If your business verifies customer identities, you have probably heard of the UK Digital Identity and Attributes Trust Framework, known as DIATF. You may have also heard that very few identity providers have achieved certification under it. There is a reason for that. DIATF is the most rigorous digital identity accreditation framework in the world, and meeting its requirements is not simple.
ShareRing is one of the certified providers. Here is what that means and why it should matter to any business that handles customer data.
What DIATF actually is
DIATF is a set of rules and standards published by the UK government that defines how digital identity services should operate. It covers everything from how a person’s identity is verified to how their data is stored, shared, and protected.
The framework is built around GPG45, the government’s Good Practice Guide for identity proofing and verification. GPG45 defines Levels of Confidence ranging from Low to Very High, each specifying what evidence is required and how it must be validated.
For a provider to be certified, an independent accreditation body (in ShareRing’s case, ACCS) audits every aspect of the identity verification process. That includes document validation, biometric checks, data handling, security architecture, and the technical logic that ties it all together.
Why most providers do not have it
The majority of identity verification companies operate using Web 2 technology. They capture your documents, run checks against them, and store the results in a centralised database. Some are good at this. Many are adequate. But DIATF certification requires more than adequate.
To pass, a provider must demonstrate that their verification workflow meets a specific Level of Confidence. ShareRing’s certification covers Medium Level of Confidence (M1C), which requires NFC-based document reading, not just optical character recognition (OCR). That means the chip inside your e-Passport is read directly, cross-referenced against OCR data, and matched against a live facial biometric. All three must align.
Most providers rely on OCR alone, which limits them to lower confidence levels. DIATF does not certify at the lower levels because there are currently no real-world deployment opportunities at those tiers.
ShareRing’s three verification levels
ShareRing’s identity solution operates across three tiers, and understanding them matters when evaluating what level of assurance you are getting from any identity provider.
ShareRing Verified is the highest level. It uses NFC document reading, OCR cross-referencing, and live facial biometric matching. This is the tier that holds DIATF certification. When a customer verifies through this path, the business receiving that verification can be confident that the person is who they claim to be, backed by the most rigorous standard available.
ShareRing Checked uses OCR and facial biometric matching without NFC. It is a solid verification level for use cases where NFC-enabled documents are not available, but it does not carry the same level of assurance.
User Added means the customer has uploaded a document but no automated verification checks have been performed against it.
For any business operating under regulatory obligations (AML, KYC, or data protection requirements), understanding which tier your provider operates at is critical. If your provider cannot tell you, that is a problem.
What this means for Australian businesses
Australia does not yet have a DIATF equivalent, but the regulatory direction is clear. Privacy penalties have increased dramatically, with the maximum for a serious breach now the greater of $50 million, three times the value of any benefit obtained, or 30 percent of adjusted turnover. The proposed privacy law overhaul aligns with international standards like GDPR and CCPA.
Businesses that adopt DIATF-certified identity verification now are not just meeting today’s requirements. They are positioning themselves ahead of where Australian regulation is heading.
Why self-sovereign identity changes the equation
DIATF certification validates the verification process. But ShareRing goes further by ensuring that once verification is complete, the customer’s data does not sit in a centralised database waiting to be breached.
ShareRing’s self-sovereign identity model means verified credentials are encrypted and stored on the customer’s own device, inside the ShareRing Me Vault. No centralised data store exists. The business receives verification confirmation without needing to hold the underlying personal data. This eliminates the “honeypot” risk that has led to breaches at organisations of every size.
The verification hash is recorded on ShareLedger, ShareRing’s application-specific blockchain, providing an immutable proof of verification without exposing any personal information on-chain.
The bottom line
DIATF certification is not a marketing badge. It is an independent, audited confirmation that an identity provider’s technology, processes, and security architecture meet the highest standard currently available. If your business relies on identity verification, and most businesses with compliance obligations do, the standard your provider operates at matters.
ShareRing holds that certification. Most others do not.
If you want to understand how DIATF-certified verification fits into your existing compliance workflow, or how self-sovereign identity removes the data liability from your business entirely, we can walk you through it.
Related reading
- A Closer Look at Our Verification Technology: Understanding the 3 Categories
- The Importance of Self-Custody: Why Being in Control Keeps Your Data Safe
- Bank of Anguilla: Digital Identity for Financial Services
- Australian Age Assurance Trial
- KYC Costs $2,500 Per Client. It Does Not Have To.
- What Happens When AUSTRAC Comes Knocking. And What They Want To See.
Rohan Le Page
CEO, ShareRing
sharering.network
