The list of providers certified via DSIT’s statutory guidelines has been expanded recently and now, once again, features government’s own verification tool, as well as services from key supplier iProov
GOV.UK One Login has regained its government-issued digital identity trustmark, nine months after the certification dropped.
PublicTechnology also understands that the Government Digital Service has put in place new measures intended to better track – and prevent – any potential future accreditation lapses.
The Digital identity and attributes trust framework (DIATF) – administered by GDS parent organisation the Department for Science, Innovation and Technology – was created by government in October 2024 to provide a statutory “set of rules and standards that show what a good digital identity looks like”.
An online register published on GOV.UK reveals that there are now almost 70 services accredited under the framework – a list which, until recently, no longer featured One Login. Certification for the government sign-in system was suspended in April of last year. The loss of the badge was attributed to one of the key suppliers of technology that underpins the platform – understood to be biometrics specialist iProov – allowing its accreditation to lapse.
In the months since then, ministers have repeatedly asserted that GDS was “working closely with the supplier… [to] regain certification as soon as possible”.
As of late last month, this has now been achieved. Recent updates to the register of accredited tools have seen One Login readded – alongside a range of services from iProov.
In the latter case, there are five separate accreditations, all of which are dated from 16 October 2025 and due to expire three years after this date.
While One Login has returned to the list, its date of accreditation is listed as October 2024, with expiry coming in October of this year.
Related content
- One Login needs to manage risk of ‘complex roadmap and dependency on departments’, annual report finds
- GDS identifies ‘small but significant margin’ of One Login users that lack evidence for verification
- Defra retains £6m deal for customer ID system – but intends to integrate One Login
But PublicTechnology understands that GDS has put in place additional systems to track the certification status of firms in the supply chain for One Login. When an accreditation is approaching expiry, the government digital unit intends to work with the company in question with the aim of preventing any knock-on effect on One Login’s status.
Maintaining DIATF accreditation is subject to a service’s successful completion of annual audits and a full recertification process at three-year intervals.
GDS indicated to PublicTechnology that, even in cases where a supplier does not hold the trustmark, it remains subject to One Login’s own certification procedure and guidelines – which “meet the same stringent standards” as the statutory DSIT framework.
The digital unit also claimed that One Login continued to be fully operational throughout the nine-month lapse in accreditation and that there was no risk at ay point to any personal data stored or processed by the platform – which has now been used to verify the identity of almost 16 million people, and has been adopted by 122 government services. This includes the likes of online checks of State Pensions and driving-licence renewals.
One Login was created to provide a single sign-in system to be used throughout all government services across department – replacing a previous patchwork of 191 separate accounts systems and 44 differing sign-in methods used across government.
In August last year PublicTechnology revealed that the end date for completing delivery of the new government-wide sign-in system was formally pushed back by three years to a new deadline of 2028, with additional extra investment likely to add up to hundreds of millions of pounds. But government has insisted that the move does not constitute a delay against the previously scheduled timeline – but rather an expansion stemming from the success of the project’s implementation so far.
