Skip to main content
Didit Raises $7.5M to Build the Infrastructure for Identity and Fraud
Didit
Europe

Identity verification
built for Cyprus Flag of Cyprus

Ταυτότητα, biometric passport, and EU/EEA documents on one session, EU AMLD6 + GDPR + AML Law 188(I)/2007. CySEC and CBC supervised. $0.33 full KYC, 500 free every month.

Start freeRead the docs
Backed by
Y CombinatorRobinhood Ventures
GBTC Finance
Bondex
Crnogorski Telekom
UCSF Neuroscape
Shiply
Adelantos

Trusted by 2,000+ organizations worldwide.

Country brief

How identity verification works in Cyprus.

The fraud surface and the frameworks an engineering or compliance lead needs before scoping an integration.
Fraud landscape
Two pressures shape Cypriot identity fraud: deepfake and synthetic-identity attacks exploiting the high volume of offshore company formation and CASP onboarding that Cyprus attracts as a gateway into the EU single market, and document forgery pressure from third-country nationals seeking EU financial access through Cypriot-licensed institutions. Didit scores 200+ real-time fraud signals on every session, face morph, replay, injection, document tampering, device intelligence, IP geolocation.
Compliance frameworks
  • AML Law 188(I)/2007 as amended (AMLD6 transposition)
  • AMLD6 (EU Directive 2018/843)
  • GDPR (Regulation 2016/679)
  • MiCA (Markets in Crypto-Assets Regulation)
  • DORA (Digital Operational Resilience Act)
  • EU Regulation 2019/1157 (chip ID cards)
Regulators

Who supervises identity verification in Cyprus.

These are the supervisors a Cyprus verification flow has to answer to. One Didit hosted flow + one audit log covers every one of them, no separate integration per agency.

  • CySEC

    Επιτροπή Κεφαλαιαγοράς (Cyprus Securities and Exchange Commission), supervises investment firms, collective investment schemes, Forex brokers, and Crypto-Asset Service Providers under MiCA. Administers AML obligations for Cyprus Investment Firms under Law 188(I)/2007 as amended.

  • CBC

    Κεντρική Τράπεζα της Κύπρου (Central Bank of Cyprus), central bank and prudential supervisor for banks, payment institutions, and electronic-money issuers. Sets Customer Due Diligence requirements under Law 188(I)/2007 as amended.

  • MOKAS

    Μονάδα Καταπολέμησης Αδικημάτων Συγκάλυψης (Unit for Combating Money Laundering), Cyprus's Financial Intelligence Unit, operating under the Attorney General. Receives Suspicious Activity Reports from obligated entities under Law 188(I)/2007.

  • Commissioner for Personal Data Protection

    Επίτροπος Προστασίας Δεδομένων Προσωπικού Χαρακτήρα, Cyprus's supervisory authority for GDPR (Regulation 2016/679). Governs every identity verification on Cypriot residents.

  • House of Representatives

    Βουλή των Αντιπροσώπων, the Cypriot parliament. Senior members are listed as PEP Level 1 in Didit's AML screening layer as required by Law 188(I)/2007 and AMLD6.

Verification flow · One API

Four modules. One verification.

ID, biometric, AML, and a Cyprus database cross-check, composed on one workflow, billed per success, returned in one report.
Read the docsGet an API key
01 · ID

Capture and read the ID.

Captured on any phone, auto-classified, OCR-parsed, and template-verified.

  • ταυτότητα (the polycarbonate chip ID card under EU Reg. 2019/1157), διαβατήριο (with the chip read on e-Passports), άδεια οδήγησης, and άδεια παραμονής for non-EU residents.
  • Returns the name, document number, date of birth, and expiry.
Read the docs
Stage 01Capture and read the ID
  • Ταυτότητα, chip read on polycarbonate card
  • Άδεια Οδήγησης · Άδεια Παραμονής
  • Διαβατήριο, chip read on e-Passport
02 · Biometric

Match the face. Prove it's a real person..

Selfie confirmed live and matched against the ID portrait.

  • Duplicate check: 1:N face search across existing users. Free.
  • Active liveness ($0.15) for elevated-risk flows, user turns or blinks.
Read the docs
Stage 02Match the face. Prove it's a real person.
  • Selfie on any phone or laptop camera
  • Mobile-handoff QR when the user starts on desktop
03 · AML

Screen for sanctions, PEPs, and adverse media.

1,300+ global sanctions, PEP, and adverse-media lists, plus Cypriot watchlists:

  • House of Representatives of Cyprus, PEP Level 1 (Βουλή members).
  • U.S. Department of the Treasury, SIP (Cyprus-linked OFAC enforcement designations).
  • CySEC Administrative Sanctions, regulatory enforcement actions against Cyprus Investment Firms and CASPs.
  • CySEC Warnings, investor alerts and regulatory warnings from the securities regulator.
  • EU Consolidated Financial Sanctions List, applies under EU enforcement in Cyprus.
  • OFAC Specially Designated Nationals (SDN), US Treasury designations.
  • MONEYVAL, Council of Europe AML evaluation findings for Cyprus.
  • UN Security Council Consolidated Sanctions List, global designations.
  • Europol Most Wanted, cross-border law enforcement designations.
  • Eurojust, EU judicial cooperation designations.
  • FATF 40 Recommendations, risk-jurisdiction monitoring.
  • Basel AML Index, country-level AML risk scoring referenced in CySEC enhanced-due-diligence frameworks.

Severity-scored. Ongoing monitoring ($0.07/user/yr) re-checks daily and fires a webhook on new hits.

Read the docs
Stage 03Screen for sanctions, PEPs, and adverse media

Screen for sanctions, PEPs, and adverse media , see the docs for the full module surface.

04 · Registry

Document validation, no public registry API in Cyprus.

Cyprus does not currently expose a public government consumer API open to third-party integrators for cross-checking national ID records against the civil registry or population register. Identity validation in Cyprus therefore relies on three complementary layers that Didit runs in parallel:

  • Document OCR + chip read, every field on the ταυτότητα or διαβατήριο is extracted and validated against ISO/ICAO templates in real time.
  • Biometric liveness + face match, the selfie is confirmed as live and matched against the document portrait, eliminating synthetic and replay attacks.
  • AML screening, the extracted name is screened across 1,300+ global and Cypriot watchlists, catching sanctions, PEPs, and adverse-media hits that a registry lookup would not surface.

If an authoritative database validation API becomes available for Cyprus, Didit will add it to the POST /v3/database-validation/ catalogue automatically, no integration changes required on your side.

Read the docs
Stage 04Document validation, no public registry API in Cyprus

Document validation, no public registry API in Cyprus , see the docs for the full module surface.

Documents covered

Every Cyprus document Didit accepts.

One row per accepted credential, flag, document name, document type. Live from the Didit Business Console.
Authoritative datasets

Civil-registry and AML coverage for Cyprus.

One card per dataset Didit cross-checks against, civil registries on the Database Validation API plus the global AML watchlist pool. Each card links to the technical docs.
aml-screening

AML lists screened in Cyprus

1,300+ sanctions, Politically Exposed Persons (PEP), and adverse-media lists, plus the country's regulatory watchlists and PEP registries.

Read the AML coverage docs
Compliant by design

Open a new country in one click. We do the hard work.

We open the local subsidiaries, secure the licenses, run the penetration tests, earn the certifications, and align with every new regulation. To ship verifications in a new country, flip a toggle. 220+ countries live, audited and pen-tested every quarter, the only identity provider an EU member-state government has formally called safer than in-person verification.
Read the security & compliance dossier
EU financial sandbox
Tesoro · SEPBLAC · BdE
ISO/IEC 27001
Information security · 2026
SOC 2 · Type I
AICPA · 2026
iBeta Level 1 PAD
NIST / NIAP · 2026
GDPR
EU 2016/679
DORA
EU 2022/2554
MiCA
EU 2023/1114
AMLD6 · eIDAS 2.0
EU-aligned by design
FAQ

Common questions about Cyprus.

What does Didit ship?

Didit is the infrastructure layer for identity and fraud. One Application Programming Interface (API), 25+ composable modules across four product lines:

  • User Verification (KYC, know your customer), Identity Document Verification, liveness, face match, Anti-Money Laundering (AML) screening, Internet Protocol (IP) analysis. $0.33 per full bundle.
  • Business Verification (KYB, know your business), registry, Ultimate Beneficial Owner (UBO), officers, entity AML, plus a linked KYC session per UBO.
  • Transaction Monitoring, real-time rule engine, case management, Suspicious Activity Report (SAR) workflow.
  • Wallet Screening (KYT, know your transaction), on-chain wallet risk at $0.15 per check, or bring your own screening provider and run it inside Didit.

Compose any module into a workflow with the visual no-code builder, ship in 5 minutes, 500 verifications free every month, forever.

How is Didit different from a single-product Know Your Customer (KYC) vendor?

Most identity vendors sell one slice, a KYC check, an Anti-Money Laundering (AML) list, a wallet screen. Didit ships the infrastructure underneath all of them, and the gap shows up on six axes:

  • Pricing. Public price on every module, $0.33 for a full KYC, 500 verifications free every month, no minimums, no contracts. Single-product vendors hide six-figure minimums behind a sales call.
  • Access. Sandbox in one click, self-serve from day one, production keys on signup. Single-product vendors gate the sandbox behind a contract, months to evaluate.
  • Developer experience. Public docs, a Model Context Protocol (MCP) server for Claude Code and Cursor, and native Software Development Kits (SDKs) for Web, iOS, Android, React Native, and Flutter. Integrate in 5 minutes with an AI agent or in a working afternoon by hand.
  • User experience. Highest pass rates in the market, sub-2-second end-to-end inference, country-specialised capture flows, 48+ languages out of the box.
  • Flexibility. One /v3/ Application Programming Interface (API) composes 25+ modules across KYC, Know Your Business (KYB), Transaction Monitoring, and Wallet Screening (KYT, know your transaction). A KYB session spawns a linked KYC for every Ultimate Beneficial Owner (UBO); a flagged transaction spawns a step-up KYC remediation, same session, same webhook contract, same audit trail. Single-product vendors sell one shape of KYC and stop there.
  • AI-era fraud. 200+ real-time fraud signals scored on every session, deepfake, injection, synthetic-ID, document forgery, face-morph, device intelligence, replay. Single-product vendors treat deepfake and injection detection as roadmap items, not defaults.

Common in fintech and crypto, the same architecture fits marketplaces, iGaming, mobility, and any vertical where you need to know who someone is and what they are doing.

What does it cost? Is anything actually free?

500 verifications free every month, forever, on every account. No credit card. No sales call. No expiry.

Above the free tier, every module has a public per-success price on didit.me/pricing, $0.33 per full KYC bundle, $0.15 per Identity Document Verification, $0.15 per Wallet Screening, $0.20 per Anti-Money Laundering (AML) Screening, $0.10 per liveness, $0.05 per face match, $0.03 per Internet Protocol (IP) analysis.

Pay-as-you-go, no minimums, no overage surprises. Volume discounts kick in automatically as you grow.

Which Cypriot regulator covers identity verification on a digital onboarding?

Four regulators sit on top of every Cypriot identity-verification flow:

  • CySEC (Επιτροπή Κεφαλαιαγοράς), Cyprus Securities and Exchange Commission. Supervises Cyprus Investment Firms, funds, Forex brokers, and Crypto-Asset Service Providers (CASPs) under MiCA and sets AML requirements under Law 188(I)/2007 as amended.
  • CBC (Κεντρική Τράπεζα της Κύπρου), Central Bank of Cyprus. Prudential supervisor for banks, payment institutions, and electronic-money issuers. Sets Customer Due Diligence requirements under Law 188(I)/2007.
  • MOKAS (Μονάδα Καταπολέμησης Αδικημάτων Συγκάλυψης), Cyprus's Financial Intelligence Unit under the Attorney General. Receives Suspicious Activity Reports under Law 188(I)/2007.
  • Commissioner for Personal Data Protection, Cyprus's supervisory authority for GDPR (Regulation 2016/679).

Didit ships the hosted flow + the audit log + the watchlist coverage to satisfy all four at the same time, same POST /v3/session/ workflow, same JSON report, same SOC 2 Type 1 + ISO/IEC 27001 evidence pack.

Is there a government database validation API for Cypriot identities?

No, Cyprus does not currently expose a public government consumer API open to third-party integrators for cross-checking national ID records against the civil or population registry.

Didit compensates with three complementary validation layers that run in parallel on every session:

  • Document OCR + chip read, every field on the ταυτότητα or διαβατήριο is extracted and validated against ISO/ICAO templates.
  • Biometric liveness + Face Match 1:1, the selfie is confirmed live and matched against the document portrait.
  • AML screening, the extracted name is screened across 1,300+ global and Cypriot watchlists (CySEC Administrative Sanctions, CySEC Warnings, MOKAS, EU Consolidated Sanctions, OFAC SDN, MONEYVAL, UN, Europol, Eurojust).

If a Cypriot government database API becomes available, Didit adds it to POST /v3/database-validation/ automatically, no changes required on your integration.

Is Didit ready for CySEC-regulated Cyprus Investment Firm and CASP onboarding?

Yes. Cyprus's CySEC regulates every Cyprus Investment Firm (CIF) and Crypto-Asset Service Provider (CASP) under Law 188(I)/2007 as amended, the AMLD6 transposition, and requires full Customer Due Diligence at onboarding.

Didit covers the full stack on one workflow:

  • Identity Document Verification + Active Liveness + Face Match 1:1 for the tier-1 onboarding check, document OCR + chip read of the ταυτότητα under EU Reg. 2019/1157.
  • AML Screening ($0.20 per check) against the global pool plus Cypriot regulatory watchlists (CySEC Administrative Sanctions + Warnings, House of Representatives PEP register, MOKAS, EU Consolidated Sanctions, OFAC SDN, MONEYVAL, UN, Europol, Eurojust, Basel AML Index).
  • Ongoing AML monitoring ($0.07 per user / year) for periodic customer-review obligations under Law 188(I)/2007 Art. 61–63.
How long does it take to integrate Didit in Cyprus?

5 minutes to a working sandbox, a weekend to a production flow.

  • Sign up at business.didit.me, grab an API key, call POST /v3/session/ with a workflow_id that wires ID Verification + Active Liveness + Face Match + AML, done.
  • AI-agent path: paste the integration prompt at docs.didit.me/integration/integration-prompt into Claude Code, Cursor, Codex, Devin, Aider, or Replit Agent. The agent provisions the application, builds the workflow, wires the webhook, and runs a smoke test.
  • Five SDKs share the same session model: Web, iOS, Android, React Native, Flutter.

The first 500 verifications every month are free, forever, pilot the full Cyprus stack at zero cost before flipping production traffic.

What does the Cyprus verification cost end-to-end?

Per-module public pricing, pay only for what runs on the session:

  • ID Verification, $0.15 per document check.
  • Passive Liveness, $0.10. Active Liveness, $0.15.
  • Face Match 1:1, $0.05. Face Search 1:N, free.
  • AML Screening, $0.20 per check. Ongoing AML, $0.07 per user / year.

The full KYC bundle (Identity + Passive Liveness + Face Match + IP Analysis) is `$0.33`, same anchor price worldwide, no Cyprus surcharge. 500 verifications free every month, no credit card. Volume discounts auto-apply above the free tier; Enterprise adds a custom Master Services Agreement (MSA) and data-residency choice.

Related

Related coverage

Infrastructure for identity and fraud.

One API for KYC, KYB, Transaction Monitoring, and Wallet Screening. Integrate in 5 minutes.

Start freeTalk to us
Ask an AI to summarise this page