Fraudsters are already exploiting the UK’s upcoming corporate transparency reform, sending phishing emails to company directors about supposed identity verification requirements.
Companies House has warned that these messages are fraudulent and urged recipients not to follow any of their instructions. “People claiming to be from Companies House have called companies and asked for details of their company’s directors,” Companies House cautioned on Monday.
“After being advised there’s a ‘discrepancy with the information held on the register,’ the caller asks for information such as full dates of birth for directors.”
New Era for Corporate Transparency
From 18 November 2025, directors and people with significant control over UK companies must verify their identity with Companies House. The change forms part of a wider government plan to improve the integrity of corporate records and reduce fraudulent activity.
The rules will affect an estimated six to seven million individuals. New directors will need to verify their identity on appointment, while existing directors will do so when filing their next confirmation statement.
Significant shareholders will also be required to complete the process according to their registration details. Identity verification will be carried out through the official GOV.UK channels, either online or via the app, with the transition period reportedly running for 12 months.
Early Fraud Risks
Even before the system launches, fraudsters are using it as a hook for phishing attempts. Companies House said: Officials have stressed that only GOV.UK should be used for verification, and directors should remain cautious of unsolicited requests.
Read more: UK Company Directors Must Verify Identity or Risk Losing Role Under New Law Starting November
The identity checks represent one of the most significant overhauls of UK corporate governance in decades. However, with phishing scams already appearing, the reform faces an early test in balancing tighter oversight with protecting directors from new cyber risks.
“Banks invest vast sums into double-checking Companies House data, distracting from their efforts to tackle economic crime,” Jonathan Frost, the Director of Global Advisory for EMEA at BioCatch, recently commented.
“Like banks, the agency should focus on behavioural insights, monitoring device use, behavioural patterns, and anomalies across the lifecycle of a company, to detect suspicious activity without adding friction for genuine users,” he explained.
A YouGov survey in June showed strong backing for the reforms, with 81% of senior business decision-makers supporting mandatory ID checks for directors. Nearly three-quarters (73%) said the process would likely be straightforward for directors and people with significant control, while 60% reported they were already aware of the upcoming legal requirements.
