Identity verification in Bosnia and Herzegovina
Executive summary. Bosnia and Herzegovina (BiH) is a Western Balkans EU potential candidate country of approximately 3.2 million people with a uniquely fragmented administrative structure — two entities (Federation of BiH and Republika Srpska), plus Brčko District — that complicates identity management and AML supervision. The state-level Law on Anti-Money Laundering and Counter-Terrorism Financin
Documents supported
(Government IDs from 220+ countries)
Average verification time
Countries covered
(Government-issued IDs validated)
Market overview
Bosnia and Herzegovina has a population of approximately 3.2 million and a GDP of roughly USD 25 billion. Sarajevo and Banja Luka are the dual commercial centres. Three verticals drive KYC demand:
Supported documents
Didit templates cover national IDs, passports, residence permits and regional documents — plus 14,000+ documents globally for cross-border flows.
Regulators
Federation Banking Agency and Republika Srpska Banking Agency each supervise banks within their entity
enforced by the Agency for Personal Data Protection (AZLP
the national FIU within SIPA, receiving STRs and coordinating AML enforcement at state level
supervises banks in the Federation entity
supervises banks in the RS entity
data protection oversight
operates the CIPS centralised identity system at state level
Agency for Identification Documents, Records and Data Exchange (IDDEEA)
restricted
CIPS is the centralized citizen identification system managing national ID cards, passports, and driver licenses. IDDEEA operates the system at state level. Unique Master Citizen Number (JMBG) assigne
Entity-level municipal authorities
restricted
Civil registration managed at entity and cantonal levels. Birth, marriage, and death records maintained locally. Fragmented system across two entities and Brčko District.
Government & regulated databases
Compliance framework
AML framework
Supervised by Entity-level banking laws
- Law on Anti-Money Laundering and Counter-Terrorism Financing (February 2024) — comprehensive state-level overhaul. Defines obliged entities, CDD/EDD, beneficial ownership, PEP screening, STR filing. Enables KYC through video identification, electronic signatures, and electronic stamps. Classifies VASPs as obligated entities. - Entity-level banking laws — Federation Banking Agency and Republika Srpska Banking Agency each supervise banks within their entity. - Law on Protection of Personal Data
Data protection
Supervised by Law on Protection of Personal Data
BiH's data protection law (AZLP-supervised) restricts cross-border transfers to countries with adequate protection levels. As an EU potential candidate country, BiH is progressively aligning with GDPR. No strict data localisation mandate exists for KYC data, but CIPS data is domestically hosted and
Use cases
Neobanks, EMIs, payment institutions, lenders, brokerages.
1. Document capture. Scan or photograph of the lična karta (front and back) or biometric passport. 2. Video identification. The 2024 AML law now permits video identification as a CDD method. 3. Liveness and biometric match. Selfie with liveness detection, matched against document portrait. 4. Data e
Exchanges, custodians, wallets, on/off-ramps.
VASPs classified as obligated entities under the 2024 AML law must:
Sports betting, online casinos, age-gated platforms.
BiH has a fragmented gambling regulatory framework at entity level:
Gig platforms, delivery, creator economy, e-commerce.
Marketplace operators face CDD obligations primarily through payment-service integration:
Biometric liveness
BiH biometric ID cards and passports contain chip-stored facial images. NFC-based chip reading is technically feasible but PKI infrastructure for third-party commercial use is not deployed. Liveness detection (ISO 30107-3 compliant) paired with document-portrait matching is the standard approach for remote onboarding. ---
CERTIFICATIONS
Our platform meets the highest international standards for information security, data privacy, and biometric accuracy.
Full EU data protection compliance
Information security management
PAD (liveness + face match)
TRUSTED WORLDWIDE
Join thousands of companies that trust Didit for their verification needs
Didit’s NFC + active biometrics technology blocks the most advanced fraud scenarios, offering a level of security equivalent to or superior to in-person verification.
Spanish Financial Sandbox
CNMV, SEPBLAC & Spanish Treasury — Conclusions Report
Didit is an exceptionally valuable partner, delivering a stable and highly adaptable solution”.
Vuk Adžić
Head of the E-Business Department at Crnogorski Telekom
Didit offered us a robust technology with a simple implementation and adaptability to different markets”.
Fernando Pinto
CEO & CoFounder at TucanPay
Thanks to Didit we have been able to reduce manual processes and improve data extraction accuracy”.
Diana Garcia
Trust & Safety Executive at Shiply
Didit’s integration slashed verification times and costs, freeing resources for other projects”.
Guillem Medina
COO at GBTC Finance
Didit removed KYC costs, enabling faster scaling with high verification standards and less fraud.”
Paul Martin
VP Marketing & Growth at Bondex
Didit’s secure, user-friendly verification boosts customer trust and optimizes our process.”
Cristofer Montenegro
Executive assistant to the CEO at Adelantos
Didit ensures a precise, secure digital onboarding without slowing negotiations or client time.”
Ernesto Betancourth
Gerente de riesgos at CrediDemo
FAQ
Yes. Bosnia and Herzegovina permits remote KYC onboarding under its national AML framework, including document verification, biometric liveness and video identification where required by regulation.
Didit verifies all major national IDs, passports and residence permits issued in Bosnia and Herzegovina, plus 14,000+ document types globally for cross-border flows.
Didit charges $0.30 per verification with 500 free checks per month. No contracts, no minimums. Competitors typically charge $1.00–$2.50+ per verification.
Yes. Didit screens against 1,000+ global watchlists including PEP databases, sanctions lists (EU, UN, OFAC, OFSI), and adverse media — covering all AML obligations in Bosnia and Herzegovina.
Most regulated sectors in Bosnia and Herzegovina require or strongly recommend biometric liveness detection for remote onboarding. Didit provides ISO 30107-3 PAD Level 2 certified liveness.
Yes. Didit supports document verification, liveness, AML screening and ongoing monitoring aligned with Bosnia and Herzegovina’s crypto regulatory framework, including EU Travel Rule compliance where applicable.
Yes. Didit provides document-based age verification and identity confirmation suitable for Bosnia and Herzegovina’s iGaming regulatory requirements.
500 free verifications per month. No contracts, no minimums. $0.30 per verification after the free tier.
