The UK government’s initiative to verify the identities of company directors and major stakeholders has ignited a wave of concern among cybersecurity and fraud prevention experts, who warn that the new system may unintentionally expose users to greater risks.
From November 18, all directors and persons with significant control (PSCs) of registered UK companies must legally verify their identities through the “One Login” service, a platform created to centralize access to government digital services. The move is led by Companies House, which says the measure will increase corporate transparency and deter fraud and money laundering.
FCRF Launches India’s Premier Certified Data Protection Officer Program Aligned with DPDP Act
Louise Smyth, CEO of Companies House sated that identity verification will play a key role in improving the quality and reliability of the data and tackling misuse of the companies register.
Cybersecurity Concerns Mount Over ‘One Login’
However, critics argue the rollout may be premature and risky. Michael Perez, director at managed service provider Ekco, pointed out that One Login has yet to meet several benchmarks set by the Cyber Assessment Framework. Past issues include software vulnerabilities and insecure login systems, which experts claim could become prime targets for hackers.
Perez stated that requesting millions of individuals to submit sensitive identity documents via a platform that hasn’t fully adopted secure-by-design principles introduces significant risk. It creates a central point of vulnerability.
Experts Warn of a Criminal Exploitation Window
Adding to the skepticism, Jonathan Frost, director at BioCatch, warned that the 12-month rollout timeline creates a window for criminal exploitation. Under current plans, existing directors will only need to verify their identity during their next annual confirmation statement, while PSCs have until November 2026.
Frost stated that Companies House must act swiftly to introduce robust controls to close this window of vulnerability. It risks enabling fraudulent filings that could bypass banking due diligence and fuel economic crime. Despite the concerns, analysts broadly agree that reform was overdue. Silvija Krupena of RedCompass Labs called the move “essential,” while urging both government and private sectors to go beyond regulatory checkboxes.