What Is Business Identity Verification?
Business identity verification is the process of confirming that a business entity is real, legally registered, and accurately represented — using authoritative sources such as national government registries, cryptographic proofs, and machine-readable identity records.
Definition
Business identity verification is the systematic process of confirming that a business entity is what it claims to be — that it is legally registered with a government authority, that its stated name, address, and registration number are accurate, and that the entity behind a website, email address, or digital profile corresponds to a real, operating business. Unlike personal identity verification, which confirms an individual's identity against a passport or national ID, business identity verification must navigate a more complex landscape: businesses exist across multiple jurisdictions, operate under trading names that differ from their registered names, and may be structured as sole traders, partnerships, limited companies, or corporations — each with different verification requirements.
The concept is not new. Credit agencies such as Dun & Bradstreet have been assigning reference numbers to businesses since 1963, building databases of business identity records that feed into credit markets, government procurement systems, and supply chain due diligence. But the infrastructure those agencies built was designed for a world where verification happened through phone calls, physical address confirmation, and credit history. That world still exists — but a new verification requirement has emerged alongside it: the ability to confirm business identity to AI systems.
AI language models, answer engines, and knowledge graph systems do not query credit bureaus before citing a business. They read structured data on the web. They parse JSON-LD in the head of web pages. They crawl llms.txt files. They index machine-readable endpoints. Business identity verification for the AI era requires a fundamentally different infrastructure — one that puts the verification signal where AI systems actually look, in the format they actually read, anchored to the authoritative sources they can cross-reference.
How business identity verification works
Business identity verification follows a chain of authority. The most authoritative source for any business's legal existence is the government registry in the jurisdiction where it was incorporated. In the United Kingdom, that is Companies House. In South Africa, it is the Companies and Intellectual Property Commission (CIPC). In the United States, it is the Secretary of State's office in the state of incorporation. In Nigeria, it is the Corporate Affairs Commission (CAC). These registries hold the ground truth: the legal name, registration number, registered address, directors, and date of incorporation for every legally registered entity in their jurisdiction.
A robust business identity verification process begins with a registry lookup. The business provides its registration number and jurisdiction. The verification system queries the relevant national registry — either through a direct API connection or through a structured lookup — and confirms that the registration number exists, that the legal name matches, and that the business is in good standing. This registry confirmation is the foundation. Everything built on top of it inherits its authority.
The second layer is domain verification. A business's website is its primary digital identity anchor. Confirming that the entity claiming a domain actually controls it — through DNS TXT record verification or meta tag injection — establishes the link between the legal entity and its digital presence. This step is critical because it prevents a different business from claiming another entity's identity.
The third layer is cryptographic sealing. Once the registry data and domain ownership are confirmed, the verified identity record is serialised into a canonical document — a structured JSON object containing the legal name, registration number, jurisdiction, registry body, verification timestamp, and domain — and hashed using SHA-256. The resulting hash is a mathematical fingerprint of the verified identity at that moment. Any subsequent change to the underlying data produces a completely different hash, making tampering immediately detectable. This hash becomes the passport identifier: a permanent, immutable reference that any system can use to verify the record's integrity.
The fourth layer is publication. The verified identity record is published at a stable, machine-readable URL — typically at a path such as /v/{hash}/ — in JSON-LD format, with an Organisation schema type containing all verified properties. This publication is what makes the verification useful to AI systems: it puts the verified identity signal at a URL that crawlers can find, in a format they can parse, with the authority of a national registry behind it.
Consider a worked example. A solicitor's firm in London registers with aiverified.io. The system queries Companies House for their company number, confirms the legal name matches, verifies their domain through a DNS TXT record, serialises the confirmed identity into a canonical document, hashes it with SHA-256, and publishes the result at https://aiverified.io/v/{hash}/. The firm's website injects a badge.js script that adds the verified Organisation JSON-LD to every page. When Perplexity crawls the firm's website, it finds a cryptographically verified identity record anchored to Companies House. When a user asks Perplexity "which solicitors in London handle commercial property?" — the verified firm has a measurably stronger identity signal than an unverified competitor.
Why business identity verification matters
The stakes of business identity verification have increased dramatically with the rise of AI systems as primary information intermediaries. When a user asks ChatGPT, Perplexity, or Google's AI Overview to recommend a service provider, find a product supplier, or verify a business's credentials, the AI system is making a citation decision based on the identity signals it can find. Businesses with strong, verified identity signals get cited. Businesses with weak or absent identity signals get ignored — or worse, get replaced by hallucinated alternatives.
The problem is not limited to AI recommendations. Financial institutions conducting Know Your Business (KYB) checks require verified business identity before extending credit, processing payments, or onboarding enterprise clients. Marketplaces such as Amazon, Etsy, and Faire require seller identity verification before allowing merchants to list products. Enterprise procurement teams require supplier identity verification before adding vendors to approved supplier lists. In each of these contexts, the absence of a verified business identity creates friction, delay, and lost opportunity.
| Without verification | With verification |
|---|---|
| AI systems cannot confirm the business is real; citation risk is high | AI systems find a cryptographic proof anchored to a national registry; citation confidence is high |
| KYB checks require manual document submission and weeks of processing | KYB checks can query the verified record programmatically; onboarding accelerates |
| Marketplace seller identity is unverified; fraud risk is elevated | Marketplace seller identity is anchored to a government registry; fraud risk is reduced |
| Enterprise procurement teams cannot verify supplier legitimacy quickly | Enterprise buyers query the API endpoint and receive a verified response in milliseconds |
| Brand hallucination risk: AI systems may invent details about the business | Verified record constrains AI outputs; hallucination risk is reduced |
AI Verified handles this automatically. Every verified passport includes cryptographic business identity verification anchored to your national registry — no developer, no technical knowledge required. Get your free passport →
Why most businesses don't have verified identity
The first barrier is the registry gap. National business registries hold authoritative data, but they do not publish that data in a format AI systems can read directly. Companies House publishes a public API, but the data it returns is not structured as JSON-LD with Schema.org types. The CIPC in South Africa does not have a public API at all — verification requires a manual lookup. The gap between "the data exists" and "the data is published in machine-readable format" is where most businesses fall short. Bridging that gap requires either technical infrastructure that most businesses do not have, or a verification service that builds the bridge on their behalf.
The second barrier is the cryptographic knowledge gap. SHA-256 hashing, canonical JSON serialisation, and JSON-LD graph construction are concepts that most business owners — and most web developers — have never encountered. Even businesses that understand the value of structured data often implement it incorrectly: wrong property names, missing required fields, inconsistent identifier formats. A verification record that is technically present but incorrectly implemented provides no more signal to an AI system than no record at all. The implementation precision required for effective business identity verification is beyond the practical reach of most businesses without specialist assistance.
The third barrier is the publication and maintenance gap. A verified identity record is only useful if it is published at a stable, crawlable URL and kept current. A business that changes its registered address, updates its trading name, or renews its registration must update its verified record to maintain accuracy. Most businesses have no mechanism for this — no system that monitors registry changes, no process for re-verifying and re-publishing updated records, no alert when a verification record approaches expiry. The result is that even businesses that achieve initial verification often fall out of date within months.
How aiverified.io provides business identity verification
aiverified.io provides end-to-end business identity verification through a five-step process that bridges the registry gap, eliminates the cryptographic knowledge gap, and automates the publication and maintenance process.
Step one is registry confirmation. The business submits its registration number and jurisdiction. aiverified.io queries the relevant national registry — currently supporting 70+ countries including Companies House (UK), CIPC (South Africa), CAC (Nigeria), ASIC (Australia), MCA (India), and the Secretary of State databases across US states — and confirms the legal name, registration status, and registered address. This confirmation is logged with a timestamp and stored as the verification anchor.
Step two is domain verification. The business verifies ownership of its primary domain through a DNS TXT record or meta tag. This step establishes the link between the legal entity and its digital presence. The verification system polls for the record and confirms ownership before proceeding.
Step three is cryptographic sealing. The confirmed registry data and domain ownership are serialised into a canonical JSON document following a deterministic field ordering. This document is hashed using SHA-256, producing a 64-character hexadecimal fingerprint. The hash is stored as the passport identifier — a permanent, immutable reference.
Step four is publication. The verified identity record is published at https://aiverified.io/v/{hash}/ as a server-side rendered page containing a complete JSON-LD graph in the <head> tag. The graph includes an Organisation type with 12 populated properties: legalName, name, identifier (the SHA-256 hash), url, address, foundingDate, hasCredential, sameAs (linking to the registry record), description, areaServed, contactPoint, and knowsAbout. This page is also accessible as raw JSON-LD at /v/{hash}.json and as a machine-readable summary at /v/{hash}/llms.txt.
Step five is website injection. The business adds a single badge.js script tag to their website. This script injects the verified Organisation JSON-LD into every page of the site, ensuring that any AI crawler that visits any page finds the verified identity signal. The badge also renders a visual verification badge that visitors can see, creating a trust signal for human users alongside the machine-readable signal for AI systems.
Verification is valid for 12 months. aiverified.io sends renewal reminders at 90, 30, and 7 days before expiry. Renewal re-queries the national registry to confirm the business remains in good standing, re-seals the updated record with a new SHA-256 hash, and updates the publication. The previous hash remains valid and resolvable — the audit trail is permanent.
Frequently asked questions
What is the difference between business identity verification and KYC?
Know Your Customer (KYC) is a regulatory process used by financial institutions to verify the identity of individual customers before providing financial services. Business identity verification — also called Know Your Business (KYB) — is the equivalent process for legal entities rather than individuals. KYB confirms that a business is legally registered, that its stated details are accurate, and that it is not on sanctions lists or associated with financial crime. aiverified.io provides the foundational business identity record that KYB processes can query, reducing the manual document burden on businesses undergoing KYB checks.
Is a DUNS number the same as business identity verification?
A DUNS number is a nine-digit reference number assigned by Dun & Bradstreet to identify a business in their proprietary database. It is a useful identifier for credit reporting and US government procurement, but it is not a cryptographic proof of identity. A DUNS number is assigned — it does not require the business to prove anything. An AI Verified passport, by contrast, is earned through a verification process anchored to a national government registry and sealed with SHA-256. The two systems serve different purposes and different eras: DUNS for credit markets, AI Verified for AI systems.
How does business identity verification help with AI hallucinations?
AI hallucinations about businesses occur when a language model generates plausible-sounding but inaccurate details — wrong addresses, wrong phone numbers, wrong founding dates, wrong service descriptions. These hallucinations happen because the model has no authoritative source to constrain its output. A verified business identity record provides that authoritative source: the correct legal name, address, registration number, domain, and description are published at a stable URL in a format AI systems can read. When a model has access to a verified record, it has a ground truth to anchor its output against, reducing the probability of hallucinated details.
Which national registries does aiverified.io support?
aiverified.io currently supports verification against 70+ national registries, including Companies House (United Kingdom), CIPC (South Africa), CAC (Nigeria), ASIC (Australia), MCA (India), BRELA (Tanzania), BRS (Kenya), RDB (Rwanda), CIPA (Botswana), and Secretary of State databases across US states. The registry coverage is expanding continuously. Businesses in jurisdictions not yet directly integrated can still achieve verification through document-based confirmation, which is reviewed manually and anchored to the submitted registration certificate.
How long does business identity verification take?
For businesses in jurisdictions with direct registry API integration, verification typically completes in under five minutes. The process involves a registry lookup (seconds), a domain verification check (seconds to minutes, depending on DNS propagation), and the cryptographic sealing and publication steps (seconds). The badge.js injection is immediate once the embed code is added to the website. For businesses requiring manual document review, the process takes one to two business days. The free tier covers the full verification process — no payment is required to achieve Bronze tier verification.
Sources and further reading
- Organization — Schema.org — Schema.org
- Business entity — Wikipedia — Wikipedia
- Companies House — Company Search — UK Government
- Companies and Intellectual Property Commission — South African Government
- Know Your Customer (KYC) — FATF — Financial Action Task Force