Trust Framework terms summary
The following terms (the “Amiqus Trust Framework terms”) are entered into our agreement with you (“the client”) and apply to your organisation’s (the “relying party”) use of our service to meet Digital Verification Services (DVS) requirements through use of an Identity Service Provider (ISP/IDSP) within the meaning of those terms in the UK Digital Verification Services Trust Framework (the “DVSTF”) and mentioned sector schemes.
As a certified IDSP, we are required to ask relying parties to support us through practices that reflect the principles behind the trust framework rules. These terms should be read in conjunction with the parent contract schedule and are intended to confirm the role and responsibilities between the relying party and Amiqus as a certified IDSP.
Key documents
DVS Trust Framework
For the purposes of these terms, references to the “DVSTF” refer to this document version listed. Due to the pace of development in the DVSTF and its sector schemes, it is expected that the documents referenced here will be updated regularly and the client should regularly familiarise themselves with any changes.
- DVSTF gamma (0.4) (the “DVSTF”, published 09 June 2026)
Sector schemes
Sector schemes refer to guidance that enables your organisation to use IDSPs to comply with your legal responsibilities, in addition to advising on how those checks are carried out.
These terms must be read in conjunction with these documents.
- Supplementary code for digital right to work checks (0.4) — The “RTW guidance” updated 01 December 2025.
- Supplementary code for digital right to rent checks (0.4) — The “RTR guidance”, updated 01 December 2025.
- Supplementary code for Disclosure and Barring Service digital identity checks (0.4) — The “DBS guidance”, updated 01 December 2025.
- Other referenced documentation and useful links for the Relying Part include:
Our certification
Amiqus is certified against the requirements of the DVSTF gamma (0.4) version in the capacity of an Identity Service Provider (IDSP) for the provision of Identity Verification Services and against the following GPG 45 profiles: H1A, H1B, M1A, M1B and M1C.
Amiqus’ certification (“the certification”) is conducted by a UK Accreditation Service (UKAS) accredited certification body and demonstrates conformance with all relevant requirements of the DVSTF, except the noted exclusions. Amiqus will be subject to periodic surveillance audits and recertification.
- Certificate of Registration — Certificate ID: DIATF-KIUK-24-06, original issue 11 August 2022.
Flow down terms
As part of Amiqus’ certification to the DVSTF, Amiqus must set out “flow down terms” to ensure the Relying Party supports Amiqus in meeting the principles, requirements and obligations of the DVSTF. The Relying Party agrees to the following flow down terms for specific sections:
Fraud management
Amiqus is committed to ensure that all potential anti-fraud controls and procedures are in place throughout the service. You will co-operate with Amiqus in support of identification, prevention and management of fraud or potential fraudulent activity arising from or in connection with the use of the services. This includes:
- As the Data Controller responding to and managing fraud incident response for any checks ran. Due to the security controls enacted by Amiqus, all client data is encrypted unless support access is enabled. Therefore Amiqus will only be able to support any potential fraud should support access be turned on. Amiqus has its own fraud incident response procedures as required through the DVSTF and will work with RP and external agencies where required to ensure prompt and accurate response where needed.
- Relying Party will notify Amiqus promptly of any actual or suspected live fraud or misuse of the service which may be relevant to the identity services, providing reasonable context and information within 24 hours of identification. Upon this notification, Amiqus will begin its fraud incident response process and conduct requirements for the DVSTF, such as saving relevant metadata for potential criminal investigation, supporting the Relying Party in its investigation and where relevant notification to relevant authorities in line with legal and regulatory requirements.
- Should Amiqus become aware of any potential fraudulent activity relating to the Relying Party or its Clients or Data Subjects, Amiqus will enact its fraud incident response procedure and upon confirmation notify the Relying Party immediately.
- Should it be agreed between the Relying Party and Amiqus or if the Relying Party deems there to be suspected criminal activity, the Relying Party will ensure no further activity takes place to avoid further criminal activity, do not tip off the individual if it is suspected criminal or fraudulent activity until the agreed time.
- Through the Known Fraud check requirement of the DVSTF, where there are previous flags for a victim of fraud or previous fraud activity, the Relying Party is responsible for reviewing any flagged responses and assess the requirement to put in place further security controls. As part of the check result coming back as Flagged, Amiqus has suggested potential controls the Relying Party could put in place such as a further video/in person check, or other internal controls the Relying Party may use.
- Should any external investigation be brought to either Amiqus or the Relying Parties attention, it will be investigated and Amiqus and the Relying Party agree to co-operate with the relevant third parties and any regulatory or authorities.
- Where a user or data subject fails an evidence check that they should pass, and especially in the case of repeated failures, the Relying Party will, through their review of the failure, ensure the failure is not an indication of potential fraud.
- The Relying Party and Amiqus agree to follow industry best practices such as Report Fraud and the Cyber and Fraud Centre Scotland recommendations.
- Relying Party agree to not disable, bypass or instruct Amiqus to disable the fraud controls put in place within the system, specifically relating to:
- Known Fraud
- Synthetic Identity
- Account Takeover
- Document Fraud
- Impersonation
Information security management
The Relying Party agrees to the specific Information Security requirements of the Service user terms.
Data retention management
The Relying Party agrees to the specific Data Retention Management sections of the main Data processing agreement of the contract. For the purposes of this section, Amiqus acts as the data processor on behalf of the Relying Party as the Data Controller who sets the Data Retention periods. Amiqus will work with the Relying Party to ensure data retention can be met and other GDPR requirements and obligations.
Personal data processing requirements
The Relying Party agrees to the specific Personal Data Processing sections of the main Data processing agreement of the contract. For the purposes of this section, Amiqus acts as the data processor on behalf of the Relying Party as the Data Controller who ensures the appropriate lawful basis for the processing and ensures understanding of the requirements and responsibilities of the Data Controller.
Data minimisation requirements
The Relying Party will ensure there are processes and controls in place to meet the requirements of Data Minimisation. Amiqus has ensured we only collect the required data for the check being conducted. The Relying Party will ensure there are clear processes and retention periods set for the data they hold within the Amiqus system.
Data accuracy and repair requirements
The Relying Party will ensure all data that is used through the Amiqus system is, to the best of their knowledge, accurate and maintained throughout the contract. The Relying Party will, as the Data Controller, respond to all data subject requests received around right to access, right to erasure, right to data portability, right to rectification, received either directly or through Amiqus as the Data Processor. Amiqus will follow the specific terms set out in our Data processing agreement for notification to the Relying Party for Data Subject Requests.
Identity repair and recourse requirements
Should a data subject become a victim of fraud, the Relying Party will work with Amiqus to help meet their requirements under the DVSTF to resolve and repair any identity which has been a victim of fraud. Amiqus has easily accessible contact details through the system and has documented processes aligned with Report Fraud and the Cyber and Fraud Centre Scotland. The Relying Party will also ensure clear contact details for any data subject to contact them and follow the Report Fraud advice to ensure full support and help can be given to a data subject who has been a victim of identity theft.
Resolution of incidents and complaints
The Relying Party and Amiqus agree to fully cooperate with and take such reasonable steps as are directed by either the Relying Party or Amiqus to assist in the investigation, mitigation and remediation of any incident or complaint received, specific to the services of the contract and under the DVSTF.
Relying party responsibilities
Right to Work (Home Office)
The following section highlights key terms from the Right to Work guidance on the use of an IDSP. It is not exhaustive and should be read in conjunction with the RTW guidance.
- The phrase “the employer” and “the relying party” are to be used interchangeably.
- The responsibility for completing a right to work check remains with the employer.
- A relying party who chooses to use an IDSP must still discharge their duties in accordance with the RTW guidance and Right to Work legislation.
- A relying party must carry out their own due diligence to satisfy themselves to a reasonable belief that their chosen IDSP has completed the check correctly in the prescribed manner.
- A relying party using an IDSP for remote digital checks should:
- Provide appropriate training and guidance to their staff for example, on what information they must obtain from an IDSP to confirm verification of identity, what the information can be used for, and the additional steps they must take to establish eligibility to work.
- A statutory excuse for the purposes of a right to work check can only be obtained using an IDSP for the following documents:
- Valid British passport
- Valid Irish passport or passport card
- Amiqus will take reasonable steps to ensure the required steps to be taken by an IDSP are fulfilled. Conformity with these criteria will be demonstrated by external audit and certification.
- The Relying Party must take reasonable steps to ensure they understand and execute the required steps to be taken by the employer. This includes but is not limited to:
- Satisfy themselves that the photograph and biographical details on the output from an identity check are consistent with the individual presenting themselves for work.
- Retain this information securely for the duration of employment and for a further two years after the employment has ended.
Rent to Rent (Home Office)
The following section highlights key terms from the Right to Rent guidance on the use of an IDSP. It is not exhaustive and should be read in conjunction with the RTR guidance.
- The phrase “the landlord” and “the relying party” are to be used interchangeably.
- The responsibility for completing a right to rent check remains with the landlord.
- A relying party who chooses to use an IDSP must still discharge their duties in accordance with the RTR guidance and Right Rent legislation.
- A relying party using an IDSP for remote digital checks should:
- Provide appropriate training and guidance to their staff for example, on what information they must obtain from an IDSP to confirm verification of identity, what the information can be used for, and the additional steps they must take to establish eligibility to rent
- A verified identity for the purposes of a right to rent check can only be obtained using an IDSP for the following documents:
- Valid British passport
- Valid Irish passport or passport card
- Amiqus will take reasonable steps to ensure the required steps to be taken by an IDSP are fulfilled. Conformity with these criteria will be demonstrated by external audit and certification.
- The relying party must take reasonable steps to ensure they understand and execute the required steps to be taken by the landlord.
- A relying party must familiarise themselves with and complete each step of their obligations under the RTR scheme in order to establish the statutory excuse.
- This includes, not is not limited to, satisfying themselves that the photograph on the output from the identity check is consistent with the individual.
DBS (Disclosure and Barring Service)
The following section highlights key terms from the DBS guidance on the use of an IDSP. It is not exhaustive and should be read in conjunction with the DBS guidance.
- A relying party using an IDSP for the purposes of verifying an identity as part of an application for a DBS check retains the obligation to carry out a risk assessment for each transaction.
- Amiqus will meet all requirements for certification against industry and government standards for the roles within our certification scope.