All blog articles
Yoti March 27, 2026

Thoughts from our CEO

profile picture Yoti 9 min read
An image of Robin with accompanying text that reads "Thoughts from our CEO, Robin Tombs, March 2026".

In this blog series, our CEO Robin Tombs will be sharing his experience, whilst focusing on major themes, news and issues in the world of identity verification and age assurance.

This month, Robin speaks about digital IDs, including the importance of choice and how they can make life increasingly difficult for fraudsters. But before getting into the rest of this piece, it’s important to first address the recent fine issued on Yoti by the Spanish regulator AEPD.

 

Spanish regulator AEPD fining Yoti

A growing number of individuals and organisations are now aware that Yoti has been fined €950,000 by the Spanish regulator AEPD for alleged breaches of EU GDPR relating solely to the use of the Yoti Digital ID app in Spain. The decision does not relate to services carried out by Yoti as a processor for its clients.

We can reassure individuals and businesses using the Yoti Digital ID app globally that no personal data has been breached or compromised – the Yoti Digital ID app remains secure.

Yoti strongly rejects the decision of the AEPD and we have appealed to the Spanish High Court. Yoti understands it may take some time for the legal proceedings to conclude.

Yoti takes data protection very seriously and has the utmost respect for the critical work undertaken by data protection regulators globally.

In light of this case, I want to confirm the core values of the Yoti Digital ID app that I believe are understood by over 23 million individuals around the world who have downloaded it:

  • Yoti Digital ID is a secure biometric app: It is a free to use app that intentionally uses biometrics to enable individuals to consistently and securely prove who they are, how old they are and helps prevent the misuse of their sensitive personal information. In Yoti’s view, the face scan in the app is ‘special category biometric data’ as defined under EU GDPR.
  • Individuals give their explicit consent: Before onboarding, individuals give their explicit consent for Yoti to collect and use their face scan to verify their identity as the account owner while using the app.
  • Individuals have choice: Individuals have the choice to either create and use their unique Yoti account with this high security reliance on biometrics, or decide not to create a Yoti app and use a different service to prove their identity or age.

In today’s world, many individuals want to benefit from digital security and digital proof of identity so Yoti will continue to use the best available technology to meet its trust and safety commitment to individuals and businesses using Digital ID.

Yoti believes strongly that individuals in Spain should continue to have the freedom to choose whether they wish to use the Yoti Digital ID app, which, to give individuals the best available security, necessarily includes the processing of their biometric data.

We would not want to have to compromise on the security of our app globally if a regulator restricts our ability to rely on biometrics to authenticate users (so lowering Yoti’s security protection).

I believe some of the processes relating to this AEPD sanctioning and fine are unsatisfactory:

  • The AEPD initiated preliminary investigation proceedings on 12th December 2023. Unusually, this was at its own choosing rather than based on any complaints it had received.
  • The AEPD did not tell Yoti of the preliminary investigation when launched. However, between January and March 2024, other organisations (a large Yoti customer, a Spanish business, and a high profile, non-Spanish regulator) stated that Yoti was under investigation. 
  • Yoti did receive and respond to two posted Requests for Information from the AEPD relating to our age verification services generally in February and May 2024.
  • The AEPD decided to initiate sanctioning proceedings against Yoti for its Digital ID app on 5th June 2025.
  • Yoti never received the AEPD’s posted ‘notice of intention to sanction’ in June 2025, which meant we had no opportunity to respond on how our Digital ID app operates prior to the AEPD issuing their sanctions in December 2025.
  • Royal Mail (UK Post Office) and Correos’ (Spanish Post Office) independent tracking data shows the posted notice was signed for. Whilst Yoti does not dispute that it was signed for, the named signatory is not known by Yoti and does not work for, or on behalf of, Yoti. The Royal Mail and Correos tracking information confirms the notice was subsequently returned to the AEPD on 20th August 2025. The AEPD states it has no record of receiving the returned notice. 
  • Our appeal for reconsideration of the sanctions, on the basis that we did not receive the notice and what we believe to be the AEPD not fully understanding our Digital ID app, was rejected by the AEPD on 2nd March 2026. This left us no choice but to appeal in full to the Spanish High Court.

 

Building choice and fraud protection into the UK’s digital identity future

There was a full house in London for the techUK Tech Policy Conference 2026. One of the hot issues discussed was Digital ID and Smart Data, with both Jack Cole (Policy Director, Digital ID Taskforce at the Cabinet Office) and Victoria Collins MP (Liberal Democrats), on the panel.

Given the government has already rowed back on introducing a mandatory digital ID, the discussion was able to focus on:

1) Popular benefits:

  • Convenience – making digital life easier and quicker.
  • Empowerment – giving citizens greater control over their identity details and related credentials.
  • Lower fraud – protecting citizens and businesses from identity fraud that underpins much financial fraud.

2) Key policy themes:

  • Choice – citizens should be able to choose whether to use digital ID or alternative forms of physical or online verification.
  • Inclusion – how to ensure everyone who wants a digital ID can easily get and use one.
  • Trust and security – how government digital ID and certified Digital Verification Services (DVS) private sector digital IDs must be secure and trusted.

I explained that one of the biggest benefits for citizens of owning a certified digital ID will be their ability to grant permission for a business to check whether someone submitting their identity details has a digital ID. This means the owner of those details can securely and quickly confirm they are interacting with that business.

If a fraudster is entering the correct identity details for an intended victim who has a digital ID, the business can securely flag to that digital ID owner that their details are being used. The unique owner of those ID details can then securely clarify to the business that a fraudster is at work.

Today, much fraud detection goes on silently in the background to try to work out, probabilistically, whether details submitted to websites and apps are likely to have been submitted by the genuine owner of those ID details. Law-abiding individuals have to hope these often invisible fraud detection tools work well. They need to detect fraudsters without falsely inconveniencing genuine users.

In around 3 years time, when more than 20 million UK citizens own a certified digital ID, it will become much harder for fraudsters to use real ID details to impersonate an intended victim. Businesses will be able to check the interaction with the real owner of those ID details.

Over 2 million UK Yoti users are part of Yoti ID Protect. We believe it will become a very powerful new tool in the UK’s fraud detection toolbox. Convenience and fraud protection will be a powerful combination, driving high adoption of voluntary digital IDs in the UK.

 

How public and private digital IDs can (and should) coexist

Yoti has always thought the UK government, particularly a Labour government, would offer a digital ID wallet to citizens:

  • To ensure inclusion, acting as a ‘provider of last resort’.
  • To allow choice for citizens, some of whom don’t trust private sector providers.
  • Because of the strategic importance of digital ID infrastructure in a modern society.
  • To reduce the risk that one or two UK (or more likely US) private sector digital IDs establish dominant, anti-competitive market positions.

So Darren Jones’ personal view is neither surprising nor irrational.

The Government Digital Service (GDS) now has much more capable key ‘tech’ to work with, even compared to just a few years ago. It also has, in my view, the skills and experience to deliver an in-house digital ID wallet (though some government legacy IT systems will remain a big challenge).

It seems in 2026, compared to all of 2025, the government now recognises that citizens should be able to choose to use DVS-certified private sector digital ID wallets, or the government digital ID wallet. It also recognises that there is significant value in having a healthy ecosystem that is not dominated by either a legislated government-only solution or a small number of private sector ID providers.

There are huge benefits to come for citizens, businesses and government once many individuals choose to take control of their unique personal details in their digital ID wallet(s) of choice.

A lot of individuals worry about fraud and how difficult it has been to prevent fraudsters from committing identity fraud. Highly secure, certified digital IDs, controlled solely by the rightful and unique owner, will become very popular for many, but not all, individuals. They will also become a major obstacle for online fraudsters.

Keep reading

Thoughts from our CEO - Feb
Articles February 24, 2026

Thoughts from our CEO

In this blog series, our CEO Robin Tombs will be sharing his experience, whilst focusing on major themes, news and issues in the world of identity verification and age assurance. This month, Robin chats about independent testing for accurate facial age estimation, using digital IDs for age-restricted purchases in store and the UK government’s digital ID wallet.   Independent testing shows who truly meets the bar In February 2024, Ofcom published guidance that, for an age assurance process to be highly effective at age-gating children in practice, service providers should ensure the process meets 4 criteria: technically accurate, robust,

#yoti
Yoti Yoti
9 min read
An image of a person holding their phone up and performing a facial age estimation.
Articles February 5, 2026

Yoti facial age estimation - newest model evaluation by NIST

We are delighted to share our latest evaluation by the National Institute of Standards and Technology (NIST) for our newest facial age estimation model. We have seen notable performance improvements across a number of metrics.  NIST’s evaluation is extremely thorough – they have over 20 million images for evaluation – and NIST develops their testing methodology over time. This helps to highlight models that are robust across multiple datasets and scenarios.  Our strategy for developing our model is not “data dependent”. Machine learning models can benefit greatly from quantity of data at the initial stage, but once reaching maturity,

#age assurance #yoti
Erlend Davidson Erlend Davidson
7 min read
Thoughts from our CEO Jan 26
Articles January 30, 2026

Thoughts from our CEO: Yoti sees major improvements in liveness and age estimation models

In this blog series, our CEO Robin Tombs will be sharing his experience, whilst focusing on major themes, news and issues in the world of identity verification and age assurance. This month, Robin chats about Yoti’s record year, major advances in our liveness and facial age estimation models and shifting government attitudes on digital ID.   Yoti’s revenue growth accelerates 2025 has been a record year for Yoti. Revenues grew 62% in 2025 to £29.0 million, up from £17.9 million in 2024. That compares with £11.5 million in 2023, meaning 2024 revenues were already 56% higher year on

#yoti
Yoti Yoti
9 min read