Government One Login or ACSP? Making the right IDV choice for your board under ECCTA
Company Secretaries and General Counsels must soon guide their boards through a seismic change: Mandatory identity verification under the Economic Crime and Corporate Transparency Act (ECCTA). This new compliance requirement, beginning 18 November 2025, isn’t just a box-tick exercise — it demands board education, proactive engagement, strategic decisions about how and when verification is undertaken, and the best verification route for each U.K. entity.
This article breaks down the two official verification routes, explains who needs to act and when, and offers practical guidance to help Company Secretaries and General Counsel – particularly those based overseas - choose the best approach for their board.
Why boards must verify: Law and practical impacts
Under ECCTA, identity verification becomes mandatory for all company directors, Persons with Significant Control (PSCs) and LLP members. Directors must verify their identity and provide their IDV code in their company’s confirmation statement date, which will fall within a rolling period starting 18 November 2025 and ending in November 2026. PSCs must verify their identities within a defined period, depending on their specific circumstances.
If a director’s identity isn’t verified, the company won’t be able to file its confirmation statement with Companies House — leaving it non-compliant and potentially unable to operate. Failure to verify is also a criminal offence, punishable by fines and civil penalties issued by the Registrar of Companies. Where a PSC fails to verify their identity, they will be committing a criminal offence, but the company itself won’t be liable for sanctions.
From Spring/Summer 2026, secretarial and legal team members must also be verified to file documents. Without verification, they won’t be able to file with Companies House, putting group compliance at risk. Early action is advisable so teams can secure their personal codes and establish robust processes.
Government One Login vs. ACSP: Which route is best for your board?
There are two official routes to identity verification under ECCTA. Each option has its own strengths and limitations — and the right choice depends on your board’s composition, identity documentation and risk profile. Here’s how each route works — and what to consider:
1. GOV.UK One Login/Companies House Online
This route is designed for speed and simplicity. It’s ideal for UK-based individuals with biometric ID and complete the process online, allowing them to verify directly through GOV.UK and use their code across multiple roles and filings.
Strengths
- Fast and free
- Ideal for UK nationals with biometric passports or UK driving licences
- Individuals receive a reusable verification code for filings across all roles (director, PSC, or Companies House filer)
Limitations
- Requires acceptable documents (e.g. biometric UK passport or driving licence) and digital access
- Requires ability to complete the process online via GOV.UK
- Not suitable for overseas board members, politically exposed persons or those without biometric ID
2. Authorised Corporate Service Provider (ACSP)
ACSPs offer a more flexible, supported route — particularly useful for boards with overseas members, complex structures or individuals who don’t meet One Login criteria. These providers (e.g. accountants, law firms, formation agents) handle verification on your behalf, but charge a fee and apply their own risk assessments. Read this blog post for a deeper dive into ACSPs and presenter ID requirements.
Strengths
- Flexible document options
- Hands-on support throughout the process
- Suitable for boards with complex structures or higher compliance risk
Limitations
- Involves a fee
- Requires engagement with an external provider
- ACSPs must meet strict standards and conduct their own risk assessments, which may require more documentation to be produced.
Get ahead of ECCTA IDV
Mandatory identity verification starts 18 Nov. Learn how Diligent helps Company Secretaries and GCs simplify compliance and avoid last-minute filing risks.
Help me prepareHow to choose the right verification route
Choosing the right route isn’t just about eligibility — it's about understanding your board’s makeup, habits and preferences. A thoughtful approach will help governance teams avoid delays, reduce friction and build confidence in the process.
Here are 4 practical steps to help you choose the best route for your board:
- Assess board composition: Use reports available through Diligent Entities to identify directors and PSCs subject to the requirements. Survey them for eligibility (biometric passport/UK ID, digital access, residency). For most, One Login will be straightforward; for others, ACSP may be necessary.
- Pilot the experience: Encourage the company secretarial team to test both routes early. Document each step and challenge and assess which option aligns best with board habits — including digital literacy, comfort with remote tasks, privacy concerns, personal logistics.
- Record and recommend: Develop internal guidance based on team or board feedback. Include document requirements, costs, and help channels for future directors or company officers.
- Plan for transition: Tie verification into onboarding, offboarding, and annual board routines — especially succession planning. Ensure board members have their unique codes ready for upcoming confirmation statement filings.
Key dates and action steps
The identity verification requirement comes into effect on 18 November 2025 — but the timeline for action depends on your company’s confirmation statement date and the roles involved. The mandatory period is triggered either by the company’s next confirmation statement or by the need to appoint a new director or PSC.
Planning ahead will help avoid last-minute issues and ensure a smooth transition.
- For directors and PSCs: Verification is required by the company’s next confirmation statement date, which will fall within a rolling period ending November 2026. New appointments must be verified before they can be registered.
- For company secretarial teams: From spring/summer 2026, individuals must be verified to retain filing rights with Companies House. Early compliance ensures business continuity and gives teams valuable experience to support directors through the process.
Turning compliance into confidence: Embedding IDV into board routines
Identity verification isn’t just a one-off task — it’s something governance teams will need to manage continuously as directors join, leave or change roles. The most effective boards will treat IDV as part of their governance rhythm, embedding it into onboarding, offboarding and annual routines.
Here are a few ways to make that happen:
✅ Add IDV to your onboarding checklist for new directors and PSCs
✅ Include verification status in board succession planning
✅ Build internal guidance to support future filings and transitions
✅ Capture lessons from early pilots to improve future processes
By treating IDV as part of good governance — not just compliance — Company Secretaries and General Counsels can build confidence across the board and ensure long-term continuity.
Ready to simplify ECCTA compliance? Request a demo of Diligent Entities.
More on ECCTA
Preparing for ECCTA: ACSP & Presenter ID requirements explained
Understand ECCTA's new ACSP and Presenter ID rules, ensuring your company meets compliance by Spring 2026.
Identity Verification (IDV) under ECCTA: What UK companies must do now
Master IDV under ECCTA 2023: Key deadlines, practical steps, and technology solutions for compliance officers.
Understanding and preventing the new ECCTA failure to prevent fraud offence
Prevent fraud and hefty fines under the new ECCTA legislation. This blog gives expert insights and practical tips to protect your organization. Learn more.
