Every small business knows the frustration: a promising new customer drops off at signup, a payment gets flagged, or the system demands the one document your client doesn’t have.

In heavily regulated industries like insurance, law, or property, identity checks are non-negotiable. Yes, identity verification is a necessary evil but that shouldn’t mean customers should have to put up with such slow, inflexible processes.

ID checks typically rear their head at what should be some of the most exciting points in our lives - buying a house, joining a new company - but poor processes make them anything but. One of the main reasons we’ve reached this impasse is regulatory drag. Systems haven’t been designed to flex, because until recently, they weren’t allowed to.

But as with open banking before it, regulation is starting to catch up for digital identity. The UK’s Data (Use and Access) Act, which passed in June, gives legal force to a digital identity trust framework. This means there’s now space, and clarity, to rebuild verification into something less awful.

Why Today’s Systems Are Broken

Humans can be remarkably bad at verifying identity, but you might imagine that the mechanisms for proving who we say we are might become more straightforward in a digital-first world. Sadly this is rarely the case.

Again and again, we are forced to interact with complex and disjointed systems, flawed verification processes - even technology with in-built human biases. The computer can say ‘no’ for all manner of frustrating reasons, the quality of the document it’s working from, the physical impacts of ageing, even the colour of our skin.

If the technologies seem stacked against us, then so too can our personal circumstances, and this can hit the most vulnerable hardest. It’s incredibly difficult to open a bank account unless you have proof of a permanent residence, for instance. This is not just a barrier to someone engaging with a business, it prevents them moving on with their lives.

Yet despite these major flaws, the systems have gone unchanged due to their inherent rigidity.

What Orchestration Is, and Why It Works But this makes sense because getting verification wrong has serious consequences, SMEs simply cannot afford the risk of a GDPR fine, or losing money unnecessarily to fraud.

At the same time, they equally can’t afford to lose customers to sheer frustration at the user experience. Every time a potential customer fails during the verification process, the greater the chance they won’t try again. Digital retail businesses put a lot of time and effort into countering ‘cart abandonment’ - so surely identity verification deserves the same level of effort?

So, imagine a system that doesn’t default to ‘no’, that is flexible enough to offer different avenues if someone doesn’t have a particular document at hand, or their mobile phone camera doesn’t have a high enough resolution for facial ID. Say a customer doesn’t have a passport, could a combination of other credentials - a bank statement, a student ID, a household bill - be used to piece the identity puzzle together?

The answer of course is yes, and this is called identity orchestration. Rather than following one fixed route, it’s a flexible framework for identity. It connects the various checks you already have at your disposal, document scans, biometrics, third-party data, and finds the best journey for each customer.

Crucially, it also enables smarter fraud defence. Sophisticated orchestration platforms can integrate high-performance biometrics, like IDEMIA’s liveness tools, which discourage fraudsters, while improving verification for the great many people who aren’t white and middle-aged.

This approach results in fewer drop-offs and fewer false negatives, we’ve seen approval rates grow from 70% to 90% when orchestration is used.

Given the advantages offered by identity orchestration, it would be fair to ask why more businesses haven’t rolled it out? The answer mostly likely lies in awareness. Relatively speaking, orchestration is still a novel approach. However, recent regulatory changes mean it’s unlikely to be a best-kept-secret for too much longer.

What the New Law Changes

For years, identity verification has been a grey area. Companies have had to make judgement calls they weren’t equipped for, or outsource trust to providers without really knowing what was happening under the bonnet.

With the passing of the Data (Use and Access) Act, the UK’s digital identity trust framework is now enshrined in law, and is a first step towards a government-approved digital wallet. It gives businesses within regulated sectors, from financial services to legal to gambling, a certified route to get verification right.

From now on, only certified orchestration providers will be authorised to run ID checks in regulated contexts. For SMEs in those categories it means two things - a clear benchmark for trust and reduced liability.

The framework makes the roles clearer: Government regulators are responsible for setting the rules, and certified providers are responsible for making sure those rules are followed. In short, if you use a certified orchestration service, the legal and regulatory burden doesn’t sit with you, it’s the responsibility of the platform owner.

So, this means businesses can focus on delivering services, not verifying documents.

Rethink Trust

Orchestration offers clear benefits to end users too, notably around reducing the potential for ID theft while improving interoperability - only needing to prove their identity once across multiple verification moments, and then being able to reuse that verification across services.

While the framework sets the path for the future, the legal precedent isn’t fully there yet. And that’s why businesses in less regulated sectors need to speak up.

An ‘industry’ isn’t some nebulous concept. It’s the thousands of businesses that rely on these systems like this every day, to onboard clients, hire staff, and stay compliant. The opportunity inherent in orchestration will only reach its full potential when organisations in those sectors not yet covered by the Data Act work with their trade associations to push for better tools, and smarter standards, so if you want these benefits realised, why not reach out to your trade body?

The UK government has created a clear window of opportunity. With its industrial strategy focused on enabling growth through the digital economy, the necessary legislation in place, and the technologies available to support a Smart Data ecosystem, the foundations are ready.

Officials have reached out to industry to work together, and trade associations are well placed to lead. The more closely the public and private sectors collaborate, the sooner all stakeholders will see change, and it’s certainly in everyone’s interest to make digital verification less painful. Well, everyone except the fraudsters.

David Rennie is chief trust officer at Orchestrating Identity.