DBS vs OSINT?
They answer different questions. A DBS is a statutory criminal-record check. An OSINT check is a digital-identity investigation. Here's when each applies — and when you need both.
BLACKEYES is not a DBS provider.
We do not issue statutory criminal-record checks. For DBS, use a registered umbrella body such as uCheck, Sterling, or Access Group. This guide explains when you need each type of check and how they fit together.
A DBS check is a statutory UK criminal-record check issued by the Disclosure and Barring Service through registered umbrella bodies. It comes in three tiers (Basic, Standard, Enhanced) and is legally required for specific roles — regulated activity with children and vulnerable adults, certain professions under SMCR, SIA-licensed security roles. An OSINT check is a digital investigation using public sources and historical breach data to verify identity consistency, digital footprint, commercial history, and reputational signals. The two are complementary, not alternatives. Most modern screening programmes run both where both apply. Where DBS is legally required, OSINT doesn’t replace it. Where DBS is optional (tenancy vetting, commercial due diligence, executive hiring), OSINT often stands alone as the primary check.
The three DBS tiers
Not all DBS checks are the same. Tier and eligibility depend on the role — and self-application is only available at Basic tier.
Basic DBS
Any role — individual can self-apply
Unspent convictions only, under the Rehabilitation of Offenders Act 1974
Around £21
1-14 days
Standard DBS
Eligible roles only (e.g. solicitors, accountants, certain licensed professions) — employer applies through a registered umbrella body
Spent and unspent convictions, cautions, warnings, reprimands
Around £21
2-14 days
Enhanced DBS
Specified roles under regulated activity (children, vulnerable adults, some healthcare) — employer applies through an umbrella body
Standard DBS plus any relevant police intelligence; for child/vulnerable-adult roles, adds barred-list check
Around £49
2-8 weeks
What each check actually covers
The clearest way to see how DBS and OSINT differ is to list exactly what each one surfaces.
DBS covers
- Criminal convictions and cautions under UK law
- Warnings and reprimands recorded on the Police National Computer
- Barred-list status for child and vulnerable-adult work (Enhanced DBS)
- Relevant police intelligence (Enhanced DBS only, not routinely on Standard)
OSINT covers
- Identity consistency across public digital footprint
- Historical data-breach exposure for the subject’s email
- Social media presence, aliases, and reputational signals
- Companies House directorships and commercial records
- Geographic signals and location history
- Alternate and pseudonymous accounts
- Behavioural signals relevant to specific role risk
- Reputational red flags not captured on criminal records
Very different lists. Criminal-record data is not publicly accessible in the UK, so OSINT will never surface a conviction unless the subject themselves has discussed it publicly. Equally, a DBS won’t show social media, directorships, or breach exposure — that’s not its purpose.
When to use which
The decision framework isn’t either/or. It’s: which is legally required, which adds material signal, and which is a net cost-effective investment for the role.
When DBS is the right choice
- Any role involving children or vulnerable adults (statutory Enhanced DBS)
- Regulated professions with criminal-record disclosure requirements
- Financial-services roles under SMCR where fitness-and-propriety applies
- SIA-licensed security roles (as part of a BS7858 pack)
- Care, healthcare, and education roles
- Any role where criminal-record history is genuinely material to the risk
When OSINT adds the most value
- Executive and senior hires where reputational risk matters
- Remote roles with access to sensitive systems or data
- Customer-facing roles where public identity consistency matters
- Letting and tenancy vetting where fraudulent identities are in scope
- Pre-contract due diligence on partners, counterparties, or investors
- Fraud investigation and SIU work
- Private investigation and legal due diligence
- Any role where a motivated attacker could gather useful intelligence about the candidate
Worked examples
Six common hiring and vetting scenarios, with the screening recommendation for each.
You’re hiring a teaching assistant
Enhanced DBS is legally required (regulated activity involving children). An OSINT check is optional and adds reputational/social-media signals the DBS doesn’t cover. Most safeguarding-minded schools now run both.
You’re hiring a mid-level developer into a fintech
Standard DBS through an umbrella body (if the firm relies on the financial-services eligibility). Credit check for SMCR roles. OSINT check valuable — surfaces alias accounts, directorship conflicts, and identity consistency issues relevant to a regulated firm.
You’re letting a prime London property
DBS is not meaningful for tenancy vetting (you can’t request a DBS for a tenancy purpose unless the tenancy touches regulated activity, which is rare). OSINT check fits the use case — identity verification, prior rental history, digital-footprint consistency.
You’re opening an insurance-fraud investigation on a claimant
DBS is not applicable (no consenting employment relationship). OSINT is the primary tool — historical breaches, social media contradictions, alternate identities, commercial interests.
You’re vetting a care-home worker
Enhanced DBS with barred-list check is legally required. An OSINT layer is increasingly standard for safeguarding-sensitive roles — picks up digital red flags the DBS doesn’t cover.
You’re hiring a C-suite executive
Basic DBS (or Standard if eligible via a regulated firm). Senior appointments are where reputational and commercial signals matter most — OSINT is essential, not optional.
Frequently asked questions
Is BLACKEYES a DBS provider?
No. BLACKEYES is not registered with the Disclosure and Barring Service and does not issue DBS certificates. We provide a digital OSINT investigation that complements statutory checks — it doesn’t replace them. For DBS checks, contact a DBS-registered umbrella body such as uCheck, Sterling, or Access Group.
Can I rely on an OSINT check instead of a DBS?
No — where a DBS is legally required (regulated activity, SMCR roles, safeguarding), it is not optional. OSINT is complementary, not alternative. For roles where DBS isn’t statutorily required — tenancy vetting, commercial due diligence, fraud investigation, legal research — OSINT stands on its own.
How does an OSINT check know what DBS would show?
It doesn’t — and shouldn’t try to. OSINT uses public sources; criminal-record data is not public in the UK. An OSINT check will not surface a conviction unless the subject themselves has discussed it publicly or it became a matter of public record through news coverage. For criminal-record information, DBS is the correct process.
How do DBS and OSINT timelines compare?
A Basic DBS completes within 1-14 days. Standard typically 2-14 days. Enhanced DBS can take 2-8 weeks depending on police-force response time. An OSINT check typically completes in 15 minutes — it’s designed to run the same day an application arrives, without waiting for the DBS to return.
Do we need candidate consent for both checks?
DBS checks require the candidate’s application and fingerprint/identity verification; they cannot be run covertly. OSINT checks use only public-domain data and historical breaches — legally distinct. UK GDPR applies to both: for DBS, your lawful basis is typically legal obligation or legitimate interest; for OSINT, it’s typically legitimate interest with disclosure in your candidate privacy notice.
Can the two be run together?
Yes. Modern employment-screening programmes commonly run both simultaneously. DBS returns through the umbrella body; OSINT returns through BLACKEYES (or an equivalent platform). Outputs sit alongside each other in the candidate file.
Run an OSINT check alongside your DBS
One email. Fifteen minutes. The digital-identity signals a DBS doesn’t surface — delivered in a source-cited report.
Reports are tools, not conclusive judgements — verify material findings before reliance. See the FAQ