For the first time, there is a statutory, government-backed standard for digital identity and attribute services in the UK.
Certification to Gamma shows that your organization delivers a digital verification service (DVS) that is trustworthy, safe, and reliable. It proves to regulators, clients, and users that you have the right processes in place to manage identity securely and responsibly.
One of the most significant changes in Gamma is the introduction of five defined provider roles. These roles bring clarity and structure to the market, helping organizations understand their responsibilities and plan their certification journey.
Why role definitions matter
Digital identity is a complex ecosystem. Providers may handle evidence, biometrics, data attributes, orchestration, or consumer-facing platforms, often in combination. Without role definitions, it was harder for organizations to know exactly what applied to them.
Gamma solves this by setting out five specific categories, each with clear rules. This helps everyone:
- Organizations know what requirements apply to their services.
- Clients and regulators can see the scope of certification more transparently.
- Users gain confidence that certified providers have been assessed for their role.
Certification to Gamma is already mandatory for DBS digital vetting and is strongly recommended for Right to Work and Right to Rent checks. For any organization working in HR tech, fintech, compliance, or digital onboarding, identifying your role is the first step to remain competitive and compliant.
The five provider roles explained
- Identity Service Provider (IDSP) - IDSPs are responsible for verifying people’s identities. This typically involves checking documents, capturing biometric data, and applying fraud detection tools. For example, a company that verifies new employees as part of the Right to Work scheme would fall into this category. Under Gamma, IDSPs must follow strict rules on accuracy, bias mitigation, and escalation processes.
- Attribute Service Provider (ASP) - ASPs provide verified information (attributes) about individuals. This could be anything from confirming a qualification or professional licence to checking someone’s employment history. For example, a university offering verified digital diplomas or a platform confirming driver licence validity would be ASPs. Their role is essential in ensuring data accuracy and trustworthiness.
- Orchestration Service Provider (OSP) - OSPs act as the “connectors” of the identity ecosystem. They manage how IDSPs, ASPs, and other providers interact to create a smooth, compliant user journey. For example, an OSP could support a financial services firm by securely combining identity verification, fraud checks, and attribute confirmation into one onboarding flow. Gamma requires OSPs to prove strong governance and system security.
- Holder Service Provider (HSP) - HSPs give individuals control over their verified identity data, often through digital wallets or apps. This role empowers users, making it easier for them to prove who they are and what attributes they hold. For example, a digital wallet that stores your verified right-to-rent status and lets you share it securely with landlords would be an HSP. Gamma ensures HSPs provide transparency, user protection, and accessible complaint mechanisms.
- Component Service Provider (CSP) - CSPs are the technology suppliers behind the scenes, the companies providing biometric software, anti-fraud tools, or other technical components that support digital identity systems. For example, a facial recognition vendor supplying software to IDSPs would be a CSP. Certification ensures these providers meet strict standards for reliability, fairness, and security.
What this means for your organization
Understanding your role under Gamma isn’t just an administrative step, it defines your path to compliance and market advantage. Each role carries specific requirements covering governance, technical standards, and user protection.
By certifying to Gamma, organizations can:
- Build trust – Demonstrate your commitment to secure, fair, and reliable identity services.
- Stay compliant – Meet legal obligations, particularly for DBS checks, and align with government-backed schemes like Right to Work and Right to Rent.
- Gain recognition – Position your organization as a trusted partner in a fast-growing digital identity ecosystem.
- Differentiate your services – Show regulators, partners, and clients that your solutions meet the UK’s highest standards.
Practical benefits are already emerging. Certified providers are seeing reduced fraud rates, smoother user onboarding, and stronger credibility in tenders and procurement processes. For many, Gamma certification is becoming a competitive advantage.
Preparing for certification
The journey starts with clarity. Organizations should first decide which of the five roles best describes their services. From there, the next steps include:
- Reviewing current processes for governance, bias mitigation, and user escalation routes
- Ensuring transparency in how data and attributes are handled
- Preparing documentation and evidence for audit against Gamma requirements
To help with this, BSI will soon release a Certification Readiness Checklist. This practical tool will enable organizations to benchmark their progress and find any gaps before starting the audit process.
Building trust in the future
The introduction of role definitions under Gamma marks a major step forward for digital identity in the UK. By clearly setting out expectations, it reduces uncertainty, strengthens compliance, and builds trust across the market.
Whether you are an IDSP verifying identities, an ASP managing attributes, or a CSP supplying the technology, now is the time to align with the framework.
Certification is more than a compliance exercise. It’s a statement that your organization is ready for the future of digital trust and that you are committed to protecting users, reducing fraud, and driving progress.
BSI is here to help you take the next step with confidence.
Discover your role in DIATF Gamma and start your certification journey with BSI.
