Identity Verification (IDV) under ECCTA: What UK companies must do now
The Economic Crime and Corporate Transparency Act (ECCTA) 2023 marks a major turning point in the UK’s approach to corporate oversight. For the first time, Companies House shifts from a passive registrar to an active gatekeeper — tasked with verifying the identity of directors and ensuring the integrity of the data it holds.
If you're a company secretary, legal operations lead or compliance officer, these reforms represent a critical new compliance burden — but also an opportunity to strengthen your governance controls and demonstrate leadership in transparency.
This article focuses on one of the most operationally urgent areas of the Act: identity verification (IDV). We’ll cover what it means, key deadlines and practical steps you can take to implement it effectively — while leveraging technology to reduce risk and ease the administrative load.
What is Identity Verification under ECCTA?
ECCTA introduces a new requirement for identity verification of:
- Company directors (existing and new)
- People with Significant Control (PSCs)
- Anyone filing documents with Companies House
Each verified individual will be issued a personal IDV code by Companies House. This code is essential for future appointments, filings, and any formal role tied to corporate records.
There are two main ways to complete IDV:
- Through GOV.UK One Login (individual route)
- Via an Authorised Corporate Service Provider (ACSP) — such as a solicitor, accountant, or formation agent
Importantly, even if an ACSP is used, the IDV code is sent directly to the individual, not the organisation facilitating the process.
IDV implementation timeline: What to know
Here’s how the rollout is currently planned:
📅 8 April 2025 – Voluntary period begins
Individuals can start verifying their identity and receiving IDV codes.
📅 Autumn/Winter 2025 – Transitional phase
You must complete IDV to incorporate a company, appoint directors, or register PSCs. You’ll also need IDV codes for all individuals before filing a confirmation statement.
📅 Spring 2026 – Full compliance required
No filings will be accepted without verified individuals across all relevant roles.
Start now. Don’t wait for the rush later this year. Early adoption avoids last-minute fire drills and ensures business continuity.
Are your directors IDV-ready?
This must-read guide helps compliance teams and company secretaries tackle ECCTA’s identity checks before deadlines hit — without the stress or guesswork.
Show me the guideHow to implement IDV in practice
Here are the five key steps every compliance team should take:
1. Verify identities promptly
Use either GOV.UK One Login or an ACSP. ACSPs must be registered with Companies House and supervised by a UK anti-money laundering body.
2. Protect and manage IDV codes securely
These codes are confidential. Whether you’re a company secretary or legal operations lead, ensure that:
- Directors share codes directly (not via intermediaries)
- Access is limited, logged, and governed
- Codes are stored securely for future filings
✅ In Diligent Entities, we’ve introduced IDV-specific fields with granular permissions — so only authorised users can see or edit codes.
3. Maintain centralised, accurate records
Manual spreadsheets won’t cut it under this regime. Diligent Entities helps by:
- Storing IDV codes securely at the individual level
- Tracking IDV requirements by role (director, PSC, filer)
- Flagging gaps ahead of confirmation statement deadlines
✅ Run instant reports via your entity management software to check which individuals have verified — and who needs chasing.
4. Educate internally and secure buy-In
IDV involves asking senior stakeholders for personal documents. To avoid delays:
- Explain the legal requirement and upcoming deadlines
- Reassure individuals about data security
- Outline how the codes will be used—and by whom
✅ Built-in reporting features make it easy to prioritise outreach and track progress across your entire entity structure.
5. Monitor and audit compliance continuously
Without verified identities, you won’t be able to file — and that could trigger sanctions or reputational harm. Use Diligent Entities' dashboards to track group-wide IDV status and act fast where gaps exist.
Take control of your ECCTA compliance
The IDV requirements under ECCTA are non-negotiable — and the deadlines are approaching fast. With Diligent Entities, you can:
- Securely store and manage IDV codes
- Automate deadline tracking and compliance reporting
- Streamline communications and reduce admin burden
Your free ECCTA action plan
This essential ECCTA checklist helps company secretaries and compliance leads cut through complexity and act on IDV with clarity and confidence.
I'll take a copy!More to explore
Understanding and preventing the new ECCTA failure to prevent fraud offence
Prevent fraud and hefty fines under the new ECCTA legislation. This blog gives expert insights and practical tips to protect your organization. Learn more.
What are the new responsibilities for company secretaries under the Economic Crime and Corporate Transparency Act (ECCTA)?
ECCTA introduces a range of measures designed to tackle corporate crime, among which are significant reforms to Companies House. Read our blog for more.
Master entity management and compliance with our essential ECCTA checklist
Our ECCTA checklist helps to ensure that your organisation not only complies with the law but also leverages that compliance for a strategic advantage.
