The DRCF is inviting views from industry, academia, and civil society on developments, opportunities and challenges associated with two sub-themes that each have a bearing on authentication and trust: digital verification and synthetic media/ deepfakes by 14 August 2026. |
Building on the DRCF AI & Digital Hub pilot, which demonstrated the value of informal, cross regulator collaboration, the Digital Regulation Cooperation Forum (DRCF) launched the Thematic Innovation Hub, and recently concluded its first series on Agentic AI1. The Hub enables regulators to better understand emerging risks and opportunities and to engage earlier with innovators developing complex new technologies.
We are focusing the Hub’s new series on the theme of ‘Authentication and Trust’, exploring how regulators can help innovators achieve public trust in new technologies and systems.
As part of this overarching theme, the DRCF is inviting views from industry, academia, and civil society on developments, opportunities and challenges associated with two sub-themes that each have a bearing on authentication and trust: digital verification and synthetic media/ deepfakes. The DRCF is also inviting views on the key considerations for regulators in helping to ensure good outcomes in each of these areas.
As our aim is to gather information, we are not planning to provide advice or guidance in response to questions that may be raised in this call for input. We may engage further with respondents through webinars and/or roundtables.
You may respond to any or all the questions below or share other insights you believe are relevant. You are welcome to respond on either one of these sub-themes, or on both.
Sub-theme 1 - Digital verification:
For the purposes of this Call for Input (CfI), the term digital verification refers to private sector use cases, and will focus exclusively on the verification of identity attributes, rather than ongoing Government work around Digital ID2. While the policy landscape and regulatory expectations for digital verification are still in development, the DRCF has maintained a watching brief. DRCF intends to engage with the private sector and understand how digital verification intersects with regulators’ statutory functions.
Through this CfI, we are particularly interested in evidence from private sector and industry stakeholders on practical use cases for digital verification, including where these services may support or intersect with open finance and wider smart data frameworks. This could include, for example, customer onboarding and KYC, fraud prevention, consent-based data sharing, and cross-sector services that combine verified identity attributes with customer or transactional data.
When answering the questions below, please include practical examples or case studies that show the opportunities, risks or frictions linked to digital verification as relevant. This will greatly help us inform our future regulatory work.
1. What are the biggest opportunities for digital verification to drive growth for the UK, and to reduce costs and frictions in existing markets as well as through enablement of innovation and new markets?
2. What are the potential challenges with digital verification, and what should be the key considerations for regulators in helping ensure good outcomes?
3. What are the key opportunities and challenges when it comes to digital verification use in open finance and smart data?
4. In a world where AI agents are beginning to make autonomous decisions on behalf of users, such as approving transactions and triggering workflows, the need to verify that agents are authorised to execute actions is essential. Are there key considerations for the use of digital verification for AI and agentic AI?
5. What do you envisage could be the most transformational scenarios or use cases of digital verification, including cross-sector use cases that require cross-sector consent and re-authentication?
6. Which technical standards (e.g. provenance frameworks) are being adopted, and are inconsistencies across markets creating barriers?
7. Do you perceive any frictions between regulatory remits as regards digital verification, and what practical steps could regulators take to provide clearer, joined-up guidance?
Sub-theme 2 - Synthetic media and deepfakes:
For the purposes of this CfI, we are using Ofcom’s definition of synthetic media: “an umbrella term for video, image, text or voice that has been generated in whole or partly by AI algorithms”3. We are also leveraging Ofcom’s definition for deepfakes, which we see as a subset of synthetic media: “forms of audio-visual content that have been generated or manipulated using AI, which misrepresent someone or something”4. This CfI acknowledges previous work done by the DRCF and its members on this topic, including the DRCF’s research on the Future of Synthetic Media and Ofcom’s work on Deepfake Defences (Discussion Paper, Attribution Toolkit).
Synthetic media provides multiple opportunities for innovation across sectors and activities like content production, gaming, and advertising. It has a role to play in personalisation, where the creation of avatars can help deliver tailored educational and upskilling tools, personalised financial advice, and bespoke tools for accessibility support. However, synthetic media comes with a range of risks and harms, including deepfakes. Among other risks5, synthetic media can be used to circumvent authentication systems, spread disinformation, mislead consumers and infringe copyright.
With this CfI, we are keen to hear from interested parties in our regulated sectors, and beyond, on their views on synthetic media and deepfakes. We want to hear about the steps organisations have taken to drive innovation, as well as the steps they have taken to minimise the risks to (i) themselves, (ii) their IP, (iii) their employees, and (iv) citizens and consumers.
Please note that this CfI is not seeking input relating to non-consensual sexual deepfakes, due to concurrent ongoing investigations into this topic.
When answering, please include practical examples or case studies that show the opportunities, risks or frictions linked to synthetic media and deepfakes as relevant. This will greatly help us inform our future regulatory work.
8. What provenance and authenticity tools (e.g. watermarking, metadata, signatures) are currently used, and what evidence exists on their effectiveness in real-world settings? How has this evidence been captured and validated / how have you validated this real-world effectiveness?
9. Which transparency or labelling approaches improve user understanding and trust, and are there unintended consequences (e.g. over-reliance, confusion)?
10. Which technical standards (e.g. provenance frameworks) are being adopted, and are inconsistencies across markets creating barriers?
11. How is responsibility distributed across the synthetic media supply chain (model developers, tool providers, platforms, users), and where are accountability gaps?
12. How are platforms identifying, labelling and moderating synthetic media, and what are the key trade-offs in detection accuracy, scale and user impact?
13. What challenges do organisations face in enforcing safeguards or preventing misuse, and how are threat actors adapting to existing protections?
14. What methods do organisations use to test the efficacy of safeguards in mitigating the risks that synthetic media poses, and what challenges do they face in doing so?
15. What regulatory barriers (legal uncertainty, compliance costs, lack of standards) do organisations face when developing or deploying synthetic media? What should be the key considerations for regulators in helping ensure good outcomes?
16. Where do organisations experience friction or overlap between OSA, UK GDPR, IP and consumer protection rules with regards to this technology, and what practical steps could regulators take to provide clearer, joined-up guidance?
Further topics:
17. Are there further topics under the ‘Authentication and Trust’ theme you would find helpful to engage regulators on, via the Thematic Innovation Hub?
Who Should Respond
We welcome input from:
- Innovators and developers working within the Authentication / Digital Verification / synthetic media / deepfakes related sector
- Organisations deploying authentication related products or services
- Organisations impacted by the development and implementation of synthetic media / deepfakes
- Legal, compliance, and policy professionals
- Academics and researchers
- Civil society and advocacy groups
How to Respond
Please submit your views via drcf@ofcom.org.uk by 11:59pm 14th August 2026. You may respond to any or all the questions above or share other insights you believe are relevant.
Responses will be analysed by the DRCF project team and may inform future thematic work, including webinars, roundtables, and other outputs.
The DRCF is not a standalone legal entity, and, for the avoidance of doubt, information submitted in response to this call for views should be treated as information submitted to each DRCF member regulator (CMA, Ofcom, ICO and FCA). To note, any information members of the DRCF receive as part of this consultation may be subject to a freedom of information request under the Freedom of Information Act 2000. For more information about how we handle personal data please see the DRCF Privacy Policy.
Notes
- For key takeaways from our first series, please refer to our website article Key Takeaways from the DRCF Thematic Innovation Hub first series: Agentic AI
- Currently, the UK has not rolled out a national Digital ID or centralised Digital ID databases. In the meantime, private providers have developed products to support the digital verification of identity attributes, and the Government is supporting that development through a trust framework - the UK Digital ID and Attributes Trust Framework.
- Ofcom’s definition of synthetic media can be found in its Note to Broadcasters publication
- Ofcom’s definition of deepfakes can be found in its Deepfake defences publication
- See the DRCF’s Future of Synthetic Media paper for a deeper exploration of synthetic media risks