How Identity Verification at Companies House Affects OSINT Investigations

On 8 April 2025, Companies House launched its voluntary identity verification service, a major milestone in implementing the Economic Crime and Corporate Transparency Act 2023.

From autumn 2025, identity checks will become mandatory not only for newly appointed directors, PSCs, and company filers, but also for existing individuals in those roles. For current company officers, verification will be required as part of their next annual confirmation statement after the new rules come into force. This marks one of the most significant updates to the UK’s corporate transparency framework in years.

The goal is simple: make it harder for fraudsters to hide behind false identities and improve trust in the UK business register. This change will play a major role in improving the reliability of the register. However, while this change is significant, it’s important to understand its limitations for OSINT practitioners, especially those outside the public sector.

A Step Forward for Data Quality

Under the new rules, every company director, person with significant control, company secretary, and individual responsible for filings will be required to verify their identity. This can be done either:

• Directly via GOV.UK One Login
• Through an Authorised Corporate Service Provider (ACSP), such as an accountant or solicitor

Timeline at a Glance:

When someone verifies their identity with Companies House, they’ll receive a personal code. This code connects all of their directorships, PSC roles, and filings.

What Does the Personal Code Mean for Investigations?

With identity verification becoming mandatory, individuals appointed to a company will be tied to a confirmed identity. Over time, this will significantly reduce false or fabricated entries on the register. While historical records will remain unverified, new filings can be trusted more than ever before.

For investigators, the idea of a unique verified ID code tying a person to multiple companies sounds ideal. One of the biggest challenges in corporate OSINT is disambiguating individuals with common names, often relying on partial date of birth, addresses, or co-directors to build confidence in matches. A unique ID tied to each person across multiple company roles would make attribution much easier, especially in the case of common names. 

But here's the catch: the Companies House personal code will not be made public.

While Companies House will now have a way to internally connect roles to verified individuals, the personal code will not appear in public filings. It’s a private reference, used only during appointments and filings, and designed to be kept secure, much like a National Insurance number or Unique Taxpayer Reference.

This means that while each director or PSC will be tied to a verified identity, investigators relying on publicly accessible data will still lack a reliable way to confirm whether two similarly named directors are the same person. Verification improves trust in individual filings, but without access to the personal code, most investigators won’t benefit from the added linkage across records.

Public vs. Private Sector: Who Gains What?

Public Sector Investigators

Agencies with privileged access, such as law enforcement, regulators, or HMRC, will likely be able to make use of the verified identity linkage in full and see which roles link back to the same verified person. Once verification becomes widespread, they’ll be better equipped to:

• Resolve identities across complex company networks
• Identify nominees or proxies used to obscure ownership
• Improve screening for economic crime or sanctions evasion

Private Sector Investigators

The private sector, including financial crime analysts, journalists, and compliance teams, will not have access to this internal linkage. They'll need to continue:

• Matching individuals based on name and month/year of birth
• Reviewing addresses and appointment patterns
• Using tools like Companies House Unlock, which helps group companies by shared name and birth month

OSINT Impact: Progress, With Persistent Limitations

What This Helps

• Improves trust in newly filed data from autumn 2025 onward due to improved data quality
• Reduces bogus or impersonated directorships
• Shell companies and fraudulent entities will face more friction, raising the cost of deception
• Makes future cases of fraud easier to spot and investigate for those with access to identifiers

What This Doesn’t Solve

• Historical filings will still contain unverified individuals, with no clear way to verify or link them
• Public users can’t see connections between verified individuals and their multiple roles (e.g., no visible personal code or hashed identifier)
• The system doesn’t block nominees — individuals can still act on behalf of others if verified
• Investigators still need to triangulate identity using DOB, address reuse, and cross-referencing with other public records

What This Means for OSINT Tools

For vendors building OSINT tools, the rollout of identity verification brings a clear opportunity. While the personal code won’t be public, the introduction of ID verifications means vendors can add flags or filters indicating whether a company filing was made post-verification. This would offer investigators an extra layer of confidence when analysing subjects connected to UK businesses.

More Certainty, Same Complexity

The introduction of identity verification is a meaningful step toward cleaning up the UK’s business register, which should provide more transparent insight into who owns and controls UK companies. 

However, for most investigators working with public data, the challenge of attribution remains. The absence of a visible, persistent identifier across records means the work of connecting the dots still requires multiple sources, careful correlation, and smart tooling.