If your organisation hires into regulated roles in the UK, enhanced DBS checks are likely part of your process. But most HR teams pick a provider, configure the integration, and move on without thinking hard about what’s actually happening under the hood.<\/p>\n\n\n\n
That’s a reasonable approach, right up until something goes wrong. A check fails and nobody can tell you why. A candidate drops off partway through identity verification. Results come back unclear, and your team is left chasing. Suddenly the “fine, it works” provider is costing you time, trust, and candidates.<\/p>\n\n\n\n
Here’s what to look for, and why the provider you choose matters more than most buyers realise.<\/p>\n\n\n\n
There are three types of DBS checks available to UK employers. The level your organisation needs depends on the roles you’re filling.<\/p>\n\n\n\n
DBS Basic<\/strong> is the most widely used. It covers unspent convictions and conditional cautions, and is available for any purpose. Most employers use it for general employment screening where there’s no specific legal requirement for a deeper check.<\/p>\n\n\n\n DBS Enhanced<\/strong> goes significantly further. It includes spent and unspent convictions, cautions, reprimands, and warnings, plus any relevant information held by local police forces. It’s required for roles involving regulated activity with children or vulnerable adults, including most positions in healthcare, education, and social care. It’s also the most complex check to run correctly.<\/p>\n\n\n\n DBS Standard<\/strong> covers spent and unspent convictions, cautions, reprimands, and warnings, without the local police check element. It typically applies to certain regulated professions and sits between Basic and Enhanced in scope.<\/p>\n\n\n\n If you’re running enhanced DBS checks specifically, who you run them through is not a minor detail.<\/p>\n\n\n\n Enhanced DBS checks require identity verification at a higher standard than Basic. Before a check can be submitted to the Disclosure and Barring Service, the candidate’s identity has to be confirmed to what the UK government calls GPG45 High confidence.<\/p>\n\n\n\n GPG45 is the government’s framework for assessing digital identity verification. Medium confidence covers right to work and DBS Basic. High confidence is what Enhanced and Standard require. Achieving it means the identity verification process has been independently assessed against defined standards of security, accuracy, and integrity.<\/p>\n\n\n\n For DBS checks, employers must use a certified Identity Service Provider (IDSP). That’s a legal requirement, not a recommendation. And the quality and structure of that provider varies considerably.<\/p>\n\n\n\n An IDSP (Identity Service Provider) is an organisation formally certified under the UK’s Digital Identity and Attributes Trust Framework (DIATF) to verify people’s identities digitally. The framework exists because digital identity verification carries real risk, and the UK government requires organisations doing it to prove they meet a defined standard of practice.<\/p>\n\n\n\n The current standard is the Gamma framework, which updated and replaced the previous Beta framework. Gamma sets stricter requirements across governance, security, fraud monitoring, data privacy, and user protections. All certified IDSPs were required to complete the uplift to maintain their status.<\/p>\n\n\n\n To earn DIATF Gamma certification, an organisation must demonstrate:<\/strong><\/p>\n\n\n\n Certified IDSPs are listed on the official DIATF register at gov.uk, making their status independently verifiable, not just self-declared.<\/p>\n\n\n\n Yes. And this is where providers diverge significantly.<\/p>\n\n\n\n Some DBS providers outsource identity verification to a third party. That arrangement works, but it creates real limitations. When IDV is handled by a separate vendor, the provider you’re working with has limited visibility into what happens during a session, limited control over rejection rates and failure reasons, and limited ability to improve the experience without waiting on someone else’s roadmap.<\/p>\n\n\n\n For your team, that tends to show up as:<\/p>\n\n\n\n When a provider owns and operates identity verification in-house, under their own DIATF certification, they control the full process. They can investigate failures directly, surface clearer information when something goes wrong, and make improvements on their own timeline.<\/p>\n\n\n\n Certn runs DBS Basic and enhanced DBS checks for UK employers through CertnCentric, our modern screening platform. DBS Standard is in progress and coming soon.<\/p>\n\n\n\nWhy enhanced DBS checks require a certified provider.<\/strong><\/h2>\n\n\n\n
What is a DIATF-certified IDSP?<\/strong><\/h2>\n\n\n\n
\n
Does it matter whether your provider runs identity verification in-house?<\/strong><\/h2>\n\n\n\n
\n
How Certn runs enhanced DBS checks.<\/strong><\/h2>\n\n\n\n