Compliance by industry

Built for your
industry

Proveium maps to the regulations that matter for your sector. Pick your industry to see which standards apply and how our architecture meets them — without storing your customers' data.

View full regulation index

Financial Services

Faster KYC with verified identity data

Banks, lenders, insurers, and payment providers must verify customer identity and meet SCA requirements. Proveium provides the verified identity data your KYC process needs — without storing customer PII on our servers. Your team makes the CDD decision; we provide the cryptographic evidence.

What Proveium enables

  • Account opening — verified identity claim bundles
  • Enhanced due diligence for high-risk customers
  • Strong customer authentication (SCA) for PSD2
  • AML compliance without central data stores

Relevant regulations

MLR 2017 (UK KYC/AML)PSD2 (SCA)FCA Consumer DutyAMLD6EU DORAGLBASOXFATF Recommendations 10–12
See full regulation detail

Healthcare

Staff credentialing, patient identity, and NHS compliance

NHS trusts, private clinics, and health tech platforms need to verify staff credentials, patient identity, and handle sensitive health claims under strict data minimisation rules. Proveium keeps health data on-device.

What Proveium enables

  • Clinician credential verification (NMC, GMC registration)
  • Fit-and-proper-person checks under HSCA
  • NHS DSPT-aligned staff onboarding (DSPT certification pending)
  • Patient identity without centralising health data

Relevant regulations

NHS DSPTHSCA 2008 (Regulation 19)Caldicott PrinciplesUK GDPR / DPA 2018HIPAA
See full regulation detail

Age-Restricted Platforms

Privacy-preserving age verification for online and in-person

Online platforms, retailers, and venues subject to age-gating requirements can verify age using zero-knowledge proofs — users prove they are over 18 without revealing their date of birth or any personal data.

What Proveium enables

  • Online Safety Act compliance for adult content platforms
  • Gambling Commission age verification
  • Challenge 25 for retail and hospitality
  • Age-gated API endpoints with audit receipts

Relevant regulations

Online Safety Act 2023Gambling Act 2005Licensing Act 2003COPPAEU Digital Services Act
See full regulation detail

HR & Recruitment

Right-to-work, safeguarding, and employment checks

Employers, recruiters, and organisations working with vulnerable people need identity verification for right-to-work checks, safeguarding compliance, and employment credentialing.

What Proveium enables

  • Right-to-work verification (Home Office IDVT certification in progress)
  • Right-to-rent identity checks (IDVT certification in progress)
  • DBS check facilitation — coming soon
  • KCSiE safeguarding checks for education providers

Relevant regulations

Immigration Act 2014 / 2016 (RTW)KCSiE 2024 (Safeguarding in Education)SVGA 2006 (DBS / barred lists)UK GDPR
See full regulation detail

Technology & SaaS

Enterprise identity without centralising user data

SaaS products and digital platforms adding identity verification can use Proveium's API to meet security and compliance requirements — ISO 27001, SOC 2, GDPR — without building a data store that becomes a liability.

What Proveium enables

  • Identity verification at account creation
  • Step-up authentication for sensitive actions
  • B2B identity for enterprise customer onboarding
  • Compliance evidence for ISO 27001 and SOC 2 audits

Relevant regulations

ISO/IEC 27001:2022 (pending)ISO/IEC 27701:2019 (pending)SOC 2 Type II (readiness in progress)Cyber Essentials Plus (pending)NIST CSF 2.0UK GDPR / EU GDPR
See full regulation detail

Digital Identity & Government

Trust framework-aligned portable digital credentials

Identity providers, government services, and relying parties can use Proveium's DIATF-aligned, W3C VC-compatible platform to issue and verify portable digital credentials across trust frameworks.

What Proveium enables

  • DIATF-aligned identity proofing and verification
  • eIDAS 2.0 / EUDI Wallet compatible credentials
  • W3C Verifiable Credentials issuance and verification
  • Cross-border identity for international deployments

Relevant regulations

UK DIATF (GPG 45)eIDAS 2.0 / EUDI Wallet ARFW3C Verifiable Credentials 2.0W3C DIDs (did:web)NIST SP 800-63-4ISO/IEC 18013-5 (mDL)
See full regulation detail

One architecture.
Every jurisdiction.

Because Proveium never stores personal data on its servers, adding a new jurisdiction means encoding its rules — not building new infrastructure. The same on-device, zero-knowledge design that satisfies UK GDPR also satisfies HIPAA, CCPA, LGPD, and PDPA without separate implementations.