Identity verification in Bulgaria

Identity verification and KYC/AML in Bulgaria

Executive summary. Bulgaria is the only EU member state still on the FATF grey list (added 27 October 2023, following MONEYVAL's 2022 Mutual Evaluation Report). That single fact reframes the entire KYC conversation for any regulated operator in the country: every correspondent bank, every EU counterparty, and every supervisor is applying enhanced due diligence to Bulgarian-licensed entities by def

Start free — 500 checks/mo Talk to sales

🇧🇬

14K+

Documents supported

(Government IDs from 220+ countries)

<30 sec

Average verification time

220+

Countries covered

(Government-issued IDs validated)

Market overview

KYC in Bulgaria, at a glance

Bulgaria has a population of roughly 6.5 million and, since 1 January 2025, is a full Schengen member (air and sea borders from 31 March 2024, land from 1 January 2025). The country has the EU's lowest flat corporate tax (10%), which makes Sofia and Plovdiv disproportionately attractive for software-intensive regulated businesses relative to the size of the domestic economy. Three KYC-relevant verticals dominate:

Supported documents

Every major ID in Bulgaria

Didit templates cover national IDs, passports, residence permits and regional documents — plus 14,000+ documents globally for cross-border flows.

Лична карта

Паспорт

Свидетелство за управление на МПС

Удостоверение за пребиваване

EU/EEA ID cards and passports

Regulators

Who supervises KYC/AML in Bulgaria

AML Act

AML supervisor

ГРАО (GRAO — Civil Registration and Administrative Services)

Ministry of Regional Development

regulated

Central civil registry. EGN (Единен граждански номер / Unified Civil Number) assigned to all citizens. Electronic access for authorized state entities.

Лична карта (Identity Card)

Ministry of Interior

restricted

Mandatory national ID card. Electronic ID card with chip being rolled out. Current cards lack electronic functionality.

Търговски регистър (Commercial Register)

Registry Agency

open

Business register. Free online search available.

Government & regulated databases

Authoritative sources Didit can cross-check against

Compliance framework

The law behind KYC in Bulgaria

AML framework

Закон за мерките срещу изпирането на пари (ZMIP / MAMLA)

Supervised by AML Act

- Закон за мерките срещу изпирането на пари (ZMIP / MAMLA) — Measures against Money Laundering Act. The backbone of Bulgarian KYC. Defines obliged entities, customer due diligence (комплексна проверка на клиента), enhanced due diligence, record retention, PEP and UBO obligations. - Правилник за прилагане на ЗМИП (PPZMIP) — implementing regulation, sets out the operational detail of CDD procedures, risk-assessment methodology, and training requirements. - Закон за мерките срещу финансирането на т

Data protection

GDPR + Personal Data Protection Act; CPDP (data protection authority)

Supervised by National DPA

GDPR applies in full. The Закон за защита на личните данни adds Bulgarian-specific provisions, notably:

Use cases

Built for the industries that regulate Bulgaria

Fintech

Neobanks, EMIs, payment institutions, lenders, brokerages.

A Bulgarian payment institution or e-money institution onboarding a retail customer under ZMIP Art. 10 and following typically runs:

Crypto / VASPs

Exchanges, custodians, wallets, on/off-ramps.

Until the BG MiCA Act, VASPs registered with the NRA followed a lightweight AML regime built on ZMIP plus the NRA register. The post-July-2025 flow for a CASP transitioning to FSC authorisation:

iGaming

Sports betting, online casinos, age-gated platforms.

The NRA issues online gambling licences under the Gambling Act. KYC requirements for operators:

Marketplaces

Gig platforms, delivery, creator economy, e-commerce.

Marketplaces face a hybrid obligation stack: ZMIP (if providing payment or escrow services in-house), DAC7 (seller reporting to NRA), DSA trader identification (for B2C platforms), and P2B. A typical seller/driver flow:

Biometric liveness

ISO 30107-3 PAD Level 2 liveness, ready for Bulgaria

ZMIP does not prescribe a specific presentation-attack-detection standard. However, CPDP treats biometric templates as Art. 9 GDPR special-category data and, in its guidelines on facial recognition (including a notable position on biometrics in educational institutions), requires strict proportionality, storage minimisation, and a clear legal basis. Obliged entities processing biometric templates for remote onboarding typically rely on Art. 6(1)(c) (legal obligation under ZMIP) combined with Art

CERTIFICATIONS

Certified for enterprise trust

Our platform meets the highest international standards for information security, data privacy, and biometric accuracy.

translation_v21.securityCompliance.certifications.items.gdpr.title

GDPR Compliant

Full EU data protection compliance

ISO 27001

Information security management

translation_v21.securityCompliance.certifications.items.ibeta.title

iBeta Level 1

PAD (liveness + face match)

TRUSTED WORLDWIDE

What our customers say

Join thousands of companies that trust Didit for their verification needs

Didit’s NFC + active biometrics technology blocks the most advanced fraud scenarios, offering a level of security equivalent to or superior to in-person verification.

Spanish Financial Sandbox

CNMV, SEPBLAC & Spanish Treasury — Conclusions Report

Didit is an exceptionally valuable partner, delivering a stable and highly adaptable solution”.

Vuk Adžić

Head of the E-Business Department at Crnogorski Telekom

Didit offered us a robust technology with a simple implementation and adaptability to different markets”.

Fernando Pinto

CEO & CoFounder at TucanPay

Thanks to Didit we have been able to reduce manual processes and improve data extraction accuracy”.

Diana Garcia

Trust & Safety Executive at Shiply

Didit’s integration slashed verification times and costs, freeing resources for other projects”.

Guillem Medina

COO at GBTC Finance

Didit removed KYC costs, enabling faster scaling with high verification standards and less fraud.”

Paul Martin

VP Marketing & Growth at Bondex

Didit’s secure, user-friendly verification boosts customer trust and optimizes our process.”

Cristofer Montenegro

Executive assistant to the CEO at Adelantos

Didit ensures a precise, secure digital onboarding without slowing negotiations or client time.”

Ernesto Betancourth

Gerente de riesgos at CrediDemo

FAQ

Questions about KYC in Bulgaria

Is remote identity verification legal in Bulgaria?

Yes. Bulgaria permits remote KYC onboarding under its national AML framework, including document verification, biometric liveness and video identification where required by regulation.

What identity documents does Didit verify in Bulgaria?

Didit verifies all major national IDs, passports and residence permits issued in Bulgaria, plus 14,000+ document types globally for cross-border flows.

How much does identity verification cost in Bulgaria?

Didit charges $0.30 per verification with 500 free checks per month. No contracts, no minimums. Competitors typically charge $1.00–$2.50+ per verification.

Does Didit support AML screening for Bulgaria?

Yes. Didit screens against 1,000+ global watchlists including PEP databases, sanctions lists (EU, UN, OFAC, OFSI), and adverse media — covering all AML obligations in Bulgaria.

Is biometric liveness required?

Most regulated sectors in Bulgaria require or strongly recommend biometric liveness detection for remote onboarding. Didit provides ISO 30107-3 PAD Level 2 certified liveness.

Can Didit help with crypto/VASP compliance in Bulgaria?

Yes. Didit supports document verification, liveness, AML screening and ongoing monitoring aligned with Bulgaria’s crypto regulatory framework, including EU Travel Rule compliance where applicable.

Does Didit support age verification for iGaming in Bulgaria?

Yes. Didit provides document-based age verification and identity confirmation suitable for Bulgaria’s iGaming regulatory requirements.