Identity Verification (IDV) under ECCTA: What UK companies must do now

The Economic Crime and Corporate Transparency Act (ECCTA) 2023 marks a major turning point in the UK’s approach to corporate oversight. For the first time, Companies House shifts from a passive registrar to an active gatekeeper — tasked with verifying the identity of directors and ensuring the integrity of the data it holds.

If you're a company secretary, legal operations lead or compliance officer, these reforms represent a critical new compliance burden — but also an opportunity to strengthen your governance controls and demonstrate leadership in transparency.

This article focuses on one of the most operationally urgent areas of the Act: identity verification (IDV). We’ll cover what it means, key deadlines and practical steps you can take to implement it effectively — while leveraging technology to reduce risk and ease the administrative load.

What is Identity Verification under ECCTA?

ECCTA introduces a new requirement for identity verification of:

• Company directors and officers (both existing and newly appointed)
• People with Significant Control (PSCs) and nominated individuals of Relevant Legal Entities (RLEs)
• Anyone filing documents with Companies House

Each verified individual will be issued a personal IDV code by Companies House. This code is essential for future appointments, filings, and any formal role tied to corporate records.

There are two main ways to complete IDV:

• Through GOV.UK One Login (individual route)
• Via an Authorised Corporate Service Provider (ACSP) — such as a solicitor, accountant, or formation agent

Importantly, even if an ACSP is used, the IDV code is sent directly to the individual, not the organisation facilitating the process.

IDV implementation timeline: What to know

Here’s how the rollout is currently planned:

📅 8 April 2025 – Voluntary period begins Individuals can start verifying their identity and receiving IDV codes.

📅 Autumn/Winter 2025 – Transitional phase Identity verification for all directors, officers and PSCs is required in order to file a confirmation statement, incorporate a company, or make an appointment.

📅 Spring/Summer 2026 Identity verification becomes mandatory for anyone making filings on behalf of a company. Filers must have completed IDV in order to submit information to Companies House

📅 Autumn/Winter 2026 – Full compliance required At this point, all relevant individuals on the Companies House register will have been verified, and identity verification will be standard practice.

Start now. Don’t wait for your confirmation statement to become due. Early adoption avoids last-minute fire drills and ensures business continuity.

Are your directors IDV-ready?

This must-read guide helps compliance teams and company secretaries tackle ECCTA’s identity checks before deadlines hit — without the stress or guesswork.

Show me the guide chevron_right

How to implement IDV in practice

Here are the five key steps every compliance team should take:

1. Verify identities promptly

Use either GOV.UK One Login or an ACSP. ACSPs must be registered with Companies House and supervised by a UK anti-money laundering body.

2. Protect and manage IDV codes securely

These codes are confidential. Whether you’re a company secretary or legal operations lead, ensure that:

• Directors share codes directly (not via intermediaries)
• Access is limited, logged, and governed
• Codes are stored securely for future filings

✅ In Diligent Entities, we’ve introduced IDV-specific fields with granular permissions — so only authorised users can see or edit codes.

3. Maintain centralised, accurate records

Manual spreadsheets won’t cut it under this regime. Diligent Entities helps by:

• Storing IDV codes securely at the individual level
• Tracking IDV requirements by role (director, PSC, filer)
• Flagging gaps ahead of confirmation statement deadlines

✅ Run instant reports via your entity management software to check which individuals have verified — and who needs chasing.

4. Educate internally and secure buy-In

IDV involves asking senior stakeholders for personal documents. To avoid delays:

• Explain the legal requirement and upcoming deadlines
• Reassure individuals about data security
• Outline how the codes will be used—and by whom

✅ Built-in reporting features make it easy to prioritise outreach and track progress across your entire entity structure.

5. Monitor and audit compliance continuously

Without verified identities, you won’t be able to file — and that could trigger sanctions or reputational harm. Use Diligent Entities' dashboards to track group-wide IDV status and act fast where gaps exist.

Take control of your ECCTA compliance

The IDV requirements under ECCTA are non-negotiable — and the deadlines are approaching fast. With Diligent Entities, you can:

• Securely store and manage IDV codes
• Automate deadline tracking and compliance reporting
• Streamline communications and reduce admin burden

Your free ECCTA action plan

This essential ECCTA checklist helps company secretaries and compliance leads cut through complexity and act on IDV with clarity and confidence.

I'll take a copy!chevron_right