In this blog series, our CEO Robin Tombs will be sharing his experience, whilst focusing on major themes, news and issues in the world of identity verification and age assurance.
This month, Robin speaks about the expanding use of digital IDs across employment and DBS checks, user choice and the role of privacy-preserving digital IDs for alcohol sales.
The growth of UK digital ID checks
Yoti is seeing strong growth in Digital ID checks for UK right to work and Disclosure and Barring Service (DBS) checks. In March 2026, Yoti completed 254,200 right to work and DBS checks. 168,509 of these were “one time” checks where individuals used physical passports or driving licence. 85,691 (34%) checks were completed using reusable certified Yoti or Post Office EasyID Digital IDs. On an annualised basis, that’s a whopping 3 million checks, of which about 1 million use either Yoti or EasyID Digital IDs.
A Yoti Digital ID app right to work check is good value (a business pays less than £1), because it increasingly relies on reuse of the Yoti app user’s pre-verified UK passport check. (The Yoti user just needs to use their face to biometrically authenticate that they want to share their right to work identity details with the employer).
After Covid, the Home Office intended to revert to physical ID checks for right to work (and right to rent) checks, ceasing the emergency online video identity checks used during Covid. Thankfully, the DBS decided to allow new online identity checks from April 2022. It then seemed the Home Office decided they could not credibly revert to physical ID checks for right to work if the DBS adopted online identity checks.
So was born what is now a hugely successful Digital Verification Services (DVS) scheme, used by millions of UK and Irish citizens and governed by the Office for Digital Identities and Attributes (OfDIA), which is part of the Department for Science, Innovation and Technology (DSIT).
In 2024-2025, the DBS reported that it issued over 7.3 million DBS certificates, with 104,000 individuals on the “barred lists”.
In early 2026, around 36.6 million people in the UK are in full-time or part-time employment, or self-employed. Between 10 million and 15 million right to work checks are completed each year, but the government does not have a precise record because physical ID checks, for instance, do not need to be reported.
Yoti estimates that, on an annualised basis in 2026, approximately 7-8 million right to work and DBS identity checks will be completed online. Yoti completes around 3 million of these, of which 1 million are completed with a UK-certified reusable digital identity for right to work and DBS purposes.
Adoption of reusable digital IDs is expected to jump significantly from later in 2026, when they can also be used for anti-money laundering identity checks and proof of age when buying alcohol in licensed premises.
I think there will be well over 10 million online identity checks for Right to Work and DBS in 2027. But perhaps more importantly, I think over 60% of individuals completing these checks will use a certified reusable digital ID such as Yoti, Post Office EasyID or the UK government digital ID. If an individual can use their reusable digital ID every week to prove their age when buying alcohol at self-checkouts, and across many of the 17 sectors that need to do identity checks for anti-money laundering compliance, they are much more likely to use their existing reusable digital ID, or create one, to complete their right to work or DBS checks.
Right now, it’s hard to predict what percentage of all these digital ID checks will be completed using the government digital ID or a DVS-certified digital ID such as Yoti or EasyID.
Robust security and user choice in the Yoti Digital ID app
On 9th April 2026, 27,812 individuals around the globe downloaded the free Yoti app. This included 8,010 Australians, 6,201 British users, 3,413 Brazilian users, 3,002 French users, 2,731 American users and 2,354 Italian users. A lot of Australian users right now are getting Yoti to privately prove they are over 18 to access adult content.
Globally, individuals use Yoti in different ways. Some choose facial age estimation to anonymously prove they’re over 18. Others add a passport, driving licence or national or state identity document to share identity or age details with businesses or in peer-to-peer contexts. Some use Yoti to securely store passwords.
There is no secret master password in Yoti that can be lost or hacked (unlike most password managers). Instead, each individual’s master encryption key is stored in the secure element of their phone and Yoti does not retain a copy.
Yoti is very clear when all individuals start to create their voluntary Yoti app that, to protect both individuals and relying parties from fraudulent misuse, all users are required to provide a photo of their face (which is considered “biometric special category data” in the European Union).
Yoti encrypts and securely stores each individual’s photo and template of their face. Users must use their face for critical actions, such as:
- Adding their photo identity document, where the face is matched to the document for identity verification
- Changing their 5-digit PIN, so no-one can shoulder surf and then take over the account by changing the PIN
- Recovering their account if their phone is lost, stolen or they buy a new one
- Deleting their account, because a deleted Yoti account can never be restored
No bad actor or fraudster can steal a PIN or password, or use a photo (including screen, paper or injected images), to break into an individual’s Yoti Digital ID app and complete any of the above critical actions. Ever since Yoti launched its beta version of the app in November 2016, these have been the biometric ‘rules of the road’. Many emerging and future digital IDs will copy this reliance on biometrics.
Individuals freely choose to create their free Digital ID, explicitly entering into a contract with Yoti which offers proof of age, proof of identity and secure vault services (such as passwords and other credentials). These services are protected through the user’s unique biometrics.
If individuals don’t want a Yoti as is, they’re free to choose alternative methods to prove their identity and age, or to store their precious data. Yoti is designed so that the Yoti team cannot know what individuals do with their Yoti account.
Digital IDs do not have to create surveillance, although some systems (through wilful intent or poor design choices) may allow intended, or unintended, surveillance.
Yoti’s technical architecture ensures we can offer a free Digital ID app to tens or hundreds of millions of individuals globally with very high security, very high privacy and, after 9.5 years, a growing level of trust. High levels of trust will take many decades to earn.
Privacy-preserving biometric identity
In tech, there are often periods where there are trade-offs between convenience and security, or between privacy and security.
For a long time, the identity and biometrics industry has understood that many phones can be unlocked using a photo. Presentation attack detection (often known as liveness detection) has been independently tested by iBeta Quality Assurance and other testing houses.
Over 60 vendors have passed iBeta Level 1 and Level 2 testing. Yoti was first of just two vendors to pass iBeta Level 3. As reported in The Times, none of the phones tested by Which? that were spoofed with a photo would’ve passed iBeta Level 1, which requires vendors to detect 100% of paper photo and screen-based photo attacks.
The much-delayed (and still awaited) UK law change to allow buyers of alcohol in licensed premises to use digital proof of age, certified to the Digital Verification Services (DVS) Trust Framework, will effectively require real-time unique biometric binding of the “over 18” credential to the person sharing it.
Yoti has relied upon unique biometric binding to secure its (now over 23 million) Yoti user accounts ever since launch in November 2016. Increasingly, regulators and high-security systems and apps rely on biometric binding. While not perfect, it is widely seen as a necessary safeguard to protect tens of millions of individuals from fraudulent misuse. It’s naive to think there are equivalent authentication alternatives.
Today, UK DVS-certified digital ID wallets cannot rely on a phone’s selfie or fingerprint authentication if those methods are not highly resistant to liveness spoofing, or if more than one person’s face or fingerprint is authorised to unlock the device. That would go against the principle of unique biometric binding.
Many phones, including iPhones, do not currently offer this level of unique biometric binding. As a result, alcohol buyers will have to transfer the image of their face, taken from their digital ID, onto an ID-checking app being used by a staff member in the licensed premises, who would then have to visually match the image to the person in front of them.
Checking an age credential is DVS-certified (without digitally checking that the correct person is sharing it) creates a hybrid process that is part digital and part analogue. It is not a fully digital proof of age solution.
As demonstrated by Yoti and Luciditi at the Global Age Assurance Summit, these challenges have all already been solved technically. Thanks to highly innovative UK DVS providers, millions of UK alcohol buyers will not need to share their photo. Instead, they just complete their highly effective on-device liveness check and selfie authentication – and then share only their DVS-certified “over 18” age credential.
This is a fast, easy, privacy-preserving, fully digital proof of age solution. Yoti digital proof of age delivers no trade-off between convenience, security or privacy 💪🏻
– Robin, CEO
