Safe Harbour or Rough Seas? How Firms May Be Underestimating ID Risk

If you act in residential or commercial conveyancing, the way you identify clients and have them sign deeds is changing around you.

HM Land Registry has quietly put in place a set of practice guides that reward firms which adopt robust digital identity and Qualified Electronic Signatures (QES). At the same time, providers like Veyco have chosen not just to meet those requirements, but to go beyond them by building QES journeys around enhanced biometric and near field communication (NFC) checks and an additional risk engine called Smart Harbour.

For conveyancers, the question is no longer whether this is coming. It is how you position your firm so that you get the benefit of the new “safe harbour” protections, reduce your fraud risk and keep in step with where government digital identity is heading.

What HM Land Registry has changed

Two Land Registry practice guides matter here.

First, Practice Guide 81 sets out a digital identity standard for conveyancers. If you follow that standard when you verify your client’s identity, Land Registry offers a form of safe harbour: it will not pursue you for recourse on the basis that your identity checks were inadequate, even if it later turns out that the client was an impostor.

That standard is built around:

• high quality identity documents such as biometric passports or biometric residence permits
• cryptographic checks on the document chip
• biometric liveness and face matching
• a clear audit trail of the journey

Secondly, Practice Guide 82, together with Notice 2 under rule 54C, explains when and how Land Registry will accept electronic signatures on registrable dispositions, including Qualified Electronic Signatures on transfers, legal charges and other deeds. Land Registry has now confirmed that QES is accepted for certain applications where the documents are prepared and lodged in accordance with those rules.

In other words, you now have:

• a voluntary digital identity safe harbour (Practice Guide 81), and
• a framework for using QES instead of wet ink and a witness for many Land Registry deeds (Practice Guide 82 and Notice 2).

What QES actually means in practice

Under the retained version of the eIDAS Regulation, a Qualified Electronic Signature has the same legal effect as a handwritten signature, provided it is created using a qualified certificate issued by a regulated trust service provider.

For your day to day work this means:

• the signer goes through a strong identity verification process
• a qualified trust service provider issues a digital certificate in that individual’s name
• the certificate is then used to sign the deed in a controlled workflow

The result is an electronic signature that is tightly bound to the signer’s verified identity and to the specific document content. With the right workflow, it can be used in place of a wet ink signature and a witness for many Land Registry applications.

How Veyco has “gold plated” Practice Guide 82 and Notice 2

This is where Veyco’s approach is worth understanding.

On the signature side, Veyco builds its QES process to meet the requirements in Practice Guide 82 and Notice 2. There is a controlling conveyancer, a controlled workflow, and a qualified trust service provider issuing the certificates.

On the identity and risk side, however, Veyco has made a deliberate policy decision to go further than the minimum required by those documents. In its QES and Smart Harbour materials Veyco explains that it requires an enhanced NFC and biometric identity journey for signers, and that this is wrapped in an extra layer of risk analysis branded Smart Harbour.

In outline:

• the client presents a biometric passport or similar chip document to a smartphone
• the NFC reader in the phone reads the chip and verifies its cryptographic signature, confirming the document is genuine and untampered
• the system completes liveness testing and biometric face matching, comparing a live selfie or video to the photograph stored in the chip
• Smart Harbour runs additional digital footprint checks on the connection, device and behaviour, looking for signs of spoofing, location anomalies or other red flags
• only when these steps are passed is the case referred to the qualified trust service provider to issue a certificate

Smart Harbour is therefore an added risk engine that sits above the baseline identity checks. It uses signals from the device, network, document and biometric journey to score risk and to interrupt or escalate suspicious cases before a certificate is ever issued.

That is significantly beyond “we have seen a passport” or even basic electronic know your client checks. It is much closer to the enhanced digital identity standard in Practice Guide 81 than Practice Guide 82 strictly demands.

In regulatory terms, Veyco has decided to gold plate the Land Registry’s QES regime: it complies with Practice Guide 82 and Notice 2, then adds an extra layer of NFC based identity assurance and Smart Harbour behavioural analysis on top.

Biometric identity and Smart Harbour versus traditional checks

From a conveyancer’s risk perspective, the difference between this and traditional identity is stark.

With a biometric NFC and Smart Harbour journey:

• the document chip is cryptographically verified
• the live client is biometrically matched to the chip image
• Smart Harbour contributes an additional behavioural and digital footprint layer, making it harder for a fraudster to pass the process even with a genuine document in their hand
• there is a detailed, machine generated audit trail: chip reads, liveness scores, match results, timestamps, device and network signals, and certificate status, as well as a hash of the signed document content

With traditional non biometric checks:

• you rely on visual inspection of passports or licences, or scanned copies
• sophisticated forgeries, lookalike frauds and social engineering are much harder to detect
• your evidence often boils down to a scanned passport and a file note

Other methods of verifying identity remain valid, and Practice Guide 81 is very clear that you can still use them where appropriate. However, they do not attract the safe harbour protection and they do not give you the same evidential comfort if a fraud emerges.

Why this aligns with government digital identity policy

The Veyco model also lines up neatly with where government policy on digital identity is going.

According to Freedom of Information data from HM Passport Office, there were just over fifty two million valid British passports in circulation at the end of 2023. All new British passports are now biometric passports with an NFC readable chip that contains the holder’s image and personal details.

Separately, the Government’s Digital Identity and Attributes Trust Framework is being developed to standardise what “good” digital identity looks like across the economy: high assurance documents, cryptographic verification, biometrics, and strong auditability.

Any future government backed identity card or digital identity wallet is widely expected to be built on the same rails: NFC readable, biometric credentials that can be checked by certified providers in a way that is consistent with the Trust Framework.

If you are already using QES workflows that assume NFC, biometrics and Smart Harbour style risk analysis as standard, you are effectively running on the same architecture. You will not have to fundamentally change your processes if and when a government digital identity scheme becomes part of the picture.

What this means for your firm in practical terms

For a conveyancing practice, the implications are clear.

First, where your client has a biometric passport or similar document and a suitable smartphone, biometric device based identification should now be your default for QES work and, ideally, for identity checks more generally. You gain both fraud resistance and potential safe harbour protection.

Secondly, if you adopt Veyco’s approach, you can explain to lenders, title insurers and counterparties that:

• you are using a QES workflow that meets HM Land Registry’s Practice Guide 82 and Notice 2 requirements, and
• that workflow is deliberately gold plated with enhanced NFC identity checks and Smart Harbour risk analysis that look very like the Practice Guide 81 digital identity standard.

That is a stronger story to tell than “we saw a passport over the desk”.

Thirdly, you should update your internal policies and procedures to:

• document when you will use biometric NFC journeys and Smart Harbour enabled checks
• map them against Practice Guide 81 and your AML obligations
• define sensible exceptions for clients who cannot reasonably use biometric technology

Some clients will always need a more traditional approach. That is fine, and the guidance allows for it. But for the bulk of mainstream transactions, the combination of biometric identity, Smart Harbour and QES now gives you a safer and more future proof way to identify clients and execute deeds.

The combination of Practice Guide 81, Practice Guide 82, Notice 2 and the spread of biometric passports has quietly moved the goalposts for conveyancers.

Veyco’s decision to gild plate the Land Registry QES requirements with mandatory enhanced NFC identification and the Smart Harbour layer of digital footprint and behavioural security is not simply a technical flourish. It is a conscious move to reduce fraud, strengthen the firm’s evidential position and align with the likely shape of any future government digital identity scheme.

If your firm is experimenting with QES but still relying on basic, non biometric identity checks, now is the time to ask whether that is enough. In a world of increasingly sophisticated property fraud, the safest place to be is where the law is heading: QES on top of strong, biometric identity and Smart Harbour style risk analysis, delivered through a device your client already owns.