UK DIATF

Also known as Digital Identity and Attributes Trust Framework.

Available via API	Available via SDK	Needs configuration on Veriff’s side	Needs a separate integration	Needs a separate webhook
❌	✅	✅	✅	❌

Within the United Kingdom Digital Identity and Attributes Trust Framework (UK DIATF), Veriff offers the following solutions:

Solution type	Description	Mandatory fields	Registry checks	Used for
UK DIATF Certified Identity Verification (M1A)	Used with Veriff’s end-user flow (cannot be customized)	No	CIFAS	Know Your Customer Right To Work Right To Rent
UK DIATF Certified Identity Verification (M1B)	Used with Veriff’s end-user flow (cannot be customized)	Yes, `address` object	CIFAS PEP Credit Header and UK Electoral roll	Know Your Customer Right To Work* Right To Rent*
UK DIATF Certified Identity Verification (L1B)	Used with Veriff's end-user flow (cannot be customized)	No	CIFAS	Know Your Customer
* Driver’s License must be disabled for the integration

Prerequisites

You have a regular identity verification integration set up with Veriff
The check is configured for that integration by your Solutions Engineer
You have configured the decision webhook to get responses from Veriff (see the Webhooks section for info)
You are prepared to send the end-user to Veriff verification flow

Definitions

Term	Description
CIFAS	UK's leading fraud prevention service and database.
PEP	“Politically Exposed Person”, an individual in prominent public position.
Credit Header	Name and address information from credit reference agencies.
UK Electoral roll	Official register of citizens eligible to vote.
Right to Work (RTW)	Verifying the employees’ right to work in the UK to prevent illegal working practices.
Right to Rent (RTR)	Verifying the immigration status of prospective tenants before renting out a property.
Know Your Customer (KYC)	Verifying the end-user for compliance purposes.

Contact your solutions engineer for info and configuration.

UK DIATF Certified Identity Verification (M1A)

A medium-confidence solution that must be completed using Veriff’s end-user flow to capture the document and selfie.

Used for	Allowed documents	Send `address` object on session start	Is end-user flow customizable?	Checks done
KYC RTR RTW	UK and Irish passports Irish passport cards	Optional	No	CIFAS

Used for

Allowed documents

Send address object on session start

Is end-user flow customizable?

Checks done

KYC

RTR

RTW

UK and Irish passports
Irish passport cards

Optional

CIFAS

Flow overview

Step 1: create a session using the POST /sessions endpoint

See the POST /sessions[↗] section for a detailed overview of how to create a session
- Passing the idNumber, firstName, lastName and dateOfBirth are mandatory
Passing the verification.address.fullAddress parameter is optional
Veriff strongly recommends creating and using vendorData or endUserId for improved fraud detection

Step 2: start a session using the POST /sessions endpoint

Open the response payload of the POST /sessions[↗] request you just made
Use the URL in the verification.url parameter in the payload
A web flow will start, which will guide the end-user through the process

Step 3: wait for session decision and decision webhook response

As soon as the session is verified, the decision webhook will send the response with session status. It will be one of 9000-code statuses
This response will include the identity verification result and session status, as well as all the UK DIATF CIFAS check result
- The latter is visible in verification.additionalVerifiedData.UKTFCheckResult.CIFAS string
In case the session is declined, the webhook contains relevant info about the reason
- The reason for decline is visible in:
  - verification.code ,
  - verification.reason and
  - verification.reasonCode parameters
- If the session failed due to the CIFAS check, the explanation is visible in the UKTFCheckResult.CIFAS string

Find decision and/or session related info

Webhook response

M1A Webhook response = decision webhook response for an IDV session + CIFAS-specific property in the verification.additionalVerifiedData.UKTFCheckResult.CIFAS string.

The CIFAS check must be successful, i.e. no match was found in the CIFAS database.

Approved session

Sample request

The example below uses placeholder data to show all mandatory parameters and the UK DIATF-related part of the webhook.
Depending on your integration’s configuration, your production payload may contain additional parameters; for info on fields from other solutions, see the decision webhook documentation.

{
    "status": "success",
    "verification":
        "id": "12df6045-3846-3e45-946a-14fa6136d78b",
        "attemptId": "00bca969-b53a-4fad-b065-874d41a7b2b8",
        "code": 9001,
        "status": "approved",
        "reason": null,
        "reasonCode": null,
        "vendorData": "12345678",
        "endUserId" : "a1b2c35d-e8f7-6d5e-3cd2-a1b2c35db3d4",
        "acceptanceTime": "2024-01-15T09:30:00.000Z",
        "submissionTime": "2024-01-15T10:16:15.736755Z",
        "decisionTime": "2024-01-15T10:20:00.000Z",
        "person": {
            "firstName": "JOHN",
            "lastName": "SMITH",
            "dateOfBirth": "1990-01-15",
            "gender": null,
            "nationality": null,
            "idNumber": "12345678901",
            "yearOfBirth": null,
            "placeOfBirth": null,
            "addresses": null,
        },
        "document": {
            "number": null,
            "type": null,
            "country": null,
            "state": null
        },
        "comments": [],
        "additionalVerifiedData": {
            "UKTFCheckResult": {
                "CIFAS": "Registry validation was successful"
            }
        }
    }
}

Request properties explained

status: string* Status of the response
verification: object* Verification request decision object
- id: string* UUID v4 which identifies the verification session
- attemptId: string* UUID v4 of the attempt which received a status (as shown in verification.status field)
- code: integer* Verification session decision code, one of 9001, 9102, 9103, 9104, 9121. For more info, see the verification session decision codes
- status: string* Verification status, one of approved, declined, resubmission_requested, expired, abandoned
- reason: string | null* Reason why the verification failed
- reasonCode: integer | null* Reason code of the failed verification. For more info, see the possible codes for a failed verification
- vendorData: string | null* The unique identifier that you created for your end-user. null if not specified
- endUserId: string | null* The UUID that you created for your end-user. null if not specified
- acceptanceTime: string* Timestamp of the session generation, represented as UTC YYYY-MM-DDTHH:MM:SS.SSS+Timezone Offset (ISO 8601)
- submissionTime : string* Timestamp of when the session was submitted, represented as UTC YYYY-MM-DDTHH:MM:SS.SSSSSS+Timezone Offset (ISO 8601)
- decisionTime: string | null* Timestamp of the decision, represented as UTC YYYY-MM-DDTHH:MM:SS.SSS+Timezone Offset (ISO 8601)
- person: object* Data about the verified person
  - firstName: string | null* Person's first name as written on the document
  - lastName: string | null* Person's last name as written on the document
  - dateOfBirth: string* Person’s date of birth, represented as YYYY-MM-DD
  - gender: string | null* Person’s gender, represented as M or F, or null if not present
  - nationality: string | null* Person’s nationality, represented as ISO 3166 alpha-2 or alpha-3 number
  - idNumber: string | null* National identification number
  - yearOfBirth: string | null* Person’s year of birth, represented as YYYY
  - placeOfBirth: string | null* Person’s place of birth
  - addresses: array Array with address related data
    - fullAddress: string | null Address as single string
- document: object* Verified document
  - number: string | null* Document number, [a-zA-Z0-9] characters only
  - type: string | null* Document type
  - country: string | null* Document issuing country, represented as ISO 3166 alpha-2 code
  - state: string | null* Document issuing state, represented as ISO 3166 alpha-2 or alpha-3 code
- comments: array (Deprecated) Always returns empty []
- additionalVerifiedData: object* Data which has been optionally verified for session
  - UKTFCheckResult: array* Array of UK DIATF checks results
    - CIFAS: string* CIFAS registry check result

Declined session due to failed CIFAS check

Scenario: there may be a possible match in the CIFAS database.

The webhook example below show only UK DIATF-related part of the webhook. See the example above for full payload.

{
    "status": "success",
    "verification": {
        ...
        "additionalVerifiedData": {
            "UKTFCheckResult": {
                "CIFAS": "CIFAS registry detected a potential match."
            }
        }
    }
}

Veriff Customer Portal

You can find the verification session related info in the Veriff Customer Portal, under the Webhooks tab.

→ See Review verification in Veriff Customer Portal about how to view the session info in the Veriff Customer portal

UK DIATF Certified Identity Verification (M1B)

Medium-confidence solution that must be completed using Veriff’s end-user flow to capture the document and selfie.

Used for	Allowed documents	Send `address` object on session start	Is end-user flow customizable?	Checks done
KYC	UK and Irish passports Irish passport cards Driver’s licence	Mandatory	No	CIFAS PEP Credit Header and UK Electoral roll
RTR RTW	UK and Irish passports Irish passport cards	Mandatory	No	CIFAS PEP Credit Header and UK Electoral roll

Used for

Allowed documents

Send address object on session start

Is end-user flow customizable?

Checks done

KYC

UK and Irish passports
Irish passport cards
Driver’s licence

Mandatory

CIFAS
PEP
Credit Header and UK Electoral roll

RTR

RTW

UK and Irish passports
Irish passport cards

Mandatory

CIFAS
PEP
Credit Header and UK Electoral roll

Flow overview

Step 1: create a session using the POST /sessions endpoint

See the POST /sessions[↗] section for a detailed overview of how to create a session
- Passing the idNumber, firstName, lastName and dateOfBirth are mandatory
Passing the verification.address.fullAddress parameter is mandatory
Veriff strongly recommends creating and using vendorData or endUserId for improved fraud detection

Step 2: capture user pictures and videos via verification flow

Open the response payload of the POST /sessions[↗] request you just made
Use the URL in the verification.url parameter listed in the payload
A web flow will start, which will guide you through the process

Step 3: wait for session approval and decision webhook response

As soon as the session is approved, the decision webhook will send an approved response
This response will include the identity verification result and session status, as well as the results of different checks
- The latter are visible in verification.additionalVerifiedData.UKTFCheckResult array
In case the session is declined, the webhook contains relevant info about the reason
- The reason for decline is visible in:
  - verification.code,
  - verification.reason and
  - verification.reasonCode parameters
- If the session failed due to a failed check, the explanation is visible in the UKTFCheckResult array

Find decision and/or session related info

Webhook response

M1B Webhook response = decision webhook response for an IDV session + specific properties in the verification.additionalVerifiedData.UKTFCheckResult array.

The relevant data is presented in strings, marking the result of its nominal check.

These checks are executed in succession and if the preceding check fails, the succeeding one is skipped.
The order of executing the checks is as shown below, but in the webhook payload the order may be random.

additionalVerifiedData.UKTFCheckResult.CIFAS
additionalVerifiedData.UKTFCheckResult.Electoral roll and Credit History UK
additionalVerifiedData.UKTFCheckResult.PEP

Approved session

Scenario: all the checks are successful, meaning that:

CIFAS and PEP matches are not found, and
the end-user is found in the Credit Header and Electoral Roll Database.

The example below uses placeholder data to show all mandatory parameters and the UK DIATF-related part of the webhook.
Depending on your integration’s configuration, your production payload may contain additional parameters; for info on fields from other solutions, see the decision webhook documentation.

Sample request

{
    "status": "success",
    "verification": {
        "id": "12df6045-3846-3e45-946a-14fa6136d78b",
        "attemptId": "00bca969-b53a-4fad-b065-874d41a7b2b8",
        "code": 9001,
        "status": "approved",
        "reason": null,
        "reasonCode": null,
        "vendorData": "12345678",
        "endUserId": "a1b2c35d-e8f7-6d5e-3cd2-a1b2c35db3d4",
        "acceptanceTime": "2025-01-15T09:30:00.000Z",
        "submissionTime": "2025-01-15T10:16:15.736755Z",
        "decisionTime": "2025-01-15T10:20:00.000Z",
        "person": {
            "firstName": "JOHN",
            "lastName": "SMITH",
            "dateOfBirth": "1978-01-15",
            "gender": null,
            "nationality": null,
            "idNumber": "12345678901",
            "yearOfBirth": null,
            "placeOfBirth": null,
            "addresses": {
                "fullAddress": "23 Willowbrook Lane, Ashford, Kent CT19 8NP, UK"
            },
        },
        "document": {
            "number": null,
            "type": null,
            "country": null,
            "state": null
        },
        "comments": [],
        "additionalVerifiedData": {
            "UKTFCheckResult": {
                "CIFAS": "Registry validation was successful",
                "Electoral roll and Credit History UK": "Registry validation was successful",
                "PEP": "Registry validation was successful",
            }
        }
    }
}

Request properties explained

status: string* Status of the response
verification: object* Verification request decision object
- id: string* UUID v4 which identifies the verification session
- attemptId: string* UUID v4 of the attempt which received a status (as shown in verification.status field)
- code: integer* Verification session decision code, one of 9001, 9102, 9103, 9104, 9121. For more info, see the verification session decision codes
- status: string* Verification status, one of approved, declined, resubmission_requested, expired, abandoned
- reason: string | null* Reason why the verification failed
- reasonCode: integer | null* Reason code of the failed verification. For more info, see the possible codes for a failed verification
- vendorData: string | null* The unique identifier that you created for your end-user. null if not specified
- endUserId: string | null* The UUID that you created for your end-user. null if not specified
- acceptanceTime: string* Timestamp of the session generation, represented as UTC YYYY-MM-DDTHH:MM:SS.SSS+Timezone Offset (ISO 8601)
- submissionTime : string* Timestamp of when the session was submitted, represented as UTC YYYY-MM-DDTHH:MM:SS.SSSSSS+Timezone Offset (ISO 8601)
- decisionTime: string | null* Timestamp of the decision, represented as UTC YYYY-MM-DDTHH:MM:SS.SSS+Timezone Offset (ISO 8601)
- person: object* Data about the verified person
  - firstName: string | null* Person's first name as written on the document
  - lastName: string | null* Person's last name as written on the document
  - dateOfBirth: string* Person’s date of birth, represented as YYYY-MM-DD
  - gender: string | null* Person’s gender, represented as M or F, or null if not present
  - nationality: string | null* Person’s nationality, represented as ISO 3166 alpha-2 or alpha-3 number
  - idNumber: string | null* National identification number
  - yearOfBirth: string | null* Person’s year of birth, represented as YYYY
  - placeOfBirth: string | null* Person’s place of birth
  - addresses: array Array with address related data
    - fullAddress: string | null Address as single string
- document: object* Verified document
  - number: string | null* Document number, [a-zA-Z0-9] characters only
  - type: string | null* Document type
  - country: string | null* Document issuing country, represented as ISO 3166 alpha-2 code
  - state: string | null* Document issuing state, represented as ISO 3166 alpha-2 or alpha-3 code
- comments: array (Deprecated) Always returns empty []
- additionalVerifiedData: object* Data which has been optionally verified for session
  - UKTFCheckResult: array* Array of UK DIATF checks results
    - CIFAS: string* CIFAS registry check result
    - Electoral roll and Credit History UK: string* UK Electoral Roll and Credit History check result
    - PEP: string* PEP check result

*Required parameter

Declined session due to failed CIFAS check

Scenario: there may be a possible match in the CIFAS database.

The webhook example below show only UK DIATF-related part of the webhook. See the example above for full payload.

{
    "status": "success",
    "verification": {
        ...
        "additionalVerifiedData": {
            "UKTFCheckResult": {
                "CIFAS": "CIFAS registry detected a potential match.",
                "Electoral roll and Credit History UK": "Registry check did not result in a match"
                "PEP": "Registry check was not executed",
            }
        }
    }
}

Declined session due to UK Electoral Roll and Credit History check

Scenario: the end-user data may be incorrect or missing in the database.

The webhook example below contains only UK DIATF-related part of the webhook. See the example above for full payload.

{
    "status": "success",
    "verification": {
        ...
        "additionalVerifiedData": {
            "UKTFCheckResult": {
                "CIFAS": "Registry validation was successful",
                "Electoral roll and Credit History UK": "Registry check did not result in a match"
                "PEP": "Registry check was not executed",
            }
        }
    }
}

Declined session due to failed PEP check

Scenario: end-user detected as potential PEP.

The webhook example below contains only UK DIATF-related part of the webhook. See the example above for full payload.

{
    "status": "success",
    "verification": {
        ...
        "additionalVerifiedData": {
            "UKTFCheckResult": {
                "CIFAS": "Registry validation was successful",
                "Electoral roll and Credit History UK": "Registry validation was successful"
                "PEP": "Person detected to be potentially a PEP",
            }
        }
    }
}

Veriff Customer Portal

You can find the verification session related info in the Veriff Customer Portal, under the Webhooks tab.

→ See Review verification in Veriff Customer Portal about how to view the session info in the Veriff Customer portal

UKDIATF Certified Identity Verification (L1B)

A low-confidence solution, completed using Veriff’s end-user flow to capture the document and selfie.

Used for	Allowed documents	Send `address` object on session start	Is end-user flow customizable?	Checks done
KYC	UK and Irish passports Irish passport cards Driver’s license	Optional	No	CIFAS

Flow overview

Step 1: create a session using the POST /sessions endpoint

See the POST /sessions[↗] section for a detailed overview of how to create a session
- Passing the idNumber, firstName, lastName and dateOfBirth are mandatory
Passing the verification.address.fullAddress parameter is optional
Veriff strongly recommends creating and using vendorData or endUserId for improved fraud detection

Step 2: start a session using the POST /sessions endpoint

Open the response payload of the POST /sessions[↗] request you just made
Use the URL in the verification.url parameter in the payload
A web flow will start, which will guide you through the process

Step 3: wait for session decision and decision webhook response

As soon as the session is verified, the decision webhook will send the response with session status. It will be one of 9000-code statuses
This response will include the identity verification result and session status, as well as all the UK DIATF CIFAS check result
- The latter is visible in verification.additionalVerifiedData.UKTFCheckResult.CIFAS string
In case the session is declined, the webhook contains relevant info about the reason
- The reason for decline is visible in:
  - verification.code ,
  - verification.reason and
  - verification.reasonCode parameters
- If the session failed due to the CIFAS check, the explanation is visible in the UKTFCheckResult.CIFAS string

Find decision and/or session related info

Webhook response

L1B Webhook response = decision webhook response for an IDV session + CIFAS-specific property in the verification.additionalVerifiedData.UKTFCheckResult.CIFAS string.

The CIFAS check must be successful, i.e. no match in the CIFAS database.

Approved session

Sample request

The example below uses placeholder data to show all mandatory parameters and the UK DIATF-related part of the webhook.
Depending on your integration’s configuration, your production payload may contain additional parameters; for info on fields from other solutions, see the decision webhook documentation.

{
    "status": "success",
    "verification":
        "id": "12df6045-3846-3e45-946a-14fa6136d78b",
        "attemptId": "00bca969-b53a-4fad-b065-874d41a7b2b8",
        "code": 9001,
        "status": "approved",
        "reason": null,
        "reasonCode": null,
        "vendorData": "12345678",
        "endUserId" : "a1b2c35d-e8f7-6d5e-3cd2-a1b2c35db3d4",
        "acceptanceTime": "2024-01-15T09:30:00.000Z",
        "submissionTime": "2024-01-15T10:16:15.736755Z",
        "decisionTime": "2024-01-15T10:20:00.000Z",
        "person": {
            "firstName": "JOHN",
            "lastName": "SMITH",
            "dateOfBirth": "1990-01-15",
            "gender": null,
            "nationality": null,
            "idNumber": "12345678901",
            "yearOfBirth": null,
            "placeOfBirth": null,
            "addresses": null,
        },
        "document": {
            "number": null,
            "type": null,
            "country": null,
            "state": null
        },
        "comments": [],
        "additionalVerifiedData": {
            "UKTFCheckResult": {
                "CIFAS": "Registry validation was successful"
            }
        }
    }
}

Request properties explained

status: string* Status of the response
verification: object* Verification request decision object
- id: string* UUID v4 which identifies the verification session
- attemptId: string* UUID v4 of the attempt which received a status (as shown in verification.status field)
- code: integer* Verification session decision code, one of 9001, 9102, 9103, 9104, 9121. For more info, see the verification session decision codes
- status: string* Verification status, one of approved, declined, resubmission_requested, expired, abandoned
- reason: string | null* Reason why the verification failed
- reasonCode: integer | null* Reason code of the failed verification. For more info, see the possible codes for a failed verification
- vendorData: string | null* The unique identifier that you created for your end-user. null if not specified
- endUserId: string | null* The UUID that you created for your end-user. null if not specified
- acceptanceTime: string* Timestamp of the session generation, represented as UTC YYYY-MM-DDTHH:MM:SS.SSS+Timezone Offset (ISO 8601)
- submissionTime : string* Timestamp of when the session was submitted, represented as UTC YYYY-MM-DDTHH:MM:SS.SSSSSS+Timezone Offset (ISO 8601)
- decisionTime: string | null* Timestamp of the decision, represented as UTC YYYY-MM-DDTHH:MM:SS.SSS+Timezone Offset (ISO 8601)
- person: object* Data about the verified person
  - firstName: string | null* Person's first name as written on the document
  - lastName: string | null* Person's last name as written on the document
  - dateOfBirth: string* Person’s date of birth, represented as YYYY-MM-DD
  - gender: string | null* Person’s gender, represented as M or F, or null if not present
  - nationality: string | null* Person’s nationality, represented as ISO 3166 alpha-2 or alpha-3 number
  - idNumber: string | null* National identification number
  - yearOfBirth: string | null* Person’s year of birth, represented as YYYY
  - placeOfBirth: string | null* Person’s place of birth
  - addresses: array Array with address related data
    - fullAddress: string | null Address as single string
- document: object* Verified document
  - number: string | null* Document number, [a-zA-Z0-9] characters only
  - type: string | null* Document type
  - country: string | null* Document issuing country, represented as ISO 3166 alpha-2 code
  - state: string | null* Document issuing state, represented as ISO 3166 alpha-2 or alpha-3 code
- comments: array (Deprecated) Always returns empty []
- additionalVerifiedData: object* Data which has been optionally verified for session
  - UKTFCheckResult: array* Array of UK DIATF checks results
    - CIFAS: string* CIFAS registry check result

Declined session due to failed CIFAS check

Scenario: there may be a possible match in the CIFAS database.

The webhook example below show only UK DIATF-related part of the webhook. See the example above for full payload.

{
    "status": "success",
    "verification": {
        ...
        "additionalVerifiedData": {
            "UKTFCheckResult": {
                "CIFAS": "CIFAS registry detected a potential match."
            }
        }
    }
}

Veriff Customer Portal

You can find the verification session related info in the Veriff Customer Portal, under the Webhooks tab.

→ See Review verification in Veriff Customer Portal about how to view the session info in the Veriff Customer portal

Status and reason codes

For an approved session, see the verification.code and verification.status parameters.

If the session was declined or resubmission_requested, you can find additional information by checking the verification.status, verification.code, verification.reason and verification.reasonCode data objects.

For more info about the codes you are seeing, refer to:

Changelog

Date	Description
Feb 20, 2026	Note about UK DIATF certification being temporarily paused removed Documentation updated, more detailed info added
Jun 12, 2025	Added note about the UK DIATF certification being temporarily paused