DVS certification and AML compliance: what law firms need to know

What DVS certification is (and isn’t)

DVS certification means a provider’s identity verification service has been independently certified against the Digital Identity and Attributes Trust Framework (DIATF) for a specific service and configuration. That’s meaningful. It gives you confidence that an ID check follows a recognised standard and has been externally validated by an independent Conformity Assessment Body.

What it doesn’t mean is “AML-approved.” Certification applies to the service against the DIATF, not to a specific legal or regulatory use case. When you see claims like “AML-certified” or “certified for compliance,” the government has made clear these descriptions are inaccurate and potentially misleading.

What does HM Treasury’s guidance say

HM Treasury’s February 2026 guidance on using digital identities with the Money Laundering Regulations is explicit:

That’s approved guidance for MLR compliance, not a suggestion. In plain terms: if your firm is using a digital identity service that isn’t certified against the DIATF and listed on the GOV.UK register, you may not be fulfilling your obligations under Regulation 28.

This matters in practice because the market still includes uncertified providers offering digital ID checks. If you’ve procured one of those services, or are considering it, this guidance makes clear that reliance on it for MLR purposes is on shaky ground.

The DVS Register is publicly available. Checking whether a provider is listed should be a standard part of your procurement process. So while certification isn’t the whole answer on AML, it is the starting point. The question isn’t just “does this provider meet all our AML needs?” It’s first: “is this provider even eligible to support our MLR obligations at all?”

The distinction that matters

Identity verification is one part of AML compliance, not the whole thing. The government’s February 2026 guidance is explicit: certified DVS providers can be used to fulfil identity verification requirements under Regulation 28, but they cover only one component of customer due diligence.

Your firm still needs to assess customer risk, understand the purpose and nature of the transaction, apply enhanced due diligence where required, and maintain appropriate records. Critically, responsibility stays with the regulated firm regardless of which provider you use.

So while certification can strengthen your IDV process, it shouldn’t be treated as a complete AML solution or a substitute for professional judgement.

Where firms get caught out

The risk isn’t in using certified providers. It’s in over-relying on the label.

This is particularly relevant in conveyancing, where transactions often involve multiple parties, funds can come from complex or third-party sources, and risk can shift over the life of a matter. Equating a certified ID check with AML compliance leaves you exposed. Not because the tool failed, but because the question you were asking was too narrow.

The right question isn’t just “are you certified?” It’s “What does your certification actually cover, and how does it fit into my AML process?”

Our view

We see DVS certification as a positive step for the industry. It brings consistency, transparency, and independent validation to identity verification. All things the market has needed.

But for law firms, the priority isn’t certification alone, it’s end-to-end AML confidence. That means strong identity verification, clear source of funds insight, and tools that support risk-based decision making. Certification plays a role in that, but it’s just not the whole answer.