TL;DR: As of November 2025, companies house identity verification is mandatory. To understand how to meet companies house identity verification standard, businesses must follow a step-based process supported by controls. For companies house director verification, the journey ends with a personal code used to link roles and support confirmation statement filings.
What is Companies House Identity Verification?
Companies House is the UK registrar that keeps the public register of companies’ corporate members and runs online filing services for confirmation statements. As of November 2025, stronger identity verification protocols became a legal requirement for all UK company directors and People with Significant Control (PSCs) for existing and new companies.
People must either successfully verify via GOV.UK one login or through an Authorised Corporate Service Provider (ACSP). They must do this using documents, to ensure a safer register of existing individual members to tackle anti-money laundering or identity fraud. An ACSP acts as a business entity that can verify people on a client’s behalf. That means there needs to be some additional company time and resources that go beyond just checking an ID.
Companies House Identity Verification Journey
ACSPs should retain evidence from every identity check to uphold UK standards and maintain a clear audit trail. This includes successful, failed, and referred outcomes for corporate directors or PSCs, as well as failed verification attempts. Complete records show which evidence the ACSP used, which checks the team performed, and which outcome they reached. They also help the ACSP explain how each decision was made and produce a clear record quickly if Companies House requests one.
ACSP teams should follow a simple, repeatable journey to maintain compliance and reduce the risk of financial penalties. They should collect the individual’s details, capture identity evidence, validate its authenticity, confirm it belongs to the person, and then record and retain a complete audit pack. Once the verification is complete, the personal code can be issued and the relevant roles can be linked for filing. Building this protocol takes time, training, controls, and consistent outputs, but it gives ACSPs a defensible process they can apply at scale.
Why Companies House Identity Verification Tightened
This introduction of identity verification in November 2025, is part of Companies House’s wider push to reduce any abuse of the register linked to anti-money laundering and economic crime. To prevent the use of companies for illegal purposes, existing directors need to verify their Identity. It helps ensure compliance with legal requirements and reduce further risks.
Identity checks are tightening because the UK is closing gaps.
Joshua Vowles-Dent, GTM Lead, says that “Identity checks are tightening because the UK is closing gaps that have been exploited for years – shell companies, false director details, and synthetic identities that make it easier to move value and hide accountability. For ACSPs, the shift is clear: identity verification can’t be treated as a one-off ‘tick box’. It needs to be consistent, evidence-led, and repeatable, with records that stand up to scrutiny.”
The identity verification process must follow a consistent standard, not a best-effort approach. Companies House makes clear that business entities such as ACSPs must meet the identity verification standard when verifying existing PSCs or directors for clients. If organisations skip these steps or apply them inconsistently, they risk non-compliance, regulatory scrutiny, and financial penalties.
Scope of Verification of Companies House Service
Companies House identity verification currently applies to directors, persons with significant control (PSCs), and members of limited liability partnerships who must verify their identity. Directors and PSCs cannot legally act in these roles without a verified identity. If they fail to meet the identity verification requirements, they may face enforcement action, prosecution, and financial penalties through the courts.
It is also common to see mixed status in one file for a company’s confirmation statement. The same company may have new and existing directors plus existing PSCs at the same time. So intake must capture roles clearly. Clients also ask about the company secretary, so define who must verify their identity versus who only files.
The Companies House Identity Verification Process
In November 2025, the companies house register has two routes for the new identity verification process. As mentioned, people verify directly through gov.uk one login, post office or they use an authorized corporate service provider (ACSP). This is direct verification of identity of existing directors and PSCs.
The ACSP route is the assisted route which is helpful for existing and new companies alike. Unlike gov.uk one login, this is where a business will handle and run the checks, keep records, as well as support any edge cases around identity for companies house. Both of these routes introduce identity verification for the same end state as part of anti-money laundering procedures, preventing the use of companies for illegal purposes and any other form of identity fraud.
Common Pitfalls for Authorised Corporate Service Providers (ACSP)
ACSP teams often run into the same four pitfalls when delivering Companies House director verification. They confuse AML CDD with Companies House identity verification, accept incomplete intake data, especially address history, keep weak records, and fail to explain the personal code clearly to clients.
These compliance gaps can leave company directors stuck at the point they need to link their verified identity to their Companies House roles for filings. It is clear because Companies House sets a very clear expectation. ACSPs must follow the identity verification standard and keep step-based evidence for every check.
The simplest fix is a tighter operating model: split AML and Companies House into separate workflows, validate intake data up front, standardise an “audit pack” for every case, and send a short handoff explaining how to access and use the Companies House director verification personal code (via “Manage account”) before key filing dates.
The Guide to Identity for Companies House Verification Standards
Companies House introduces identity verification as mandatory and it is crucial for ACSPs to complete every step. That means your ACSP must be standards-first. Tools can help, but the duty stays with you. This is also where anti-money laundering governance helps. Anti-money laundering culture already values evidence and audit trails. Still, Companies House director verification is its own process and identity verification requirements. It is not just another AML check.
Step 1: Entering details and identity data quality
ACSPs must collect the right evidence to verify a person’s identity. This is where identity documents and photo ID choices matter. Acceptable forms of identification can include government-issued documents, machine-readable passports, biometric residence permits, UK biometric residence permits, UK biometric residence cards, Irish passport cards, and UK frontier worker permits. GOV.UK One Login lists the types of photo ID people can use to verify their identity. ACSPs should record the document reference number, expiry date, and country of issue as part of the evidence, so each verification has a clear and defensible audit trail.
Step 2: Identity documents and photo ID
It is important to get evidence to verify their company identity. This is where identity documents and photo ID choices matter. ACSPs can accept several forms of identification, including government-issued documents, machine-readable passports, biometric residence permits, UK biometric residence permits, UK biometric residence cards, Irish passport cards, and UK frontier worker permits. GOV.UK One Login lists the photo ID types people can use to verify their identity.
Steps 3: Security questions
Some users need to prove their identity by answering security questions online. Typically, this only applies to direct routes for companies house director verification. This is where the person can complete the process digitally without visiting a Post Office. These questions help confirm that the person has access to information that should be linked to their identity.
Step 4: Identity checks
Core identity checks ensure that the evidence provided is real, valid and untampered. That must then be checked to see if it belongs to the person that is going through the process. In the “online then Post Office” route, users must enter information from their photo ID on GOV.uk, then go to a Post Office to have their photo ID scanned. This confirms that the document presented matches what was submitted online.
Steps 5: Records and retention
Companies House requires teams to keep records of the evidence and information used during the identity verification process. These records help show how the verification decision was reached and provided an audit trail if the decision is reviewed later. Information must be kept for 7 years from the date identity verification is completed. It is essential to capture the right information at the point of verification, rather than after the fact. Clear records make the process easier to defend, especially when checks are being completed at mass.
Step 6: Verification Decision
The final step is the decision of the companies house director verification. Here, teams must decide whether the person’s identity can be verified based on checks, evidence, and information recorded. This decision should be clear, consistent, and easy to justify. It is important to build a verification pack as part of the new companies house director verification process. This includes details around the identity verification such as what was done as well as the outcomes and reasons for the decision.
Companies House Identity Verification Pack for Audit-Readiness
A strong ACSP verification pack turns Companies House director verification from a one-off task into a defensible process teams can repeat at scale. Companies House requires ACSPs to keep records of each identity verification step and retain them for 7 years. Build each pack so it answers one question quickly. We need to answer, what did we check, which evidence did we rely on, and why did we verify the person’s identity, reject it, or refer it for further review?
In practice, a complete pack should include: intake details (the identity data provided at onboarding), evidence copies (document images or capture outputs), and check logs (system outputs showing authenticity/ownership results). It should also capture the decision record (verified / fail / refer), any reviewer notes (if applicable), the ACSP submission confirmation, and an audit-ready timestamp trail that links actions to the operator and time, plus a clear retention marker so your team knows when the record can be disposed of.
Companies House Personal Code via gov.uk one login
After a person verifies their identity, a person gets a Companies House personal code. Companies House explains it is an 11-character code, personal to the individual. Clients often call it a house personal code. Users can view and manage their personal code and verification details through their Companies House account via Manage account once their identity is verified and connected to the account.
Companies House will update the register to show the due dates for each role you hold after verification. If you are involved in more than one company, you may need to provide your personal code to Companies House more than once. Companies House also says you must sign in with the same email address you used when you verified.
Handling Sensitive Identifiers for Companies House Identity Verification
Some clients will ask if they need to provide a National Insurance number, especially when different verification routes request different details. ACSPs should treat any government identifier as high-sensitivity data and only collect it when the selected verification journey genuinely requires it. GOV.UK One Login can use evidence and verification signals beyond photo ID, including HMRC tax record checks. The security questions route also uses credit-record style questions, so users may see different prompts depending on what data is available for them.
From an ACSP controls perspective, the goal is minimisation plus strong safeguards: collect the minimum attributes needed to complete the ID verification process, store them with tight access controls, and retain them only as long as required for audit. FATF’s digital identity guidance explicitly frames digital ID as a way to support elements of customer due diligence using a risk-based approach, which aligns well with treating identifiers such as a national insurance number as optional-by-design, not default-by-habit.
Case study: Overseas founder becomes company director near a filing date
Northbridge Services Ltd (Leeds) added an overseas founder as a new director and updated an existing director’s details. The founder tried gov.uk one login but struggled to verify their identity. After switching to an ACSP route, they learned that a shared mailbox caused confusion over the same email address used at verification. This blocked access to a personal code for companies house director verification via Manage account.
ACSP verification plus code-access recovery playbook
An ACSP ran the six-step process and captured evidence in a clean audit pack. This was treated as a full companies house director verification process. Then, they moved the new director to a unique email and documented ownership. Additionally, the team aligned next steps to role linkage and filing timing. A verified identity results in a personal code that allows you to role link.
Outcomes
- The new director’s verified identity linked cleanly to the role.
- They removed shared inbox risk and kept access stable.
- The company filed on time with no identity rework for the existing companies corporate members.
Corporate directors, corporate PSCs, corporate members, and limited partnerships in scope at later date
After November 2025, Companies House has signalled that some roles will move into scope at a later date, so ACSPs should expect follow-on change. This includes corporate directors, officers of corporate PSCs, and limited partnerships. They require tighter role mapping. Some clients will also describe LLP structures using terms such as corporate members or “companies corporate members” where a company is the member, which is exactly where poor data modelling and unclear ownership chains create friction.
As outlined by Companies House’ “changes to UK company law” programme, staged implementation is part of the plan, so the best teams treat later-date scope as a planned product iteration, not an unexpected compliance fire drill. You can learn more about workflows here: Build a Strong KYC Due Diligence Checklist UK
Key Takeaways
- Companies house identity verification works best as an end-to-end workflow, not a one-off check.
- Companies house director verification should be planned around a confirmation statement deadline.
- Strong record-keeping (audit pack + retention) makes an ACSP process defensible at scale.
- Clear client communications (timelines and code usage) prevent most delays and rework.
- Meeting companies house identity verification standard means mapping every step to saved evidence and a clear decision record.
Preparing for Scale with ComplyCube
As of November 2025, with the 12-month transition period, volume will rise. More people will verify closer to company’s confirmation statement deadlines. The authorised corporate service provider process is an advantage. With good intake, strong checks, and fast record retrieval, companies can avoid financial penalties and further risks.
So if you want to future-proof your identity verification solution, design now for later date roles. That includes corporate PSC officers and limited partnerships. If you want a practical review of your workflow against the six-step standard, speak to our team at ComplyCube. We can help you standardise checks and produce audit-friendly outputs that match your policy.
Frequently Asked Questions
Do I need GOV.uk One login for companies house identity verification?
Not always. GOV.UK One Login is the direct route for people verifying their own identity online. ACSPs can also verify clients through their own workflow, as long as they meet Companies House identity verification standards for evidence capture, identity checks, decisioning, and record keeping.
Can directors verify their identity at the Post Office?
Yes. Directors, PSCs, and some corporate officers who cannot complete the GOV.UK One Login route may use the Post Office route. They enter details from their photo ID online, then visit a participating Post Office to have the document scanned and checked in person.
Why do people lose access to their Companies House personal code?
People usually lose access because they sign in with the wrong account, use a different email address, or cannot find the code in their Companies House account. Since the personal code is needed to link verification to a company role, this can delay filings and confirmations.
How long must ACSPs keep identity verification records?
ACSPs must keep identity verification records for 7 years from the date the verification is completed. These records should show what evidence was used, which checks were completed, what decision was made, and why the person’s identity was accepted or rejected.
How does ComplyCube support Companies House identity verification?
ComplyCube helps ACSPs standardise Companies House identity verification with an audit-ready workflow. Teams can capture identity evidence, run checks, make consistent decisions, and retain verification records. This helps firms verify directors, PSCs, and relevant officers efficiently while keeping the process defensible at scale.
