioned steps been completed? Request a certificate via a CSR.

Professional Certificates
PKIgovernment refers to the Public Key Infrastructure (PKI) of the Dutch government. This system organises the issuance and management of digital certificates under authority of the Dutch state. PKIgovernment offers a high reliability level for all certificate types.
PKIgovernment certificates are issued by certificate service providers: Trusted Service Providers (TSP). Digidentity as TSP supplies certificates.
Downloads
Get started with our manuals, certificates and other downloads.
Conditions
Forms
Manuals
Download our manual to help you to create a CSR here. You require a CSR when applying for a certificate.
- Manual create CSR PKIgovernment SBR certificate on Windows (Dutch)
- Manual create CSR PKIgovernment SBR certificate on Mac (Dutch)
- Manual create CSR PKIgovernment SSL certificate on Windows (Dutch)
- Manual renew Digidentity PKI Certificate (Dutch)
Digidentity L4 Services CA chain
Download the CA chain required here to generate a personal PKCS12 certificate if you requested a certificate with a CSR.
Roots and CRL
Download the roots and CRL certificates of Digidentity here for your level 3 and 4 account.
Level 3
Digidentity ABZ CA
Digidentity Burger CA
Digidentity Organisation CA
Digidentity Root CA
Digidentity Services CA
Digidentity SSCD CA
TTP Services ABZ Netherlands ABC CA
TTP Services ABZ Netherlands DP CA
Authorisation Online SSCD CA
Level 4
Digidentity Resident CA
Digidentity Organisation CA
Digidentity Services CA
Digidentity SSCD CA
Authorisation Online SSCD
State of the Netherlands Resident CA
State of the Netherlands Organisation CA
State of the Netherlands Root CA
Mobile App
You require our app for your Digidentity. From application to daily use. Download the free Digidentity app here.
Learn more about us
Who is Digidentity?
You cannot go anywhere without your passport. Doors remain shut, borders closed. Unless you venture online. There you no longer require a spectrum of profiles. For example to send messages or to network. But how safe it that? Before you know it, you are leaving a trail of personal details that fraudsters will use to their benefit.
Digidentity offers internet users their own online identity. We value privacy above all else. We call it Privacy by design. That is our work, our mission. We are identity providers pur sang and have been doing this work since 2008.
What is Digidentity?
Privacy by design is in our DNA, woven into our fibres. You will trace this back to Digidentity: the name of our company and our product. Digidentity is your digital identity, to simplify your online life. That is why we say
Your own Digidentity, be verified.
Work at Digidentity
Working at Digidentity means working in a dynamic environment in a team of ambitious people.
What is your talent?
Do you also value your privacy on the internet? Do you like to work on high tech solutions for millions of internet users? Then Digidentity is the place for you. Discover how your talent can improve our team and view our vacancies.
Ruby Developer
Are you an experienced developer who is looking for a new challenge? Do you want to cooperate in the development of online services in the identity industry, a socially-responsible industry branch? Then Digidentity is the right place for you. We are specifically looking for enhancements of the development teams.
Ruby DeveloperCustomer Service Representative (On Hold)
Do you enjoy helping people to the best of your abilities and work in an enthusiastic, close knit team? Are you looking for a job that you could combine with your studies or home life? Then we are looking for you.
Customer Service Representative (On Hold)Open Application
We are always looking for new talent! Are you interested to know what Digidentity can offer you? Or are you a student and looking for an internship and/or practical training assignment? Send an open application to our HR department.
Open ApplicationOnline identification, online trading
We help companies and government authorities to identify themselves digitally. This makes digital trading comfortable and reliable to them. We are already working for the Dutch and British governments and offer resources on different levels to them. And for extensive support and tailor-made solutions, you can also use Digidentity as broker.

eHerkenning broker
Digidentity is officially recognised as eHerkenning broker. This means that we offer services and solutions for the total playing field of eHerkenning, the successor of DigiD for companies.
With the Digidentity eHerkenning broker, you will be able to recognise all online companies in the Netherlands. Furthermore, you will return in a safe and efficient manner the messaging within eHerkenning. But there is more. With the eHerkenning broker, you also use all authentication services, authorisation registers and signing services of eHerkenning.
Request eHerkenning broker
Idensys broker
Idensys is the new, extra reliable standard for online identification. By making arrangements between governments and companies, Idensys works on login tools that offer more certainty about the identity of a person. This makes cybercrime and identity fraud more difficult. so you are able to login more securely as civilian, consumer or on behalf of your company.
Digidentity cooperates with the new standard. Since 2015 we have been an official broker and resource supplier on the Introduction level Idensys. This means that we will also be able to introduce you to the future of online identification.
Request Idensys brokerIs your organisation ready for online cross-border business transactions? We can help you!
The EU member states have agreed that, as from September 2018, European citizens and businesses must be able to log in to all Dutch public sector organisations using their own national login scheme. Thus, the European Union aims to regulate rendering electronic transactions within Europe easier and safer.

eIDAS
This arrangement is known as the eIDAS Regulation. eIDAS is the acronym for ‘Electronic Identification and Trust Services (for electronic transactions in the Internal Market)’, referring to the eIDAS Regulation no. 910/2014 of the European Parliament.
European member states have agreed to use the same concepts, arrangements and infrastructure with regard to access to online services. This ensures that the levels of reliability of the login schemes used within the European Union are aligned. The various arrangements have been enshrined in the eIDAS Regulation.
This regulation promotes cross-border services and trade between citizens and businesses in the European member states.
The eIDAS Regulation became effective on 17 September 2014. As from September 2018, the mutual recognition of notified member state eIDs is mandatory.
Digital services
eIDAS renders digital services accessible to Europeans residing in the Netherlands. Expats, foreign students and seasonal workers do not need to apply for a Dutch DigiD, but can log in using their own eID instead, for instance to apply for a parking permit or to inform their municipality they have moved.
National login schemes or eIDs
In the Netherlands, we use DigiD, eHerkenning or Idensys. The Fins use a Mobiilivarmenne or FINeID; in Denmark, one can log in using a NemID; and in Spain, citizens use a Documento Nacional de Identidad electrónico (DNIe).
Incoming and outgoing traffic
The regulation consists of two parts, i.e. incoming and outgoing traffic.
Incoming traffic
European citizens using their national login scheme to log in to Dutch service providers. For instance, expats can already log in to the portal of the municipality of Wassenaar by means of their own national login ID in order to access their personal data. This section of the regulation is mandatory for Dutch public organisation.
Outgoing traffic
Dutch citizens logging in to service providers elsewhere in Europe using a notified login scheme (recognised by Europe). This part of the regulation is not mandatory However, DigiD, eHerkenning and Idensys intend to have their login schemes notified. This will render them suitable for logging in to all European government services.
Regulation concerns the entire public sector
Since all member states must implement the mandatory section of the regulation, so – obviously – must the Netherlands. The public sector is at the forefront of this development, as the European measure is binding for all public organisations (i.e. those offering digital services involving online authentication and accepting login schemes with 'substantial' and 'high' levels of reliability). Apart from this, private organisations performing public tasks likewise need to comply with the regulation. Thus, the regulation concerns ministries, implementing organisations such as RDW and UWV, municipalities, provinces, district water boards, but also private independent administrative bodies (ZBOs), academic hospitals and pension funds.
On 25 July 2017, the Dutch Ministry of Economic Affairs issued an administrative letter on eIDAS (only Dutch). This letter informs 808 public organisations and private organisations performing a public duty regarding the eIDAS regulation. If your organisation received this letter, you are obliged to comply with this European regulation.
What does your organisation need to do to comply with the obligation?
In the Netherlands, you can comply with the eIDAS obligation for online access through the eHerkenning | Idensys system. This means that by connecting to an eHerkenning | Idensys broker you will comply with the obligation to grant EU citizens online access to your service. As accredited brokers, we are able to arrange this connection for you.
Are you already connected to eHerkenning | Idensys? Then you are part-way to complying with the measure.
Are you participating in DigiD? In that case, we can arrange a connection to eHerkenning | Idensys for you.
Please contact us to find out which steps you need to take.
What is the advantage of the eIDAS regulation for my organisation?
Prior to the eIDAS regulation, your customer service was tasked with the administrative processing of European citizens, consumers and company representatives. These administrative processes were often long-winded and complex compared to the digital services that were already being provided for Dutch citizens, consumers and company representatives. Thanks to the eIDAS regulation, public services providers will be able to render services to European citizens, consumers and company representatives more easily and more cheaply.
Trust services
The European Union's eIDAS legislation goes beyond electronic identification.
Trust services are electronic services, usually provided for remuneration, which comprise the following:
- creating, verifying and validating electronic signatures, electronic seals or electronic time stamps, services for electronic registered delivery and certificates related to those services; or
- creating, verifying and validating certificates for website authentication; or
- preserving electronic signatures, seals or certificates related to those services (article 3, under 16, eIDAS Regulation).
Trust services are understood to mean:
- electronic signatures (also called digital signature, e-signature or e-sign);
- electronic seals;
- electronic time stamps;
- services for registered delivery;
- electronic certificates for website authentication.
With regard to trust services, a distinction is made between qualified and non-qualified services. In principle, a non-qualified supplier is any supplier offering such a service. A qualified provider is a provider that offers services with a higher level of reliability.
The change that probably impacts on the providers of such services most is the new notification requirement and duty of care. As from 1 July 2016, providers of both qualified and non-qualified trust services are to report incidents with a significant impact to the supervisory body (the Authority for Consumers and Markets – the ACM) and, where appropriate, also to the Dutch Data Protection Authority (AP) and the National Cyber Security Centre (NCSC). Moreover, there are enhanced supervision and security requirements. For instance, qualified trust service providers are to carry out annual security audits and submit their results to the supervisory body.
You can read more about trust services in the eIDAS regulation on the website of the Dutch Radiocommunications Agency (Agentschap Telecom).
Are you a trust service provider and do you want to find out what this means to your organisation and which measures you need to take? Please contact us. We are happy to help you!
Active security policy
Digidentity has an active security policy, to be able to continuously offer products and services in the safest and most reliable manner.
Certified Trusted Service Provider
Digidentity is a certified Trusted Service Provider (TSP). As objective organisation, we provide commercial reliability with digital transactions. We do this with commercial and technical security services.
A TSP has technical and legally reliable resources for performing and facilitating electronic transactions, and for producing objective evidence in case of disputes.
Periodic audits
As neutral facilitator, it is important to us to control our processes. To guarantee this control, Digidentity is periodically audited according to the norms of ETSI EN 319 411-1, ETSI EN 319 411-2 and ISO 27001:2013.
For more information, read the general terms and conditions of Digidentity and the Certificate Practice Statements of PKIgovernment.
Highest safety standards
We comply with the strictest safety standards and are authorised to provide digital identities. The information that we send via the internet is secured on a very high level.
We are thus not only a Trusted Service Provider, but also a Certification Authority and hold a PKIgovernment certificate. Our organisation, systems and employees are periodically audited and found acceptable by BSI. This happens conform the CWA requirements.
Our certifications

BSI - ISO/IEC 27001:2013
Delivery of Identity Services, Digital Signing and Certificate Services by the processes Registration, Dessimination, Authorisation, Broker and Revocation Service, IT Operations and Development.
BSIGroup.com Certificate ISC 066
BSI - ETSI EN 319 411-1
Trust Service Providers issuing certificates; Part 1: General requirements
Providing Certification Authority processes and services under the Staat der Nederlanden Root CA-G2, the Staat der Nederlanden Organisatie CA-G2 and the Staat der Nederlanden Burger CA-G2.
BSIGroup.com Certificate ETS 043
BSI - ETSI EN 319 411-2
Trust Service Providers issuing certificates; Part 2: Requirements for Trust Service Providers issuing EU qualified certificates
Providing Certification Authority processes and services under the Staat der Nederlanden Root CA-G2, the Staat der Nederlanden Organisatie CA-G2 and the Staat der Nederlanden Burger CA-G2.
BSIGroup.com Certificate ETS 015
PKIgovernment
Public Key Infrastructure for the government, in short PKIgovernment, enable reliable communication. PKI certificates secure the information that persons and organisations send via internet on a high level of reliability.
Logius.nl
eHerkenning
We are officially recognised by the eHerkenning administration organisation, part of the minister of Economic Affairs, as eHerkenning broker. This means that we can offer services and solutions for the total playing field of eHerkenning, the successor of DigiD for companies.
eHerkenning.nl
Idensys
Login safely on the internet. This is very important when doing business with the municipality, the Tax department or a health care insurer online. This is also important when you shop or bank online. The government and enterprises thus work together to safely login on the internet. The new way of logging in is called Idensys.
idensys.nl
tScheme
tScheme is the independent, industry-led, self-regulating system set up to create strict assessment criteria based on which the Trust Services will be approved.
tScheme.orgMemberships
Digidentity not only develops online identities, but is also active in the world of online identities. By participating in various interest groups within the industry, we have a voice to convey the importance of safe and reliable online services. We also do this beyond the borders of the Netherlands. So came Marcel Wendt, founder of Digidentity, to be a board member of the eHerkenning / Idensys system and of OIX UK Europe.

Nederland ICT
Nederland ICT is the trade union of the ICT sector with a membership of more than 550 connected companies. Their supporters represent circa €30 billion turnover. With members ranging from large to SMEs, from all segments of the ICT sector. Nederland ICT is the most significant role player and it represents the interests of everyone across the industry.
nederlandict.nl
Open Identity Exchange UK Europe (OIX UK)
OIX UK is a nonprofit organization, working globally with the private sector, and the government, to promote and expand existing and new identity products, with a focus on British citizens.
oixuk.gov
Digital Identification and Authentication Council of Canada (DIACC)
DIACC works, but also builds lasting relationships with like-minded organizations to increase national and international opportunities for the Canadian modernization of digital services and to contribute actively to the global digital economy. Digidentity is a member of DIACC.
diacc.caRequirements
View the information about requirements and regulations that are applicable to the products and services supplied by us.
eHerkenning
These terms and conditions are applicable to providing services in the framework of the Network for eHerkenning and the Authorisation register AuthorisationOnline.
Certificates
Certificate Practice Statement
A Certification Practice Statement (CPS) states for which procedures and norms Digidentity issues and administers certificates.
- CPS Digidentity PKIgovernment v1.13
- CPS Digidentity PKIgovernment v1.12
- CPS Digidentity PKIgovernment v1.11
- CPS Digidentity PKIgovernment v1.10
- CPS Digidentity PKIgovernment v1.9
- CPS Digidentity PKIgovernment v1.8
- CPS Digidentity PKIgovernment v1.7
- CPS Digidentity PKIgovernment v1.6
- CPS Digidentity PKIgovernment v1.5
- CPS Digidentity PKIgovernment v1.4.1
- CPS Digidentity PKIgovernment v1.3
- CPS Digidentity PKIgovernment v1.2
- CPS Digidentity PKIgovernment v1.1
- CPS Digidentity PKIgovernment v1.0
PKI Disclosure Statement (PDS)
A PKI Disclosure Statement (PDS) is the document in which Digidentity summarises the CPS.
- PDS Digidentity PKIgovernment v1.3
- PDS Digidentity PKIgovernment v1.2
- PDS Digidentity PKIgovernment v1.1
- PDS Digidentity PKIgovernment v1.0
Regulations
Which national and European regulations are applicable to products and services of Digidentity?
Terms and conditions Digidentity Identity Services
Version 2.3
Last update: 10 January 2018
1. About us
- Digidentity BV is a registered company in the Netherlands, with company number 27322631, situated at Waldorpstraat 17 P (2521 CA) in The Hague.
- Questions about the identity service can be resolved via the website (www.digidentity.co.uk) or by contacting the service desk via phone (+44‐33‐06060732) or e‐mail (helpdesk@digidentity.co.uk).
2. Contract and Scope of Application
- You agree to these terms and conditions by applying for an identity account via Digidentity. The terms and conditions will continue to apply whether or not the verification of your identity is successful or not.
- Excluding any other terms and conditions, the present terms and conditions will apply to all aspects of the relationship and the contract between you and Digidentity, unless otherwise expressly agreed to in writing from Digidentity. Unconditional acceptance and agreement of these terms and conditions is implied.
- Digidentity reserves the right to unilaterally modify the terms and conditions at all times. The modified terms and conditions will apply immediately after being published on the website. You will be informed of any changes via notifications on the website and/or by notifications in your identity account.
- In the event that you are not in agreement with any modified or revised Digidentity terms and conditions, then you are able to withdraw from using the service via your identity account. In your identity account you have the possibility to deactivate your identity account.
3. Identity Service
- On applying for an identity account the process of verification will begin immediately, including the validation of documents and data provided by you and by other sources. If the completed verification process results in a confirmation and/or validation the fully verified identity account will be provided. The decision to grant an identity account remains exclusively with Digidentity at all times.
- On granting an identity account the necessary user name, password and other modes of access will be provided. The log in details are strictly personal and confidential. Sharing this information with any other person or entity is not permitted, you must take all reasonable measures to prevent the abuse, misuse, theft, or loss thereof.
- Documentation and information provided for the verification of identity will be stored by Digidentity in accordance with appropriate data protection laws as set out in the privacy policy. After issuing a fully verified identity account, and providing the means to access personal identity accounts, it will be necessary to re‐validate your existing information/data via the relevant issuing authorities from time to time. This is necessary in order to ensure that Digidentity have the most up‐to‐date details available for the purposes of identity verification.
- Verified identity accounts (fully verified or not) are valid for a period of one year. After one year the account will be deactivated automatically and will require reactivation by you. A notification to reactivate an account will be visible the first time trying to log in after one year has elapsed.
4. Termination
- You may deactivate identity accounts at any time by using the "deactivation" button in the identity account. A 3 hour 'cool off' period is required, as set out in our privacy policy. If you wish to reactivate an account, you can log back in within 3 hour after requesting deactivation. After 3 hour have elapsed, with no reactivation by you, the account will be rendered inaccessible and will be no longer be available to use. Relevant records will be kept for the purposes of auditing, in accordance with appropriate laws.
- Digidentity reserves the right to deactivate accounts with immediate effect if there is any reason to believe or to suspect that the verification and/or validation provided has been faulty or is no longer correct. In order to gain access to an identity account again you will be required to apply for a new identity account.
- Digidentity reserves the right to deactivate accounts with immediate effect if communications from you to Digidentity employees are considered harassing, threatening, abusive and beyond the provision of reasonable services offered to support applications for identity verification. Any continuation of abusive, threatening or harassing behaviour will be reported to the appropriate authorities.
- Digidentity reserves the right to deactivate accounts with immediate effect if it is suspected or known that the information provided during identity verification is false/fraudulent as set out in the privacy policy. Any fraudulent activity will be referred to the relevant authorities. On behalf of the Identity service, the Government Digital Service may also report any suspicious activities to any relevant body or appropriate.
5. Our Obligations
- Digidentity will provide the identity service as described on the website in accordance with the terms and conditions, the associated privacy policy and Good Industry Practice. In the provision of identity verification Digidentity will act diligently and with reasonable care. Digidentity will carry out any contractual obligations involving efforts in verification processes, however, you cannot derive any rights from these obligations in order to guarantee a successful outcome in your application for an identity account.
- Digidentity aims to provide a continuously functioning and accessible identity service, but makes no guarantees about the availability of any services provided. You accept the fact that errors (temporary) may occur which would render the service inaccessible on some occasions.
- Digidentity reserves the right to limit access to, or render the identity service entirely inaccessible for limited periods of time in order to carry out maintenance and/or implementation of required modifications. Digidentity aims to carry out these scheduled 'down times' in periods which could be reasonably determined to affect the minimum number of users as far as possible e.g. outside of office hours.
- Digidentity will provide the service in accordance with the published Digidentity Privacy Policy. This Privacy Policy is accessible from the service and will be updated from time to time to reflect changes in the processing of data in relation to the service.
6. Your Obligations
- You agree to supply the necessary and required information and documentation in order to apply for the verification of identity. This includes a variety of personal information, and may or may not include passport, driving licence, a live bank transaction for £0.00 and knowledge based questions. You agree that in consenting to these terms and conditions that your consent is given to the extraction of data from your credit file in order that the knowledge based questions can be generated.
- You agree and understand that verification of identity is a process reliant on personal details, available documentation and information provided by you, and is uniquely based on your own details. You accept that their identity verification process cannot be based on that of other user experiences or requirements.
- You agree to ensure and guarantee that all data, documentation and information provided is correct, complete, accurate and up‐to‐date and conforms to the requirements as set out by Digidentity during the process of identity verification. You agree to notify Digidentity of any changes to your registration information. You agree to follow instructions and requirements for any transfer of data (via the online process, or using the mobile/tablet application) as indicated by Digidentity.
- You accept and agree to inform Digidentity immediately if there are any security concerns, security issues or data leaks. Any report of this information to Digidentity will be treated as strictly confidential, and handled in accordance with appropriate laws and regulations in order to minimise damage to the affected users, to Digidentity or 3rd parties. Digidentity aims to resolve any security alerts or hazards as fast as reasonably possible and will take steps to inform any 3rd parties affected.
- You accept the obligation to inform Digidentity of any violation of the terms described in articles 6, 8 and 9 accompanied by a detailed description of such violation and all other relevant information. You must take all reasonable measures to prevent further and/or continuing violations and shall take all reasonable measures to limit any damage resulting from such a violation.
7. Reasonable Use of Website and associated materials
- You are prohibited from copying, passing on, selling, publishing or making profit from any content of the website, products, services or associated materials of Digidentity
- You are prohibited from using the website, products or associated materials of Digidentity in any way that causes, or may cause, damage to the website or impairment of the performance, availability or accessibility of the website, products or associated materials.
- You are prohibited from accessing the website and associated materials of Digidentity using any robot, spider or other automated means.
8. Personal Data
- You acknowledge that the identity service is an authentication service and agree that Digidentity will use data to undertake a search for the purposes of verifying identity or the validity of any data or documents. In order to do this Digidentity may compare and check data against available databases (public or otherwise) which are accessible for the purpose. A record of the search will be saved for 7 years, as indicated in the privacy policy and in accordance with the requirements of appropriate laws and record keeping.
- By entering into the contract you agree that personal data will be processed according to the Dutch personal data protection act, and in accordance with The Data Protection Act 1998 (UK). The data protection acts refers to the law regarding the protection and processing of personal data.
- Digidentity and any relying parties' process information according to the laws specified in clause 8.2. Digidentity remains the responsible party for the processing of personal data at all times, whether using relying parties or not, in accordance with the Dutch Personal Data Protection Act and The Data Protection Act 1998 (UK) as a Data Controller.
9. Confidentiality
- Digidentity and you are obliged to take all reasonable measures to protect confidential information or the identity account from unauthorised access, loss, damage, modification or unauthorised processing. In the event that this occurs Digidentity must be informed immediately of any such unauthorised access, loss, damage, modification or unauthorised processing
10. Rights of Ownership and Intellectual Property
- Any intellectual property rights associated with the identity service or associated materials remain at all times the property of Digidentity, the licensee or our supplier.
- The right to use the identity service or associated materials related to the identity service does not imply any transfer of any intellectual property rights of the identity service or associated materials to you. Digidentity only provides a non‐exclusive right to use the identity service and/or associated materials for the purpose of identity verification and creating an account. The rights of your use is strictly personal and cannot be transferred to any other person.
- You are prohibited from using the identity service, data or associated materials in any way, or by use of any part, that would result in the violation of intellectual property rights of Digidentity, the licensee or suppliers.
- Digidentity reserves the right to take all measures necessary in order to protect intellectual property rights owned by them, the licensee or suppliers. These measures include the termination of the use of the identity service or associated materials upon the termination of the contract. You are prohibited from removing or circumventing any such measures in any way
11. Liabilities
- Nothing in these Terms and Conditions excludes or limits our liability in respect of a) Any breach of law by Digidentity or its sub-contractors, b) any loss, unauthorised access to or corruption of Personal Data held by Digidentity or its sub-contractors (including any credentials issued to you), c) any wilful default on the part of Digidentity or its sub-contractors. Any other limitations on liability included in these Ts&Cs must be reasonable in all the circumstances of the services provided by Digidentity to the user.
- We are not responsible to you for any loss or damage suffered by you which was not an obvious consequence of us breaching these Terms and Conditions. We are not responsible to you for losses which you suffer due to any events beyond our reasonable control. We are not responsible to you for losses which you suffer which are not directly caused by our actions.
- Digidentity cannot be held liable for damages resulting from events beyond reasonable control or not caused directly by actions by Digidentity.
- Digidentity cannot be held liable for any indirect damages or damages caused because you did not/or do not take appropriate measures to i) limit such damages immediately after a damaging event has occurred, ii) prevent further damage or subsequent damages resulting from the initial event, iii) immediately took action to inform Digidentity about events which would cause damages and/or took action to provide relevant information to Digidentity.
- In all cases the liability of Digidentity shall be limited to the usual and foreseeable damages. Digidentity can not be held liable for any business damages after using the identity service in the capacity of a consumer.
- Digidentity can never be held liable in respect of any damages resulting from
- Your unauthorised or improper use of the data, the identity service and/or related materials;
- That the data you have provided is incorrect and/or incomplete, or not provided to Digidentity in a timely manner;
- Losing your own data;
- Your failure to abide by any obligations as provided in these terms and conditions, including not cooperating with the terms and conditions.
- The late, incorrect, or incomplete accessibility of the identity service;
- a. Miscommunication or loss of messages and notices resulting from the use of a mode of communication selected by you or resulting from the dysfunction of any materials used by you, including improper functioning of the internet;
- The use of materials selected by you;
- The unauthorised use, loss or theft of log in details that have been provided to you;
- The downtime or unavailable online tools of third parties.
12. Limitation of Action
- Any claim for damages against Digidentity must be brought within one year after the damage has occurred.
13. Force Majeure
- Digidentity are not obliged to perform any of the obligations under the contract or the terms and conditions in case of force majeure. Force majeure is understood to include but is not limited to:, improperly functioning materials provided by users, requirements under the law, power cuts, improper functioning of the internet, or of computer‐ and telecommunication facilities, extreme weather conditions, fire, flooding, war, strike, general problems of transportation and unavailability of one or more of Digidentity employees.
14. Applicable Law and Disputes
- The contract and the terms and conditions are governed by Dutch law in adherence and conformity with application European Directives, specifically Article 8 of the European Convention of Human Rights regarding laws on privacy.
- Any dispute that cannot be settled amicably will be brought before the competent judge of the place where Digidentity have a statutory seat (The Hague). If applicable Dutch or European law provisions determine that another judge is also competent, then the case may also be brought before this judge. If applicable Dutch or European law provisions determine that another judge has exclusive competence, then the case may only be brought before this judge.
15. Warranties
- Digidentity do not provide for any other guarantees, undertakings, and/or commitments than those explicitly provided for in the terms and conditions.
16. Concluding Provision
- Should any provision of the terms and conditions be declared invalid or void, this shall not affect the validity of any of the other provisions included in the terms and conditions. In such case Digidentity will amend the terms and conditions with the aim to achieve the same object and purpose served by the provision declared invalid.
Definitions
The following words have the following meaning:
-
User
"User", "you" or "your" in these Terms and Conditions refer to you as a user of the Identity Service.
-
Identity service
The service provided by us to you entailing the verification of your identity and/or the validity of any documents or data. If this verification and/or validation process results in a confirmation and/or validation of the information provided by you, an identity account will be created for your personal use.
-
Relying party
The relevant third party who requires you to verify your identity in order for you to use its services, i.e. Government Departments like rand HMRC.
-
Contract
The relationship between you and us, governed by the terms and conditions according to article 2.1.
-
Terms and conditions
These terms and conditions as set out here.
-
Identity account
Your unique user profile provided to you by us after successful identification and/or validation of data and documents.
-
Data
Any data you have provided to us or in connection with the Digidentity Service.
-
Licensee
The holder of a licence for intellectual property rights connected to the identity service.
-
Materials
Materials shall refer to any software, hardware, websites, database, designs, models, programs, reports, and other identity services and materials put to use by us or the relying party in relation to the identity service.
-
In writing
For the present terms and conditions, the term "in writing" will refer to any written communication, whether this be by electronic means or by regular postal mail.
-
Good Industry Practice
At any time, the exercise of that degree of care, skill, diligence, prudence, efficiency, foresight and timeliness which would be reasonably expected at such time from a leading and expert provider of services which are similar to the Digidentity Service, such provider seeking to comply with its obligations in full and complying with applicable laws and with ISO27001 and tScheme accreditations.
Privacy Policy Digidentity Identity Service
Version 1.3
Last update: 10 January 2018
Purpose of the Policy
This Privacy Policy, together with the Terms and Conditions, describes how we protect your privacy and how we use information about you when providing the Identity Service to you.
At the core of our service is the belief that your data belongs to you and to you alone. We only use your data to verify your identity. We do not share your data with 3rd parties, we do not allow anyone else to use or access your data outside the purposes for delivering the Identity Service to you
Any data we are in possession of about you is protected and handled in accordance with:
- Dutch Personal Data Protection Act, registration number 1451668
- The Data Protection Act 1998 (UK)
Digidentity are committed to protecting and respecting your privacy. This Policy sets out how we both use and protect the personal information that you provide to us when you use the Digidentity Services. Dutch Personal Data Protection Act, registered under number 1451668.
What information we collect
To provide the Digidentity service we will need to collect information from you for the purposes of registration and continued use of the services. We will seek your consent to the collection and processing of your personal information at the time of collection.
We only collect and process data that is needed to verify your identity and provide you with our identity service. This includes but is not limited to:
- Name, forename and middle name
- Title
- Gender
- Date of birth
- Current and previous addresses
- Telephone numbers
- E-mail addresses
- Passport Number
- Driving Licence number
- Photos of you that you provide in our app ('Selfie')
- Credit Card number (only the last four numbers are kept)
What we do with the information we collect
We collect information from you to provide the Digidentity service you have requested, and in particular to:
- Verify your identity against publically available data sources including your financial history. Your financial history is obtained from our credit reference agency, who may place a record of this check on your credit file, known as a `soft marker`. This will not affect your credit status or ability to obtain credit in the future.
- Verify your Identity by checking your documentation with the GOV.UK Document Checking Service, which can verify information against government data sources including information held by the Driver and Vehicle Licensing Agency (DVLA) and HM Passport Office.
- Verify your Photo with our partner who will verify your picture against other relevant documentation.
- Check the bank details you have provided are valid by making a zero-value payment to your bank account via our Payment Service Provider.
- Enable us to contact you by means such as SMS, E-Mail etc.
- Help us respond to your Technical or Service queries.
In each instance we will seek your consent to this sharing of your personal information.
Who we share information with
The data you provide to us will not be disclosed to organisations other than to the suppliers that we work with to deliver the service to you.
We may disclose your personal data where we have your permission or where we are under a duty to share your personal information in order to comply with any legal obligations.
How you can access or amend the information we hold about you
You may request details of personal information we hold about you in accordance with the Data Protection Act (1998). To do so, or if you think the information we hold about you is incomplete or incorrect or you wish to have your account removed, please contact us at:
Digidentity BV | Postbus 19148 | 2500 CC 's-Gravenhage | Nederland
Telephone (0)887 78 78 78 | E-mail info@digidentity.eu | Web www.digidentity.eu
Don't forget to mention in your mail that this is about an information request.
If the information we hold about you is inaccurate, you can also access and update it at any time by logging on to the Digidentity website www.digidentity.co.uk and updating your profile.
Your data is only processed for as long as you have an active account with Digidentity, and only for the purposes described in this Privacy Policy and in accordance with the relevant laws. If you request that your account is removed, there will be a 3 hour 'cool down period'. If your account is not re-activated within 3 hours, it will be closed and therefore inaccessible which may impact your ability to access other services which require your identity to be verified.
Your information will be encrypted and stored in accordance with legal requirements for a period of 7 years for audit purposes. After 7 years the data is permanently removed from our systems.
How we protect your data
We operate an extensive security policy to ensure that all reasonable efforts are made to ensure the personal information collected by the service is made available to you, remains confidential, and is protected from disclosure or unauthorised amendment.
Where we send data to third parties to help us provide the service to you, we will provide those third parties with only the information they need to deliver the service. Those Third Parties are prohibited from using this information for any other purpose than stated in this Policy.
How we use cookies
We use cookies to help us deliver an effective online service. Cookies are files that store information on your hard drive or your browser. These cookies mean that the Website can recognise that you have previously visited the Website. This allows you to maintain your preferences on the Website and for us to measure the usability of the Website.
You can, should you wish, disable the cookies from your browser and delete all the cookies currently stored on your computer. However, by deleting the cookies you may find you are prevented from taking full advantage of the Website. You can find out how to delete cookies for your browser by clicking 'help' on your browser's menu.
Where we use third parties to deliver a service on our behalf, please visit their website to obtain further information regarding their use of cookies.
We use only session cookies to help identify your computer so we can improve the website's usability, analyse the use of the website, prevent fraud and improve the security of the website.
We use Google Analytics with anonymous IP to analyse and create reports about the use of our website. We don't use third party cookies for any commercial purposes.
How to contact us
If you have any questions regarding this Policy or would like any further information regarding how your information is used or shared please contact Digidentity either by writing to us at:
Digidentity BV | Postbus 19148 | 2500 CC 's-Gravenhage | Nederland
Telephone (0)887 78 78 78 | E-mail info@digidentity.eu | Web www.digidentity.eu
Dont forget to mention in your mail that this is about an information request.
Changes to this privacy policy
Our Privacy Policy may require updates from time to time. Any changes we may make to our Privacy Policy in the future will be published on our website www.digidentity.co.uk. In addition, registered users will receive an email to inform them of changes.
Our philosophy
Success does not just happen. We are working hard for it based on 4 core values that make us who we are: as authentic as our clients.
Our core values
We focus 100%
What defines our work? We want to give internet users back their privacy. That is the core of our business, the core of our existence. Too much personal details are available on the internet. We are bringing it back to one, safe place. To one, reliable online identity. This way you gain control over your own data. We focus on this. Purely and solely. With our full attention. So that we can excel in it.
We operate internationally
Every individual, his online identity. That is our mission. For this purpose, we are building a scalable platform that is as international as the internet itself. With a unique digital passport you can use anywhere in the world. Safely and reliably. Logically we will focus further than just the Netherlands. You will find us in the United Kingdom. And behind the scenes where are also advising in multiple countries about the developments concerning digital identities. Call use involved across borders.
We put the user first
Nothing more personal than an online identity. The optimal personal experience of our service is then also a central point in our service. How do make the service even more safe, more easy – those are the questions we are continuously asking ourselves. The key factor is the protection of information, so we offer clients privacy and we gain trust. We use our user feedback, analytics and our UX Lab test results to gain happy clients. This way, our product sells itself.
We are raising the bar
We are working hard for the best possible result. Together we will decide how we will do that. We take and organise the area to realise our own ideas for it. In addition to this, we also take into consideration the interest of the entire industry. This means that we are rather an entrepreneur than an employee: we detect new opportunities and combine these.
Responsible Disclosure
At Digidentity we are proud of the technology and services that we developed. Regardless of our continuous care for the protection of our systems, it is still possible that it may be used in unauthorised ways.
Report your findings.
If you find a weak spot in one of our systems, please let us know. We will always seriously consider your notification and will investigate every possible vulnerabilities. In this way we can repair this as quickly as possible. This way, we can work with you to protect our clients and systems.
We ask you
- Please e-mail your findings to our Network Operation Centre ;
- Do not abuse the problem, by for example
- reading more information than is necessary to prove the leak;
- download, delete or edit data or components of the software system;
- Do not use attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties;
- Provide adequate information to reproduce the problem so that we can solve it quickly;
- Do not share the problem with others until we have stated that the vulnerability has been rectified and that we have agreed with you to make it public.
We promise
- To respond to your notification within 3 days. We will give our assessment of the notification and an expected date for a solution;
- We will not take any legal steps against you about your notification. If you at least kept to the abovementioned requirements;
- We will treat your notification confidential and will not share your personal data with third parties without your consent;
- We will inform you about the progress of our rectification of the problem;
- We will mention your name as the person who detected the problem in notifications, but only if you want this;
- As a token of our appreciation for your help, we would like to offer you a reward. We will make a €100 donation to any of the following charities, according to your choice for every problem with our security that you detect. Choose from CARE , Homeplan , Edukans .
Summary of the Notifications
Complaints Procedure
Version 1.0
Last update: 18 January 2016
Contacting us with feedback
At Digidentity we do our best to ensure that we provide the best services and products possible. We do understand that sometimes users may want to pass on their feedback and concerns. In the event you wish to comment about the services we offer, you are able to contact us with more details.
How can you get in touch?
You are able to contact us via email, chat and telephone. The details of which are as follows:
Email: helpdesk@digidentity.co.uk
Chat can be accessed via our website www.digidentity.co.uk
Telephone: +44(0)330 60 60 732
How we handle your feedback/comments?
Any information we receive regarding our services or products is taken seriously in order to improve our overall service. We do our best to treat all users with respect, and genuine understanding of the importance of their situation, with the ultimate aim of helping and resolving any issues.
First contact
The first point of contact will be our one of our dedicated support agents, where any concerns or feedback you have will be responded to as quickly and clearly as possible. In handling your enquiry our team will also ensure that your provided feedback or information is passed on to the correct channels and is available for the review and evaluation of our services. All information will be recorded via email if this was not the primary method of contact.
Our support agents are trained and able to respond to almost all enquiries.
Transferring
In the event you are not satisfied with the response you have received your details will be forwarded to the next available supervisor, who will investigate the case further and respond to you personally. It may be necessary for the supervisor dealing with your enquiry to consult with others regarding the details of your enquiry, or to request more expert advice. The details of your enquiry will be treated with respect at all times with the aim of resolving your issues or concerns.
In the unlikely event your concern, feedback or issue is more serious it will be passed onto the management to deal with. This will be determined by the supervisor handling your case.
Public Service Description
Version 1.3
Last update: 13 April 2017
Digidentity is a certified identity provider for the GOV.UK Verify service, and as such is listed by GOV.UK as a certified company: GOV.UK website.
Via Digidentity:
- Users can register for a Digidentity account to assert their identity.
- Users with an asserted identity can access services available for GOV.UK Verify.
- Users can expect the highest standards of authentication and security available.
To provide this service to users, Digidentity ensures that the requirements and standards of the UK Government in GPG (Good Practice Guide) 44 and GPG 45 are met.
Once a user has successfully verified for an identity account for GOV.UK Verify LoA1 or LoA2, it can be used to access associated LoA1 or LoA2 services provided by the GOV.UK Verify initiative.
How the service works

Registration
Via the GOV.UK pre-registration questions, Digidentity can be chosen as the identity provider. Once chosen, users are automatically directed to the registration process of Digidentity. The registration process will be per the chosen LoA. Users are required to accept the terms and conditions, without accepting these it is not possible to register.
Authentication
When logging into their profile, or when requiring access to GOV.UK Verify services, users are required to make use of the 2-factor authentication. Users can opt for SMS or by using the Digidentity Authenticator app available. Once authenticated users can access services and/or their profile to maintain it.
IPV
Identity proofing and verification is at the core of creating a digital identity. The information required to verify an identity is dependent on the Level of Assurance. The higher the level, the more assurance is required.
Account Maintenance
Users are in control of their own identity account, and can also make changes where needed e.g. change of name because of marriage. Changes are always verified to ensure maximum protection and security, and for fraud prevention.
Registration
Making an account
Once directed to the Digidentity process users are required to make a username, password and to confirm their email address. Once this is complete the user needs to choose their form of 2- factor authentication, e.g. SMS. 2-Factor authentication is always required to secure the account for GOV.UK verify.
Entering personal details
Users are required to enter their personal details, including; name, date of birth, gender (optional) and address. Sometimes name history and/or address history is required. Once this is entered the details are confirmed and used to collect data from a credit file. The data collected is NOT a credit reference, and has NO impact on the credit reference. The data is used to check and verify information for the process of verification, along with data/document checking services provided by the Government.
Identity proofing
Depending on the Level of Assurance users will be required to provide evidence of the identity. Users registering for LoA2 are required to reach a higher level of assurance and will need to supply a combination of evidences which include (but not limited to): UK passport, Non-UK passport, Photo card ID (Government issued), Photo card driving licence, mobile phone contract, bank transaction £0.00 and knowledge based verification (questions generated from the data). Users can also choose to provide their details using our mobile app. Since photos are required of the document, and selfies too, more assurance is attained per document. Users who provide a UK Passport with the app therefore, need only add one more piece of evidence e.g. bank transaction £0.00.
Completion
Once the process of verification is completed the user will be redirected to the service they initially required. To access services of GOV.UK in the future users can use their existing account credentials, and once successfully logged in, will be redirected to the service required.
Revalidation
During the lifespan of the account it is necessary to revalidate details within 180 days of the registration date. Revalidation is a requirement per the Good Practice Guide set out by GOV.UK. Revalidation ensures the integrity of the data within the user account. If the account revalidation occurs users may be asked to take steps to update their information e.g. passport is expired and so add a new one.
Support
Users requiring support during the process are able to contact us:
Email: helpdesk@digidentity.co.uk
Phone: +44(0)330 60 60 732
Monday to Friday 08:00 to 22:00
Saturday and Sunday 08:00 to 17:00
Calls cost no more than calls to geographic numbers (01 or 02) and your telecoms provider must include these calls in inclusive minutes and any discount schemes in the same way.