Using digital identities under the Money Laundering Regulations: What regulated firms need to know

On 26 February 2026, HM Treasury and the Department for Science, Innovation and Technology (DSIT) published new guidance clarifying how digital identities can be used to meet obligations under the UK Money Laundering Regulations (MLRs). This long‑awaited update gives regulated firms a clearer, more confident route to incorporating digital verification into their AML compliance processes.  

As digital verification becomes an increasingly central part of customer onboarding, the new rules offer a practical, secure and future‑ready pathway. Below, we break down exactly what the guidance means, top takeaways for firms, and how Veriphy can support your transition to compliant digital identity checks. 

What is a digital identity? 

A digital identity is a digital representation of a person, either as an individual or acting on behalf of an organisation allowing them to prove who they are without presenting physical documents. With consent, a digital identity can share attributes such as name, address, age or even biometric data such as facial recognition. Digital identities can be used online or in person, typically via a smartphone or computer.  

These identities are created and verified using Digital Verification Services (DVS), which often rely on the same authoritative sources used in manual checks (e.g. passports, driving licences).  

What the guidance means for regulated firms 

The 2026 update makes the government’s position clearer than ever: 

• Certified and registered DVS can be used to meet identity verification requirements under Regulation 28 of the MLRs. 

• Digital identity checks support Customer Due Diligence (CDD) but do not replace broader AML responsibilities such as risk assessments, ongoing monitoring and enhanced due diligence. The liability remains with the regulated entity.  

This clarity helps firms move away from paper‑based processes and toward faster, more secure digital onboarding provided they choose certified providers. 

Top 5 takeaways from the new guidance 

1. Digital identity checks are now formally recognised for AML compliance.

Certified DVS solutions meet the standards required for Regulation 28 identity verification for individuals and directors.  

2. Digital identity supports innovation while maintaining sector‑specific compliance. 

The UK’s digital identity trust framework is deliberately technology‑agnostic, allowing firms to adopt modern verification tools without being restricted to specific systems, as long as they meet certification standards.  

3. Digital identity improves security and reduces impersonation risks.

Certified DVS providers must meet strict anti‑impersonation assurance levels, making digital checks as reliable, if not more so than manual processes.  

4. Digital identity does not remove firms’ wider AML obligations. 

Regulated businesses must still demonstrate risk‑based decision‑making, maintain consistent processes, and ensure thorough record‑keeping under MLR Regulation 40.  

5. The shift could generate significant efficiency and economic benefits.

The government estimates digital identity adoption could add £701 million annually to the UK economy through efficiency gains.  

How Veriphy helps regulated firms stay compliant 

At Veriphy, we’ve always focused on making compliance simpler, safer and smarter for regulated organisations. The new guidance aligns perfectly with our mission and strengthens the case for adopting modern digital onboarding tools. 

Here’s how Veriphy supports full compliance under the updated MLR guidance: 

✔ Certified, trusted identity verification 

Veriphy’s digital identity solutions align with the standards set by the UK Digital Identity & Attributes Trust Framework, helping you meet Regulation 28 verification requirements with confidence. 

✔ Secure, remote, user‑friendly customer journeys 

Identity checks can be completed in minutes on a smartphone or computer, reducing friction for clients while maintaining robust security backed by authoritative evidence sources. 

✔ Stronger fraud prevention and anti‑impersonation assurance 

Our identity verification tools incorporate document verification, biometric checks, and automated fraud detection to minimise onboarding risks. 

✔ Fully documented, audit‑ready AML records 

We ensure firms retain the datasets and evidence required under MLR Regulation 40, keeping you protected and ready for supervisory review. 

✔ Seamless integration into your existing processes 

Veriphy makes it easy to move from manual checks to digital processes without compromising consistency, risk assessment, or oversight. 

The 2026 guidance is a pivotal moment for the UK’s AML landscape. Digital identity is no longer a “nice to have”, it is now a mainstream, government‑endorsed method for fulfilling identity verification obligations. 

Regulated firms that adopt certified DVS solutions will benefit from: 

• Faster onboarding 
• Fewer errors 
• Better security 
• Reduced admin burden 
• Stronger AML compliance 

Veriphy is ready to help you embrace these changes confidently and compliantly. 

If you’d like to explore how digital identity can transform your onboarding processes, we’re here to support you every step of the way.