If you have come to this page looking for a Companies House "identity verification form" to download, complete, and post, here is the correction you need first. There is no numbered Companies House paper or PDF form for identity verification. The regime under the Economic Crime and Corporate Transparency Act 2023 (ECCTA) is delivered electronically through one of two routes, neither of which involves a paper form.
The first route is GOV.UK One Login, the cross-government identity service operated by the Government Digital Service. It captures your identity through an interactive web and mobile flow with document upload, biometric photograph, face-match, and security questions. The second route is the Authorised Corporate Service Provider (ACSP) route, where a UK firm authorised by Companies House (typically your accountant or company-secretarial agent) verifies your identity using its own KYC platform under Money Laundering Regulations 2017 standards, then submits an electronic confirmation to Companies House on your behalf under ECCTA s.66.
Both routes produce the same outcome: a verified natural-person identity record at Companies House plus a unique alphanumeric personal code allocated to you under ECCTA s.68. The code is then quoted on every subsequent Companies House filing that records you as a director or PSC. This page is the submission-mechanic walkthrough: what data is captured, where it goes, what becomes publicly visible and what does not, and how the personal code threads into your CS01, AP01, PSC01, and IN01 filings.
For the definitional on-ramp covering who is in scope and when, see our complete guide to identity verification in the UK. For the multi-SPV operational walkthrough across a landlord LtdCo portfolio, see our ECCTA identity verification operational page. For the PSC-specific edge cases (family investment companies, trusts, joint shareholders), see our identity verification for PSCs page.
Why There Is No Numbered Form: The Verification Replaces a Snapshot With a Process
Historic Companies House practice produced numbered paper-or-PDF forms for substantive filings: AP01 for a director appointment, CS01 for a confirmation statement, PSC01 to PSC09 for the PSC family of notifications, IN01 for incorporation, MR01 for a mortgage charge. Each form is a snapshot of data submitted against a static template. Identity verification does not fit that pattern. Verification is by design a real-time process: capture a current photograph, match it against a current identity document, run liveness checks, anchor against a current address of residence, then deliver a unique identifier that ties the verified natural person to their downstream filings.
The route-vs-historic-form mapping is the headline correction the page exists to make.
| Historic numbered Companies House form | What that form does | ECCTA identity verification | What the verification route does |
|---|---|---|---|
| AP01 (Appointment of director) | Records the appointment plus personal particulars of a new director | GOV.UK One Login or ACSP electronic submission | Captures live document scan, biometric face-match, and address anchor; issues personal code under ECCTA s.68 |
| PSC01 (PSC notification) | Records the first notification that a natural or legal person is a PSC | GOV.UK One Login or ACSP electronic submission | Same flow; one verification per natural person per ECCTA s.68 |
| CS01 (Confirmation statement) | Annual confirmation of the company's particulars | Not a verification route. CS01 now quotes the personal code as a required field | Filing-side admin only; the personal code is supplied as a required data-field on the existing form |
| IN01 (Incorporation) | Incorporates a new UK company with founder-directors and first PSCs | GOV.UK One Login or ACSP electronic submission for each in-scope founder | Personal codes for each in-scope founder-director and first PSC supplied at incorporation post-18 November 2025 |
| MR01 (Mortgage particulars) | Registers a charge against the company | Not in scope of the ECCTA identity verification regime | Unaffected |
Two operational points follow from the table. First, the verification routes do not produce a new numbered form. They produce a personal code that is then quoted on the existing numbered forms where you appear as a director or PSC. Second, the personal code is allocated per natural person, not per company. One verification covers every UK directorship and every PSC interest you will ever hold under ECCTA s.68. The code is permanent and does not need renewing on a calendar.
The GOV.UK One Login Route: Screen by Screen
GOV.UK One Login is the cross-government identity-and-authentication service operated by the Government Digital Service. The Companies House identity verification flow runs through One Login as one of its identity-proofing services. Entry point: signin.account.gov.uk. The screen-by-screen flow takes most readers under thirty minutes from a cold start, or under fifteen minutes if you already use One Login for Self Assessment, Universal Credit, MOT history, or any other government-side service.
Mrs Adebayo is a UK-resident director and 100 percent PSC of a residential property SPV in Leeds. She has a UK passport in date, an active GOV.UK One Login account from her Self Assessment filings, and a smartphone with a working camera. Her flow looks like this.
- Sign in. Adebayo signs in at One Login using her existing email and password plus a six-digit security code emailed to her.
- Start the Companies House identity verification step. From her account dashboard she selects "Verify your identity for Companies House", or she enters via the Companies House service which redirects her to One Login.
- Choose identity document. She selects UK passport. The acceptance list also includes a non-UK passport in date, a UK photo driving licence (full or provisional), a UK Biometric Residence Permit, a UK Biometric Residence Card, and a UK Frontier Worker permit. Verify the current acceptance list against Companies House guidance at the moment you are verifying.
- Document photograph. Adebayo uses the GOV.UK One Login app on her smartphone to read the biometric chip on her UK passport. The app option is more reliable than the web-upload alternative because it reads the chip directly. The web route accepts uploaded scans where the app is not available.
- Face-match photograph. She takes a live selfie. The app runs liveness checks (turn head, blink, look up) and matches the live face against the chip photograph.
- Address and personal-details anchor. She confirms her current Leeds residential address, her date of birth, and her full legal name. Former names (deed poll, marriage) are captured here if relevant for cross-linking with the historical Companies House record. The service runs background cross-checks against electoral register and credit-history sources.
- Security questions. Two cross-check questions answered.
- Confirmation and submission. Adebayo confirms the data and submits.
- Personal code allocation. Within about 5 to 15 minutes after submission, the personal code under ECCTA s.68 lands in her One Login account inbox and is emailed to her verified email address.
Total elapsed time from sign-in to code-in-hand: under thirty minutes. Adebayo records the code in her password manager and gives it to her accountant, who will quote it on the SPV's next CS01 confirmation statement plus on any subsequent AP01 or PSC01 amendments.
The Authorised Corporate Service Provider Route: What Your Accountant Submits On Your Behalf
An Authorised Corporate Service Provider is a UK firm AML-supervised under MLR 2017 (typically a chartered accountant, company-secretarial agent, or solicitor, supervised by HMRC, the FCA, ICAEW, ACCA, ICAS, CIOT, or the Law Society) that has separately registered with Companies House to perform identity verification under ECCTA s.66. The ACSP applies its own AML-compliant customer due diligence procedures, runs document-authentication and face-match checks using its KYC platform of choice, and submits the verification confirmation electronically to Companies House. Companies House does not re-verify. It accepts the ACSP-side confirmation as the verification event, with the ACSP carrying the supervisory responsibility under ECCTA s.66 and MLR 2017.
Mr Kowalski is a Polish-national director of a UK property SPV in Manchester. He is UK-resident but has no active GOV.UK One Login account. He holds a Polish passport, a UK Biometric Residence Permit, and utility bills in his name. He chooses the ACSP route via his Manchester-based chartered accountant (AML-supervised by ICAEW and registered as an ACSP with Companies House). His flow looks like this.
- ACSP engagement. Kowalski signs an engagement letter with the firm covering the verification work. One-off fee £150 plus VAT.
- AML customer due diligence. The firm already holds CDD records for Kowalski as an existing client and refreshes them against MLR 2017 reg.27 (ongoing monitoring). The marginal effort is modest.
- KYC platform verification. The firm uses an Onfido-powered portal: Kowalski uploads a photograph of his Polish passport and a live selfie via the secure portal; Onfido runs document-authenticity, face-match, and liveness checks; results land back with the firm in under an hour.
- ACSP-side submission to Companies House. The firm submits the electronic verification confirmation to Companies House under its ACSP credentials, confirming the documents used, the verification timestamp, and the firm's responsibility under ECCTA s.66 and MLR 2017 supervision.
- Personal code allocation. Companies House issues Kowalski's unique alphanumeric personal code under ECCTA s.68. The firm receives the code, forwards it to Kowalski by encrypted email, and records it on the client file.
- Operational integration. The firm quotes the personal code on the SPV's next CS01 confirmation statement plus on any subsequent AP01 or PSC01 amendments.
Total elapsed time from engagement to code-in-hand: three business days. Typical ACSP fee range across the market is £50 to £300 one-off, with the lower end applying for existing clients whose AML records are current and the upper end for new clients verifying from scratch. Verify the chosen firm's published rates before instruction.
What Data Companies House Captures (and Where Each Field Goes)
The data captured during verification is identical across the two routes, even though the submission interface differs. The fields captured are:
- Full legal name plus any former names (deed poll, marriage, or other name change relevant for cross-linking against the historical Companies House record).
- Date of birth (full day, month, year).
- Nationality.
- Country of residence.
- Current residential address (full UK or non-UK address).
- Identifying document type, number, and expiry date (passport number, driving licence number, BRP number, or equivalent).
- Biometric photograph (captured for the face-match purpose; retained per the Companies House published privacy notice and the Data Protection Act 2018 framework).
- Signed declaration that the information provided is accurate.
- Verification timestamp, route used (One Login or ACSP), and (for the ACSP route) ACSP identifier plus AML supervisor identifier.
Each field has a specific operational purpose. The full legal name, date of birth, nationality, and verified-status flag are linked to the natural-person record at Companies House and surface on any director or PSC entry the person subsequently holds. The residential address, identifying document number, and biometric photograph are retained internally but not published. The publication restriction is the operative protection that makes the regime workable for directors and PSCs who do not want their passport number or biometric data on a free public database.
What Becomes Publicly Visible and What Does Not (The ECCTA s.69 Protection Matrix)
ECCTA s.69 ("Identity verification: material unavailable for public inspection") is the statutory anchor for the publication restriction. Reinforced by Companies House published display rules, it produces the following visibility matrix on the searchable PSC and director record.
| Field captured during verification | Public-register visibility | Authority |
|---|---|---|
| Full legal name | Public (appears on PSC and director record) | CA 2006 PSC and director public-register architecture |
| Any former names (deed poll, marriage) | Public where notified on the company's PSC or director record | CA 2006 plus Companies House published display rules |
| Date of birth (full day) | NOT public (day suppressed) | ECCTA s.69 plus Companies House published display rules |
| Date of birth (month and year only) | Public (for example "June 1975") | Companies House published display rules |
| Nationality | Public | CA 2006 plus Companies House published display rules |
| Country of residence | Public | Companies House published display rules |
| Residential address (where different from service address) | NOT public | ECCTA s.69 plus CA 2006 ss.243 to 244 protected-information regime |
| Service address (registered office or separately designated service address) | Public | CA 2006 public-register architecture |
| Identifying document type and number | NOT public | ECCTA s.69 publication restriction |
| Biometric photograph | NOT public (retained internally for verification audit only) | ECCTA s.69 plus Data Protection Act 2018 |
| Signed declaration record | NOT public | Internal verification audit only |
| Personal code (unique identifier) | NOT public as a literal string (the verified-status flag is public; the code itself is private) | ECCTA s.68 plus Companies House published guidance |
| Verified-status flag (yes or no) | Public (appears on PSC and director record once verified) | Companies House published display rules |
| Date became director or PSC | Public | CA 2006 public-register architecture |
| Nature of control (which PSC test) | Public (PSCs only) | CA 2006 PSC plus Companies House published display rules |
| Occupation | Public (directors only) | CA 2006 director public-register architecture |
Three operational points to surface. Your full date of birth day is suppressed on the public register, so a searcher cannot lift your full DOB from the Companies House search. Your residential address is not published where it differs from a service address: a registered-office or separately designated service address is what appears on the public PSC or director record. Your passport or driving-licence number is not published. The combination protects against the most common identity-theft vectors that would otherwise attach to a fully public personal-data submission.
Receiving and Recording Your Personal Code
The personal code under ECCTA s.68 is the operative artefact produced by verification. It is alphanumeric (typically 8 to 12 characters at current rollout), permanent (does not expire, does not renew annually, does not change if you move house or change your name), and per natural person (one code per individual, regardless of how many UK companies you are a director or PSC of). Delivery mechanics differ slightly between the two routes.
- GOV.UK One Login route. The code appears in your One Login account inbox plus is emailed to your verified email address typically within 5 to 15 minutes of submission.
- ACSP route. The code is delivered by the ACSP firm to you, typically by encrypted email plus recorded on the firm's client file. Some firms include the code in a verification-complete bundle (engagement letter sign-off, AML compliance record, code-of-record).
Practical recommendation: record the code in three places. Your personal secure record (password manager or safe). The client file of your accountant or company-secretarial agent. Your business records for the company or companies in which you act. If you lose the code, retrieval is via the One Login account inbox (if you verified via One Login) or via the ACSP firm (if you used the ACSP route). If both retrieval routes fail, contact Companies House through the published support channel. The code is retrievable from the Companies House record without re-verification.
How the Personal Code Flows Into Your Companies House Filings
The code does not replace the numbered Companies House form architecture. It integrates into it. Where you appear as a director or PSC of a UK company, your personal code becomes a required data-field on the substantive filings.
| Substantive filing | Statutory anchor | When the code is quoted | Who quotes it |
|---|---|---|---|
| CS01 (Confirmation statement) | CA 2006 s.853A | Annually, plus on any change of particulars between filings | Company secretary or accountant filing on behalf of the company |
| AP01 (Director appointment) | CA 2006 s.167 | On every new director appointment from 18 November 2025 | Company secretary or accountant filing the appointment |
| PSC01 to PSC09 (PSC family) | CA 2006 ss.790A to 790ZG plus Sch 1A | On every new PSC notification, change of particulars, or ceasing-to-be-PSC filing from 18 November 2025 | Company secretary or accountant filing the PSC change |
| IN01 (Incorporation) | CA 2006 ss.7 to 12 | On every new UK company incorporation from 18 November 2025 where in-scope founder-directors and first PSCs are natural persons | Incorporation agent, company secretary, or accountant |
Two practical implications. A natural person who is a director of five UK companies plus a PSC of three more verifies once. The same personal code is then quoted on all eight companies' next CS01 confirmation statements plus on any subsequent AP01 or PSC01 filings. The CS01 confirmation statement also carries two parallel ECCTA reforms: the lawful purposes statement (restated annually with each filing) and the registered email confirmation. For the confirmation-statement deep dive, see our CS01 changes from 2024 page.
Want this checked against your specific situation?
Drop your email and a one-line summary. We reply within 24 hours, no phone call needed.
Common Submission Errors and How to Correct Them
The most frequent operational failures readers report at submission fall into six patterns.
- Document-photograph quality failure. Document image too blurry, glare obscuring the data zone, or partial-document upload. Resolution: re-upload with better lighting on a flat surface; use the GOV.UK One Login app on a smartphone (more reliable than web upload because the app reads the biometric chip directly).
- Face-match failure. Liveness check fails (poor lighting, glasses or hat worn, face partially obscured) or the face-photograph does not match the document photograph (typically due to ageing of the document photograph over 10 years). Resolution: re-attempt with better conditions, remove glasses, ensure the live selfie is well-lit; if persistent failure, escalate via One Login support or switch to the ACSP route.
- Security-questions failure. Electoral-register or credit-history cross-check returns no match (typically affects recent movers, readers with minimal credit footprint, or non-UK-resident directors). Resolution: provide alternative cross-check answers if available, or switch to the ACSP route which uses document-based verification rather than database cross-checks.
- Wrong-data entry. You enter the wrong date of birth, the wrong address, or the wrong document number. Resolution: corrections can typically be made within the One Login session before final submission. If you have submitted with wrong data, contact Companies House directly via the published support channel; do not rely on the code if you suspect the underlying data is wrong, because correction may issue a new code or update the existing one.
- Personal code lost. Retrieve via the One Login inbox or via the ACSP firm. If both fail, contact Companies House. You do not re-verify identity to recover the code; the verification record persists.
- Multiple identity claims. A natural person who has previously been registered at Companies House under a former name (marriage, deed poll, transgender transition) must surface former names during verification to ensure cross-linking with the historical director or PSC record. Failure to surface former names can leave historical records orphaned.
Switching Routes, Refusals, and the National Security Exemption
Switching between routes is permitted. The operative requirement is verified-identity status plus a personal code under ECCTA s.68, both of which are route-agnostic. If you abandon the GOV.UK One Login session before completion, the partial data is discarded after a session-timeout period; you can then engage an ACSP fresh. If you engage an ACSP and decide later to use One Login (perhaps the fee was unwelcome or the adviser relationship lapsed), you can start the One Login route fresh. Once verification is complete, the code stays with the natural person regardless of how that verification was delivered.
Refusal scenarios fall into three buckets. Insufficient identity-proofing (retry with better documents, or switch routes). Identity dispute where Companies House or the ACSP cannot match the live verification against the natural-person record reliably (escalate via the Companies House published support channel). Sanctions, politically-exposed-persons (PEPs), or criminal-record screening flag (rare; resolution is through the screening provider's escalation channel where the issue is a name-match coincidence, with separate compliance considerations attaching where the issue is a positive match).
ECCTA s.67 provides a narrow national-security exemption from verification. Practically it is unavailable to ordinary readers and is not a planning option; we flag it for completeness because the section sits within the Identity-verification crossheading of ECCTA Part 1.
Data Protection and Privacy
Companies House is data controller for the verification data under the Data Protection Act 2018 and UK GDPR. The retention period is set by the Companies House published privacy notice. Three operational points anchor the privacy treatment.
- What Companies House holds and for how long. The captured fields above are retained on the natural-person record subject to the Companies House published privacy notice. Verify the current retention period against the Companies House personal information charter at the time you need it.
- What is published and what is not. The s.69 visibility matrix above is the operative answer. Full DOB day, residential address (where it differs from service address), identifying document number, and biometric photograph are not publicly displayed.
- Your rights under UK GDPR and DPA 2018. Subject access requests, rectification rights, restriction-of-processing rights, and a complaint route to the Information Commissioner's Office (ICO) all apply. Practical reality: the statutory basis for processing under ECCTA is solid, which restricts the practical scope of rectification or erasure claims to genuinely incorrect data, not to opting out of the regime itself.
How This Differs From Register of Overseas Entities (RoE) Verification
The ECCTA identity verification regime and the Register of Overseas Entities (RoE) regime are different registers with different submission mechanics. ECCTA identity verification is the companies-side register: UK private companies and LLPs plus their natural-person directors and PSCs. That is what this page covers. The RoE is the separate overseas-entities register for overseas legal entities (BVI, Jersey, Guernsey, Cayman, Delaware LLC, and similar) that own UK property, governed by ECTEA 2022 and operated under a parallel-but-distinct verification mechanic (UK-regulated agent verification, separate annual update obligations, separate consequences for non-compliance).
A natural person who is both a director of a UK company and a beneficial owner of an overseas-entity-owned UK property faces both regimes. For the RoE consequence stack, see our consequences for RoE non-compliance page. For the broader RoE annual update, see our RoE annual update statement page.
Corporate Directors and the Later Commencement Phase
The current regime applies to natural-person directors and PSCs only. The commencement chain hardened through 2025 is: 8 April 2025 voluntary opening, 18 November 2025 legal requirement for newly appointed directors and PSCs, and a twelve-month transition window to approximately November 2026 for existing directors and PSCs in office before 18 November 2025. Corporate directors (where a UK company has another company as its director, restricted but not eliminated under CA 2006 plus ECCTA reforms) and corporate-PSC officers (where a PSC is a corporate entity and the relevant officers of that entity must verify identity) come into scope in a later phase scheduled no earlier than November 2026 per the Companies House campaign page.
Most landlord LtdCo and family investment company structures use natural-person directors and shareholders, so the natural-person regime is what is operationally live. Family Investment Companies with interposed corporate trustees or Jersey, Guernsey, or BVI holding companies above the UK SPV should monitor the second-phase commencement. Verify the current commencement state against the Companies House tracker at the time you action the regime: changestoukcompanylaw.campaign.gov.uk.
What to Do Next: A Six-Step Practical Sequence
The operational steps for a natural person who is in scope and ready to verify:
- Determine scope. Every natural-person director plus every 25-percent-plus PSC of every UK company is in scope. If you are a director or 25-percent shareholder of any UK Ltd, you are in.
- Choose your route. GOV.UK One Login is free, self-service, and fast for tech-comfortable readers with an active One Login account plus a UK passport. The ACSP route is typically £50 to £300 fee, accountant-mediated, and useful for readers without an active One Login account, multi-SPV portfolio holders, and non-UK-resident directors.
- Gather documents. For One Login: smartphone plus UK passport or photo driving licence (or one of the other accepted documents). For ACSP: documents as required by the chosen firm (typically passport plus utility bill plus bank statement).
- Complete verification. One Login takes 5 to 15 minutes typical; ACSP process takes 1 to 5 business days typical (driven by the firm's onboarding cadence).
- Receive and record the code. Record the alphanumeric personal code in your password manager or safe, on your accountant's client file, and in your business records.
- Quote the code on filings. Provide the code to the accountant or company secretary of every UK company you are a director or PSC of, who will quote it on the next required CS01, AP01, PSC01, or IN01 filing.
For the upstream definitional explainer, see our complete guide to identity verification in the UK. For the multi-SPV operational walkthrough across a landlord portfolio, see our ECCTA identity verification for landlord LtdCos page. For the US-resident-director route, see our US-based directors page. For the PSC-specific edge cases including FIC growth-share structures, trust look-through analysis, and joint-shareholder mechanics, see our identity verification for PSCs page. For the scam-vetting question when you receive an email purporting to be from Companies House about verification, see our Companies House emails page.