Belfast-based workforce marketplace Locate a Locum has told its 30,000 pharmacy, optometry and nursing professionals that – effective January 2027 – they will have to provide a Home Office Right-to-Work ‘Share Code’ before they can accept shifts. In a blog post dated 26 May, the company said its mobile app will soon integrate automated identity verification using a biometric passport selfie and the Home Office’s real-time status API. Share Codes are one-time, 9-character strings generated on GOV.UK that allow employers to confirm a worker’s immigration status online. While large corporates adopted the system when physical Biometric Residence Permits were phased out in 2025, many SMEs and gig-economy platforms still rely on PDF uploads or manual BRP checks.
![Gig-economy health platform makes Home Office “Share Code” checks mandatory from January]()
To help organisations and individual clinicians stay ahead of these administrative demands, specialist providers such as VisaHQ offer step-by-step visa processing and document-management support. Through its dedicated UK portal (https://www.visahq.com/united-kingdom/), the service can assist workers in renewing Skilled Worker or Graduate permissions, generate deadline alerts and consolidate compliance records—features that neatly complement the new Share Code workflow.
Locate a Locum’s decision therefore sets a new benchmark for compliance in the on-demand staffing sector. For internationally-trained healthcare staff the change is administratively light – obtaining a code takes minutes – but operationally significant. Codes expire after 90 days, so workers on Skilled Worker or Graduate visas must keep UKVI accounts active and generate fresh codes each quarter. Failure to do so will block shift bookings and, in the case of agency-Supplied staff, could cascade into last-minute rota gaps for High-Street pharmacies and vaccination clinics. The move demonstrates how digital right-to-work enforcement is spreading beyond traditional payroll employers into platform-based labour models. Global Mobility and HR teams that engage locums or other gig workers in the UK should review service agreements to confirm who holds compliance liability and whether automated checks meet GDPR and data-minimisation rules. Organisations rolling out similar technology must also plan for contingencies when the Home Office portal is offline – a not-infrequent occurrence during maintenance windows. From a strategic standpoint, the announcement hints at a future where API-based permission checks are embedded directly into workforce-management software. Businesses that modernise early are likely to reduce audit risk and speed onboarding, but must ensure robust privacy notices and secure storage of verification logs for the statutory two-year retention period.
To help organisations and individual clinicians stay ahead of these administrative demands, specialist providers such as VisaHQ offer step-by-step visa processing and document-management support. Through its dedicated UK portal (https://www.visahq.com/united-kingdom/), the service can assist workers in renewing Skilled Worker or Graduate permissions, generate deadline alerts and consolidate compliance records—features that neatly complement the new Share Code workflow.
Locate a Locum’s decision therefore sets a new benchmark for compliance in the on-demand staffing sector. For internationally-trained healthcare staff the change is administratively light – obtaining a code takes minutes – but operationally significant. Codes expire after 90 days, so workers on Skilled Worker or Graduate visas must keep UKVI accounts active and generate fresh codes each quarter. Failure to do so will block shift bookings and, in the case of agency-Supplied staff, could cascade into last-minute rota gaps for High-Street pharmacies and vaccination clinics. The move demonstrates how digital right-to-work enforcement is spreading beyond traditional payroll employers into platform-based labour models. Global Mobility and HR teams that engage locums or other gig workers in the UK should review service agreements to confirm who holds compliance liability and whether automated checks meet GDPR and data-minimisation rules. Organisations rolling out similar technology must also plan for contingencies when the Home Office portal is offline – a not-infrequent occurrence during maintenance windows. From a strategic standpoint, the announcement hints at a future where API-based permission checks are embedded directly into workforce-management software. Businesses that modernise early are likely to reduce audit risk and speed onboarding, but must ensure robust privacy notices and secure storage of verification logs for the statutory two-year retention period.
