Embedded Files
Published Date : 9/2/2025Â
The Age Check Certification Scheme (ACCS) has filed a formal complaint with European Accreditation, arguing that the UK's Digital Identity and Attributes Trust Framework (DIATF) is not fit for accreditation. The complaint highlights several issues with the certification scheme rules and calls for a comprehensive review.Â
The Age Check Certification Scheme (ACCS) has filed a formal complaint with European Accreditation, arguing that the UK's Digital Identity and Attributes Trust Framework (DIATF) is not fit for accreditation. The complaint highlights several issues with the certification scheme rules and calls for a comprehensive review.Â
The Age Check Certification Scheme (ACCS) has formally requested a review from the European Accreditation, alleging that the UK’s Digital Identity and Attributes Trust Framework (DIATF) is not suitable for accreditation. ACCS, which shared this statement on LinkedIn, argues that the United Kingdom Accreditation Service (UKAS) made an error when it approved the UK DIATF as an accreditation scheme in January 2025. ACCS is now seeking a review of this decision by the European Accreditation.
The primary issue, according to ACCS, is not with the Trust Framework itself but with the Certification Scheme Rules developed by the Department of Science, Innovation, and Technology (DSIT). These rules have not been made public or subjected to a public consultation, and they were not developed by a competent standards development body. As a result, the rules are described as badly written, inconsistent, and lacking the appropriate structure.
ACCS contrasts this situation with other recent certification schemes, such as those for the EU’s Digital Identity Wallets and Australia’s Digital ID Trust Framework. The process has reportedly fallen into disarray over the nearly three years since the original deadline for the finalization of the accreditation process in November 2022.
Despite these challenges, DSIT and the Office for Digital Identities and Attributes (OfDIA) are striving to bring the certification scheme to a point where private-sector Conformity Assessment Bodies (CABs) can take over compliance testing. This shift is crucial for ensuring that the digital identity system meets the necessary standards and is trusted by users.
The ACCS statement identifies five specific issues that need to be resolved to make the scheme work:
1. Good Practice Guides 44 and 45 are not normative : This lack of normativity results in ambiguous requirements with measurable outcomes, making it technically impossible for a Conformity Assessment Body (CAB) to meet accreditation requirements.
2. Audit documentation requirements : These requirements mandate the inclusion of confidential client data, which contradicts the requirement to protect client confidentiality.
3. Audit responsibilities : The responsibilities under the scheme are based on guidance suggesting they are based on the size of the organization providing the service, which is inconsistent with the product complexity criteria usually used for product certification under ISO/IEC 17067.
4. Quality scores for authentication and protection : These scores are provided in the DVS Register and may not be consistent with what the IDSP is providing, due to DSIT’s rules for showing the highest score achievable.
5. Conflict of interest : DSIT has a conflict of interest from running the governance mechanism and the technology being governed, such as GOV.UK One Login.
The complaint follows the release of ACCS’s final report on Australia’s Age Assurance Technology Trial, which provides a contrasting view of the two national age assurance regimes. This comparison highlights the need for a more robust and transparent approach to digital identity systems in the UK.
The ACCS’s formal complaint underscores the critical importance of a well-structured and transparent accreditation process for digital identity systems. Addressing these issues will be essential for ensuring the trust and reliability of the UK’s digital identity framework.Â
Frequently Asked Questions (FAQS):Â
Frequently Asked Questions (FAQS):Â
Q: What is the Age Check Certification Scheme (ACCS)?
A: The Age Check Certification Scheme (ACCS) is an organization that ensures age verification services meet high standards of accuracy and reliability. It provides certification for age verification providers, helping to protect both businesses and consumers.
Q: Why did ACCS file a formal complaint with European Accreditation?
A: ACCS filed a formal complaint with European Accreditation because it believes the UK’s Digital Identity and Attributes Trust Framework (DIATF) is not fit for accreditation. The complaint argues that the certification scheme rules are poorly written and lack transparency.
Q: What are the main issues identified by ACCS with the DIATF certification scheme?
A: ACCS identified five main issues: ambiguous Good Practice Guides, conflicting audit documentation requirements, inconsistent audit responsibilities, inconsistent quality scores, and a conflict of interest within DSIT.
Q: What is the role of the Department of Science, Innovation, and Technology (DSIT) in this context?
A: DSIT is responsible for developing the Certification Scheme Rules for the DIATF. However, ACCS argues that these rules were not developed transparently and lack the necessary structure and consistency.
Q: How does the UK’s digital identity system compare to Australia’s Digital ID Trust Framework?
A: The ACCS’s final report on Australia’s Age Assurance Technology Trial provides a contrasting view, highlighting the need for a more robust and transparent approach to digital identity systems in the UK. Australia’s framework is seen as a benchmark for best practices.Â
More Related Topics :Â
More Related Topics :Â
Page updated
Report abuse