3 Forms of ID in the UK
Blog

3 Forms of ID in the UK

Last Updated:8 January 2026
20 Min Read
Start using FigsFlow today
  • Professional Proposals
  • Regulatory Compliant LOEs
  • Advanced Pricing Calculator
  • Automation & Integrations
  • Built-in E-Signature
  • AML & ID Verification
Start 30-day Free Trial

Ever had a client insist their gym membership should count as valid ID?

It sounds ridiculous, but it highlights the real problem: most clients don’t understand what forms of ID count as acceptable identification, and the regulations don’t always make it crystal clear either.

Under MLR 2017, you need proper identification before providing services. For most regulated firms, understanding the 3 forms of ID in the UK is the starting point for compliant client identification. The rules seem straightforward until you’re dealing with expired passports, foreign documents, or clients who “don’t have any of those.”

Understanding the 3 forms of ID in the UK is essential for accountants, bookkeepers, and tax advisers carrying out compliant client identification under MLR 2017. Here’s what actually counts as acceptable forms of ID in the UK for your client verification and what to do when clients present something… creative. 

KEY TAKEAWAYS
  • Three acceptable forms of ID: UK/international passports, photocard driving licences (full or provisional), and biometric residence permits or national identity cards
  • Documents must be: current and unexpired, clear and legible, with photos matching the client, and officially issued by recognised authorities
  • Critical checks: Verify expiry dates immediately, confirm passport signatures, reject old paper driving licences without photos
  • All BRPs issued before 31 October 2024 have now expired. Clients need passports instead
  • Never begin work before verifying ID. This violates MLR 2017 and creates regulatory risk
  • Document everything: Record your reasoning whenever accepting alternative ID combinations for lower-risk clients

These 3 forms of ID in the UK form the foundation of compliant customer due diligence for most accounting practices.

What Are the 3 Forms of ID in the UK for Client Verification?

In practice, confusion around acceptable identification causes unnecessary delays and compliance risk. Knowing the 3 forms of ID in the UK allows accountants and bookkeepers to verify clients quickly, consistently, and in line with HMRC expectations.

For Customer Due Diligence under MLR 2017, three documents form the backbone of identity verification across UK accounting practices. These are: 

  • passports,  
  • photocard driving licences, and  
  • biometric residence permits or national identity cards  

Together, these 3 forms of ID in the UK satisfy the core identity requirements for standard Customer Due Diligence under MLR 2017.

HMRC’s supervision guidance specifically references these documents as meeting the standard for identity verification. When you accept one of these three forms, you’re on solid ground with your AML compliance. They contain sufficient information to confirm your client’s name, date of birth, and photograph, which are the minimum requirements for standard Customer Due Diligence. 

3 forms of id in the uk

Passport

A valid passport is one of the 3 forms of ID in the UK most commonly relied upon for customer due diligence. A current UK or international passport represents your safest option for client identification. Every passport contains: 

  • standardised information,  
  • security features you can verify, and  
  • a machine-readable zone that helps confirm authenticity 

When examining a client’s passport, check the expiry date first. An expired passport holds zero value for your CDD obligations. Some clients hand over expired passports, assuming they still work because the photograph looks recent. They don’t. Your CDD must use current, valid documentation. If the passport expired yesterday, you need to see the renewed version before proceeding. 

The signature page catches many clients off guard. The passport must be signed on the observations page. An unsigned passport fails your identity checks even when everything else appears perfect. When you receive passport copies from clients, verify that the signature is present. This simple detail derails more onboarding processes than you’d expect. 

International passports work identically to UK passports for your purposes. A valid French, Indian, American, or Nigerian passport meets your MLR 2017 obligations just as well as a British one. The key is validity and legibility. 

Practical Consideration

When clients email passport copies, request colour scans rather than black-and-white. Many passport security features only appear in colour, and you may need to verify these features if anything seems questionable.

Photocard Driving Licence

Photocard driving licences remain one of the 3 forms of ID in the UK accepted across low and medium-risk engagements. The photocard driving licence serves as your most common form of ID document. Clients carry them daily, they’re easy to copy, and they contain both identity and address information in one document. 

Both full and provisional photocard licences meet your CDD obligations. The provisional version works perfectly for identity verification. Some practices mistakenly reject provisional licences. Don’t. They satisfy your regulatory requirements identically to full licences. 

  • The critical word is photocard. Old-style paper driving licences without photographs do not meet modern CDD standards. When clients present paper licences, explain that these no longer satisfy your verification obligations and request alternative ID. Paper licences lack the photograph and security features you need. 
     
  • Check the expiry date every time. Photocard licences expire every ten years and require renewal. An expired licence provides zero compliance value, regardless of how recently it expired. When you spot an expired licence during onboarding, flag it immediately rather than completing intake only to discover the issue later. 

Driving licences show the client’s current address. This means one document can potentially satisfy both identity and address verification. However, apply this carefully based on your risk assessment. Higher-risk engagements typically require separate address verification through utility bills or bank statements. 

Biometric Residence Permit or National Identity Card

For clients who are not UK nationals, biometric residence permits and national identity cards from EU, EEA, and Swiss countries serve as their primary identification documents. For non-UK nationals, biometric residence permits and national identity cards complete the 3 forms of ID in the UK accepted for CDD.

National identity cards from European countries work identically to UK passports for your CDD purposes. These government-issued photographic IDs contain all the information you need:  

  • full name,  
  • date of birth,  
  • photograph, and  
  • Typically, an address  

They satisfy your MLR 2017 obligations completely. 

Post-Brexit, EU national identity cards remain acceptable for UK identification purposes. A valid German, French, or Polish national identity card still meets your verification requirements. Some practitioners mistakenly think these cards lost validity after Brexit for UK compliance purposes. They didn’t. 

Biometric residence permits require careful attention. All BRPs issued on or before 31 October 2024 have now expired and been replaced by eVisas. When clients present expired BRPs, these no longer serve as valid identification for your CDD obligations. The physical card holds zero compliance value after expiry. 

Clients with expired BRPs must provide alternative documentation. Request their passport instead. The eVisa confirms their right to live and work in the UK, but doesn’t replace the need for physical photographic ID for your CDD process. 

BRPs issued after 31 October 2024 remain valid until their stated expiry dates. Check the card’s expiry date rather than assuming all BRPs are now invalid. 

Other Acceptable Forms of ID

Beyond the three primary forms of ID, several secondary documents gain limited acceptance in specific circumstances. Understanding when these work and when they don’t prevents compliance gaps.

PASS Cards (CitizenCard)

Proof of Age Standards Scheme cards carry photographs and basic identity information. These work for low-risk scenarios but rarely satisfy AML obligations for accounting services. Most practices appropriately reject PASS cards for CDD because they lack the government authority and verification rigour of primary documents. Reserve these for extremely limited situations where you’ve assessed the engagement as genuinely low-risk and your internal policies permit alternative ID. 

Birth Certificates & Adoption Certificates

These documents prove name and date of birth but contain no photographs. They work as supporting documentation alongside other IDs rather than standalone verification. When clients cannot provide primary photographic ID, a birth certificate combined with a recent utility bill showing their name might satisfy your obligations for lower-risk engagements. Document your reasoning carefully in these cases. 

DWP Benefit Books & Letters

Department for Work and Pensions documents show names and National Insurance numbers. These serve as supporting evidence but rarely work as primary identification for accounting services. Your AML obligations typically require photographic ID regardless of what other documentation clients can provide. 

Unusual Situations

For clients in exceptional circumstances, such as homeless individuals or those recently arrived in the UK, you may need to exercise professional judgment about alternative identification combinations. Document your risk assessment thoroughly and consider whether Enhanced Due Diligence applies. HMRC expects reasonable efforts to verify identity, not perfect documentation in every scenario. 
HMRC guidance on customer due diligence.

The practical reality for most accounting practices is straightforward: stick to the three primary forms of ID whenever possible. Accept alternatives only after careful risk assessment and clear documentation of why the primary ID isn’t available. 

Ensure your AML verification process is seamless and compliant with FigsFlow.

Requirements for Valid ID Documents

Your CDD records must demonstrate you’ve seen valid identification. Four core requirements determine validity and protect you from compliance issues. 

Current & Unexpired

Proof of Age Standards Scheme cards carry photographs and basic identity information. These work for low-risk scenarios but rarely satisfy AML obligations for accounting services. Most practices appropriately reject PASS cards for CDD because they lack the government authority and verification rigour of primary documents. Reserve these for extremely limited situations where you’ve assessed the engagement as genuinely low-risk and your internal policies permit alternative ID.

Clear & Legible

The ID must be clear enough that you can read all details and verify that the photograph matches the client. Heavily worn documents, faded photographs, or damaged lamination create problems because you cannot adequately confirm authenticity. When clients email scanned copies, poor scan quality creates identical issues. Request higher-resolution scans or photographs when the initial images are too dark, too light, or too blurry to read clearly. Your compliance records should show ID details clearly enough that a supervisor or HMRC inspector could review them years later and confirm adequate verification occurred.

Photo Matches the Person

The person presenting the ID must reasonably resemble their photograph. Reasonable changes from ageing, hair colour changes, or weight fluctuations are acceptable. Dramatic differences that make photo matching impossible indicate either that the ID belongs to someone else or that the ID is too old to provide adequate current identification. When meeting clients remotely, photo matching becomes harder. Video calls help, but don’t replace in-person verification for higher-risk engagements. Consider your risk assessment carefully when conducting remote CDD and document your verification process thoroughly.

Officially Issued by Recognised Authorities

Passports from national governments, driving licences from the DVLA, BRPs from the Home Office, and national identity cards from EU governments all qualify. Documents must originate from legitimate issuing authorities, not be homemade or issued by organisations without legal standing. This requirement eliminates international driving permits, workplace ID badges, and various photo ID cards that lack official government backing.

When clients present unusual forms of ID, verify the issuing authority before accepting them for CDD purposes. Build extra time into your client intake process to accommodate these verification requirements.

Common Situations Requiring ID Verification

Understanding when you must verify client identity helps you build compliant intake processes. Several scenarios trigger your CDD obligations under MLR 2017. In all of these scenarios, firms should prioritise the 3 forms of ID in the UK before considering alternative document combinations.

New Client Onboarding

Before providing any regulated services, you must verify the client’s identity. This applies whether they’re engaging you for tax returns, bookkeeping, payroll, or advisory work. The service type doesn’t change the identity verification requirement. Timing matters. You must verify identity before establishing the business relationship. Practically, this means obtaining and verifying ID before sending your engagement letter or beginning any substantive work. Build your intake process around verification-first principles: client fills out the intake form, client provides ID documents, you verify and record ID details, then you proceed with engagement letters and service delivery. Never reverse this order.

Existing Client Reviews

When clients haven’t engaged your services for several years and return, many practices sensibly reverify identity as part of reactivation. MLR 2017 doesn’t explicitly require this for returning clients, but your internal policies might mandate periodic reverification based on risk. More importantly, monitor for changes that suggest identity fraud risk. When existing clients suddenly change their address, bank details, or contact information significantly, consider re-verifying identity even mid-engagement. This protects both you and the genuine client from fraud.

Enhanced Due Diligence Situations

When clients present higher money laundering risk, such as politically exposed persons, clients from high-risk jurisdictions, or unusually complex ownership structures, verify their ID more carefully. Consider requesting multiple forms of ID rather than accepting a single document. Document your enhanced verification steps thoroughly.

Right to Work Checks

These run parallel to but separate from your AML obligations. When hiring staff or engaging contractors, you must verify their right to work in the UK under separate legislation. This requires specific document combinations, often including passports or BRPs plus proof of National Insurance number. Don’t confuse these requirements with your CDD obligations for clients.

Suspicious Activity Reports

When filing SARs with the National Crime Agency, you may need to reverify client identity. If your suspicions relate to potential identity fraud, confirming you have adequate ID verification on file becomes critical before filing. 

Some practices try to streamline onboarding by starting preliminary work before CDD completes. This violates MLR 2017 and puts you at regulatory risk. Never proceed with substantive work until identity verification is complete.

When Secondary ID Combinations Work

MLR 2017 permits alternative approaches to identity verification for lower-risk engagements. Understanding when you can accept document combinations instead of primary ID prevents unnecessarily rigid processes.

Low-Risk Client Document Combinations

The regulations require adequate evidence of identity but don’t mandate specific documents. For genuinely low-risk clients, combinations like a birth certificate plus a recent utility bill might satisfy your obligations. However, exercise this flexibility cautiously. What feels low-risk initially can expose you to compliance issues if your judgment proves wrong. Document your risk assessment whenever you accept alternative ID combinations. Record why you assessed the client as low-risk, which documents you accepted instead of the primary ID, and why you believe these documents adequately verify identity.

Proof of Address Requirements

Most engagements require you to verify both identity and address. A passport proves identity but says nothing about where the client lives. Utility bills, bank statements, council tax bills, and mortgage statements dated within three months prove the address. The specific address documents you accept should reflect your risk assessment. Higher-risk clients might require multiple address proofs from different sources. Lower-risk clients might satisfy requirements with a single recent utility bill.

Strategic Document Combinations

Combining documents strategically can streamline your process while maintaining compliance. A photocard driving licence showing the current address satisfies both identity and address verification for lower-risk clients. A passport plus bank statement dated within three months satisfies both requirements with clear separation between identity and address evidence.

Unusual Client Circumstances

Students living in university accommodation, clients without utility bills in their name, or recently arrived immigrants might lack standard address proof. Consider accepting tenancy agreements, letters from educational institutions, or HMRC correspondence showing their address alongside primary photographic ID. Document why you’re using alternative approaches and why these alternatives adequately satisfy your obligations.

Here's the Key Principle

If your client is right at the borderline, double check how they have classified their income across different sources. Misclassification of dividends or PAYE income as business income could wrongly push them over the threshold.  

What Makes ID Invalid for Compliance Purposes

Knowing why documents fail verification prevents you from accepting inadequate ID that exposes your practice to regulatory risk. Several common issues invalidate otherwise legitimate documents.

Expired Documents

Expiry dates eliminate all compliance value immediately. An expired passport or driving licence cannot satisfy your CDD obligations, regardless of how recently it expired. Some practitioners think documents that have expired within a few months still provide adequate verification. They don’t. Expired means invalid for regulatory purposes. Build verification of ID expiry dates into your initial intake questionnaire. Ask clients to confirm their ID expiry dates before scheduling onboarding meetings. This prevents wasted appointments when clients arrive with expired documents.

Physical Damage

Torn pages, water damage, faded photographs, or illegible text prevent you from adequately confirming identity. When clients present damaged ID, you’re within your rights and obligations to request replacement documents before proceeding. Explain that a damaged ID doesn’t meet regulatory standards for accounting services. You’re not being difficult; you’re protecting both parties from compliance issues.

Missing Signatures

Passports must be signed on the observations page. Some clients forget to sign new passports immediately upon receipt. Others leave them unsigned, thinking the signature requirement doesn’t matter. When you receive unsigned passport copies, request signed versions before proceeding.

Photographs That Don't Match

When you cannot reasonably match the client to their photograph, you cannot adequately verify identity. Reasonable changes from ageing, hair colour changes, or weight fluctuations are acceptable. Request updated ID when documents show clients as significantly younger or with dramatically different appearances. Remote verification complicates photo matching. Video calls help, but introduce uncertainty compared to in-person verification. Consider whether your risk assessment supports remote verification or whether higher-risk engagements require in-person ID checks.

Photocopies Versus Originals

MLR 2017 requires you to verify identity, but doesn’t explicitly mandate seeing original documents. However, seeing originals provides stronger verification and better protects you from accusations of inadequate CDD. Many practices operate a see-originals-once policy: verify original documents at initial onboarding in person or via video call, retain clear copies for your records, then rely on your original verification for subsequent matters unless circumstances suggest reverification is warranted.

Valid vs Invalid for Uk Client Verification

When clients insist on email-only document provision, assess whether this approach satisfies your risk-based obligations. Lower-risk clients might support copies-only verification. Higher-risk clients should trigger requirements to see originals. Certified copies from solicitors or notaries bridge the gap between originals and simple photocopies. Consider accepting certified copies for moderate-risk clients where seeing originals proves genuinely difficult.

Special Documentation for International Clients

Clients with complex international situations require careful navigation of identification requirements. Your obligations don’t change, but the documentation landscape becomes more nuanced.

Foreign Passports & National Identity Cards

Clients living abroad but engaging UK accounting services may possess identification from their current residence country rather than UK documents. Foreign passports work perfectly for your identity verification. National identity cards from their country may also satisfy requirements depending on the issuing country’s standards. The key question is whether you can adequately verify the document’s authenticity. Passports from any country include security features you can cross-reference online through resources like PRADO, which shows genuine document images from most countries. Unusual identity documents from countries with limited information available require extra caution and potentially enhanced verification steps.

Enhanced Due Diligence for International Business

For clients conducting international business or holding assets abroad, Enhanced Due Diligence often applies. This triggers requirements for source of wealth and source of funds verification beyond basic identity checks. Document your enhanced verification approach thoroughly, including why you assessed the client as higher-risk and what additional steps you took.

Notarised & Certified Copies

Notarised ID copies serve specific purposes when clients need certified identification for overseas use. When clients provide notary-certified copies instead of simple photocopies, these offer stronger evidence for your CDD files. Consider whether your risk assessment supports accepting notarised copies without seeing originals, particularly for clients in distant locations. Apostille certification through the Foreign, Commonwealth & Development Office adds another layer of authentication for documents used internationally. For clients in non-Hague Convention countries like the UAE, Saudi Arabia, and Nigeria, consular legalisation provides final authentication.

Translation Requirements

You cannot adequately verify identity from documents you cannot read. Request certified translations alongside original foreign-language documents. The translator should be appropriately qualified and provide a signed statement confirming accuracy. Some practices maintain relationships with translation services for this purpose. Others require clients to obtain certified translations independently before verification proceeds.

Either translation approach works, provided you end up with clear English translations of all relevant identity information alongside the original foreign-language documents. Understanding international document authentication processes helps you assist clients comprehensively while maintaining compliance with your CDD obligations.

Additional Resources 

Conclusion

The 3 forms of ID in the UK that consistently meet MLR 2017 requirements are passports, photocard driving licences, and biometric residence permits or national identity cards These government-issued photographic documents satisfy your MLR 2017 requirements across virtually all client risk categories. 

Your verification process is straightforward: accept current, undamaged documents with clear photographs matching your clients. Check expiry dates immediately, verify passport signatures, and confirm driving licences show photocard versions. Document your verification process thoroughly in every client file. 

When clients present alternative identification, assess risk carefully and document why these alternatives provide adequate verification. Build verification-first processes that prevent you from beginning work before completing CDD. The 3 forms of ID in the UK you can rely on for compliant client verification are passports, photocard driving licences, and biometric residence permits or national identity cards.

Proper client identification protects your practice from regulatory penalties, reduces fraud risk, and demonstrates professionalism that clients respect. 

Frequently Asked Questions (FAQs) 

Can I accept a provisional driving licence for identity verification?

Yes, absolutely. Both full and provisional photocard driving licences meet your Customer Due Diligence obligations under MLR 2017. The provisional status doesn’t affect validity – it contains the same identity information and security features as a full licence. The only requirement is that it’s a photocard format and hasn’t expired.

What if my client's passport expired last week, but they're waiting for renewal?

An expired passport holds zero compliance value regardless of how recently it expired. You cannot proceed with onboarding until your client provides a current, valid ID. Ask them to provide their renewed passport or an alternative current ID like a photocard driving licence. Never start delivering regulated services before completing proper CDD.

Are old paper driving licences without photos still acceptable?

No. Paper driving licences without photographs don’t meet modern CDD standards under MLR 2017. They lack the photograph and security features you need for adequate identity verification. When clients present paper licences, request alternative ID such as their passport or suggest they renew to obtain the photocard version.

Can I accept foreign passports and national identity cards?

Yes, foreign passports and national identity cards from EU, EEA, and Swiss countries work identically to UK documents for CDD purposes. Any valid international passport meets your MLR 2017 obligations. For documents in foreign languages, request certified translations alongside the originals.

Can I begin preliminary work while waiting for ID documents from my client?

No. You must verify identity before establishing a business relationship or providing any regulated services. Build your intake process around verification-first: client completes intake, provides ID, you verify and record details, then proceed with engagement letters and service delivery. Starting work before completing CDD violates MLR 2017.

Do EU national identity cards still work for UK compliance after Brexit?

Yes. Post-Brexit, EU national identity cards remain perfectly acceptable for UK identification purposes under MLR 2017. A valid German, French, Polish, or any other EU member state national identity card still meets your verification requirements and serves identical purposes to UK passports for CDD obligations.

My client's Biometric Residence Permit shows an expiry date before November 2024. Can I still accept it?

No. If the BRP shows an expiry date before November 2024, it’s already expired and cannot be accepted for CDD purposes. Most BRPs were set to expire on 31 December 2024, and all such BRPs are now expired. BRPs with expiry dates after 31 December 2024 remain valid until their stated expiry dates – check the card’s expiry date carefully. When clients present expired BRPs, request their passport instead. The eVisa confirms their right to live and work in the UK but doesn’t replace the need for physical photographic ID for your CDD process.

Don’t forget to share this post!

The Future of Proposals, Pricing & Engagement is Here!
Sign Up
Book a Demo
figsflow demo & trial

Related Articles

3 Forms of ID in the UK

Max20 Min Read
Ever had a client insist their gym membership should count as valid ID? It sounds ridiculous, but it highlights the real problem: […]
Read More
Log In
Book a Demo
Start 30-day free trial