Skip to main content
Didit Raises $7.5M to Build the Infrastructure for Identity and Fraud
Didit
Europe

Identity verification
built for Estonia Flag of Estonia

Estonian ID-kaart, e-Residency card, and Mobiil-ID on one session, Finantsinspektsioon-aligned, $0.33 full KYC, 500 free every month.

Start freeRead the docs
Backed by
Y CombinatorRobinhood Ventures
GBTC Finance
Bondex
Crnogorski Telekom
UCSF Neuroscape
Shiply
Adelantos

Trusted by 2,000+ organizations worldwide.

Country brief

How identity verification works in Estonia.

The fraud surface and the frameworks an engineering or compliance lead needs before scoping an integration.
Fraud landscape
Three pressures shape Estonian identity fraud: deepfake and injection attacks on the long tail of crypto and fintech operators that licensed through Estonia in the 2018–2022 window, synthetic-identity attempts that exploit cross-border e-Residency company structures, and AML pressure on the high-velocity Nordic-Baltic payments corridor following the Danske Bank Estonia branch revelations. Didit scores 200+ real-time fraud signals on every session, face morph, replay, injection, document tampering, device intelligence, IP geolocation.
Compliance frameworks
  • Money Laundering and Terrorist Financing Prevention Act
  • AMLD6
  • MiCA
  • DORA
  • GDPR / Estonian Personal Data Protection Act
  • PSD2
  • eIDAS 2.0
Regulators

Who supervises identity verification in Estonia.

These are the supervisors a Estonia verification flow has to answer to. One Didit hosted flow + one audit log covers every one of them, no separate integration per agency.

  • Finantsinspektsioon

    Estonian Financial Supervision and Resolution Authority. Supervises banks, payment institutions, electronic-money institutions, and crypto-asset service providers under the Money Laundering and Terrorist Financing Prevention Act.

  • Rahapesu Andmebüroo

    Estonian Financial Intelligence Unit, sitting inside the Police and Border Guard Board (PPA). Receives every suspicious activity report.

  • Andmekaitse Inspektsioon

    Estonian Data Protection Inspectorate. GDPR + Personal Data Protection Act supervisor for every identity verification on Estonian residents.

  • Politsei- ja Piirivalveamet

    Police and Border Guard Board. Issues every ID-kaart, e-Residency card, and passport, the authoritative source behind Estonian identity verification.

  • KAPO

    Kaitsepolitseiamet (Estonian Internal Security Service). Maintains the internal security watchlist and assesses persons of interest relevant to anti-money-laundering and counter-terrorism-financing obligations.

Verification flow · One API

Four modules. One verification.

ID, biometric, AML, and a Estonia database cross-check, composed on one workflow, billed per success, returned in one report.
Read the docsGet an API key
01 · ID

Capture and read the ID.

Captured on any phone, auto-classified, OCR-parsed, and template-verified.

  • Works for every primary Estonian credential, ID-kaart, the e-Residency card, Eesti kodaniku pass (with the chip read on e-Passports), Juhiluba, and the Elamisloakaart residence permit.
  • Returns the name, isikukood (personal identification code), date of birth, sex, and expiry.
Read the docs
Stage 01Capture and read the ID
  • ID-kaart · e-Residency card
  • Eesti kodaniku pass, chip read on e-Passport
  • Juhiluba · Elamisloakaart
02 · Biometric

Match the face. Prove it's a real person..

Selfie confirmed live and matched against the ID portrait.

  • Duplicate check: 1:N face search across existing users. Free.
  • Active liveness ($0.15) for elevated-risk flows, user turns or blinks.
Read the docs
Stage 02Match the face. Prove it's a real person.
  • Selfie on any phone or laptop camera
  • Mobile-handoff QR when the user starts on desktop
03 · AML

Screen for sanctions, PEPs, and adverse media.

1,300+ global sanctions, PEP, and adverse-media lists, plus Estonian watchlists:

  • Estonian Centre Party, PEP Level 1 register, members of the Riigikogu (parliament) and senior party officials.
  • Harju County Government, PEP Level 4 register, county-level government officials.
  • Estonia Police, Wanted Persons warnings, active domestic criminal and fugitive notices.
  • Estonian Police and Border Guard Board (EEPPA), State-Invested Person register, persons with beneficial ownership in state-invested entities.
  • Finantsinspektsioon (FSA Estonia), regulatory enforcement and market warnings, enforcement actions and prohibited-person notices.
  • KAPO (Estonian Internal Security Service), persons of interest, internal security watchlist.
  • EU Consolidated List of EU Financial Sanctions, full AMLD6-aligned sanctions coverage.
  • EU Consolidated List of Travel Bans, EU travel-restriction register.
  • UN Security Council Consolidated Sanctions List, global multilateral sanctions.

Severity-scored. Ongoing monitoring ($0.07/user/yr) re-checks daily and fires a webhook on new hits.

Read the docs
Stage 03Screen for sanctions, PEPs, and adverse media

Screen for sanctions, PEPs, and adverse media , see the docs for the full module surface.

04 · Registry

Verify the document end-to-end.

Estonia does not currently expose a public consumer government API for civil-registry lookups, no database validation service exists for the national population register.

  • The ID-kaart + e-Residency chip read validates the authentication certificate and pulls the cardholder data inline via the standard Identity Document Verification module.
  • The passport NFC chip read returns the signed datagroups and validates the Public Key Directory chain.
  • For the registry-side cross-check, Didit's KYB lookup against the Estonian Commercial Register (Äriregister) resolves every Estonian company and surfaces the Ultimate Beneficial Owners, particularly relevant for e-Residency-issued companies.
  • A direct Politsei- ja Piirivalveamet population-register authoritative-source lookup ships as GDPR-compliant data partners onboard, Enterprise customers can talk to sales to wire it into their workflow.
Read the docs
Stage 04Verify the document end-to-end

Verify the document end-to-end , see the docs for the full module surface.

Documents covered

Every Estonia document Didit accepts.

One row per accepted credential, flag, document name, document type. Live from the Didit Business Console.
Authoritative datasets

Civil-registry and AML coverage for Estonia.

One card per dataset Didit cross-checks against, civil registries on the Database Validation API plus the global AML watchlist pool. Each card links to the technical docs.
aml-screening

AML lists screened in Estonia

1,300+ sanctions, Politically Exposed Persons (PEP), and adverse-media lists, plus the country's regulatory watchlists and PEP registries.

Read the AML coverage docs
Compliant by design

Open a new country in one click. We do the hard work.

We open the local subsidiaries, secure the licenses, run the penetration tests, earn the certifications, and align with every new regulation. To ship verifications in a new country, flip a toggle. 220+ countries live, audited and pen-tested every quarter, the only identity provider an EU member-state government has formally called safer than in-person verification.
Read the security & compliance dossier
EU financial sandbox
Tesoro · SEPBLAC · BdE
ISO/IEC 27001
Information security · 2026
SOC 2 · Type I
AICPA · 2026
iBeta Level 1 PAD
NIST / NIAP · 2026
GDPR
EU 2016/679
DORA
EU 2022/2554
MiCA
EU 2023/1114
AMLD6 · eIDAS 2.0
EU-aligned by design
FAQ

Common questions about Estonia.

What does Didit ship?

Didit is the infrastructure layer for identity and fraud. One Application Programming Interface (API), 25+ composable modules across four product lines:

  • User Verification (KYC, know your customer), Identity Document Verification, liveness, face match, Anti-Money Laundering (AML) screening, Internet Protocol (IP) analysis. $0.33 per full bundle.
  • Business Verification (KYB, know your business), registry, Ultimate Beneficial Owner (UBO), officers, entity AML, plus a linked KYC session per UBO.
  • Transaction Monitoring, real-time rule engine, case management, Suspicious Activity Report (SAR) workflow.
  • Wallet Screening (KYT, know your transaction), on-chain wallet risk at $0.15 per check, or bring your own screening provider and run it inside Didit.

Compose any module into a workflow with the visual no-code builder, ship in 5 minutes, 500 verifications free every month, forever.

How is Didit different from a single-product Know Your Customer (KYC) vendor?

Most identity vendors sell one slice, a KYC check, an Anti-Money Laundering (AML) list, a wallet screen. Didit ships the infrastructure underneath all of them, and the gap shows up on six axes:

  • Pricing. Public price on every module, $0.33 for a full KYC, 500 verifications free every month, no minimums, no contracts. Single-product vendors hide six-figure minimums behind a sales call.
  • Access. Sandbox in one click, self-serve from day one, production keys on signup. Single-product vendors gate the sandbox behind a contract, months to evaluate.
  • Developer experience. Public docs, a Model Context Protocol (MCP) server for Claude Code and Cursor, and native Software Development Kits (SDKs) for Web, iOS, Android, React Native, and Flutter. Integrate in 5 minutes with an AI agent or in a working afternoon by hand.
  • User experience. Highest pass rates in the market, sub-2-second end-to-end inference, country-specialised capture flows, 48+ languages out of the box.
  • Flexibility. One /v3/ Application Programming Interface (API) composes 25+ modules across KYC, Know Your Business (KYB), Transaction Monitoring, and Wallet Screening (KYT, know your transaction). A KYB session spawns a linked KYC for every Ultimate Beneficial Owner (UBO); a flagged transaction spawns a step-up KYC remediation, same session, same webhook contract, same audit trail. Single-product vendors sell one shape of KYC and stop there.
  • AI-era fraud. 200+ real-time fraud signals scored on every session, deepfake, injection, synthetic-ID, document forgery, face-morph, device intelligence, replay. Single-product vendors treat deepfake and injection detection as roadmap items, not defaults.

Common in fintech and crypto, the same architecture fits marketplaces, iGaming, mobility, and any vertical where you need to know who someone is and what they are doing.

What does it cost? Is anything actually free?

500 verifications free every month, forever, on every account. No credit card. No sales call. No expiry.

Above the free tier, every module has a public per-success price on didit.me/pricing, $0.33 per full KYC bundle, $0.15 per Identity Document Verification, $0.15 per Wallet Screening, $0.20 per Anti-Money Laundering (AML) Screening, $0.10 per liveness, $0.05 per face match, $0.03 per Internet Protocol (IP) analysis.

Pay-as-you-go, no minimums, no overage surprises. Volume discounts kick in automatically as you grow.

Which Estonian regulators sit on top of a digital onboarding flow?

Four supervisors sit on every Estonian identity-verification flow:

  • Finantsinspektsioon, Estonian Financial Supervision and Resolution Authority. Sets remote-onboarding requirements for banks, payment institutions, electronic-money institutions, and MiCA-licensed crypto-asset service providers under the Money Laundering and Terrorist Financing Prevention Act, Estonia's transposition of AMLD6.
  • Rahapesu Andmebüroo, Estonia's Financial Intelligence Unit, sitting inside the Police and Border Guard Board. Receives every suspicious activity report.
  • Andmekaitse Inspektsioon, Estonian Data Protection Inspectorate. GDPR supervisor under the Personal Data Protection Act.
  • Politsei- ja Piirivalveamet (PPA), Police and Border Guard Board. Issues every ID-kaart and e-Residency card.

Didit ships the hosted flow + the audit log + the watchlist coverage to satisfy all four at the same time, same POST /v3/session/ workflow, same JSON report, same SOC 2 Type 1 + ISO/IEC 27001 evidence pack.

Does Didit handle e-Residency cards and Mobiil-ID for non-resident Estonian companies?

Yes. The e-Residency card carries the same Politsei- ja Piirivalveamet (PPA) chip and certificate stack as the standard ID-kaart, so Didit reads it on the same Identity Document Verification flow, chip read, certificate-chain validation, MRZ parse, template-fraud scoring.

For Estonian-incorporated companies controlled by e-Residents, Didit's KYB lookup against the Estonian Commercial Register resolves every entity and surfaces the Ultimate Beneficial Owners, then a linked KYC session captures each UBO with the same /v3/ Application Programming Interface (API), the same webhook contract, and the same audit trail Finantsinspektsioon expects.

Is Didit ready for MiCA-licensed Estonian crypto-asset service providers?

Yes. Finantsinspektsioon authorises crypto-asset service providers under MiCA with mandatory KYC + AML controls per the Money Laundering and Terrorist Financing Prevention Act.

Didit covers the full stack on one workflow:

  • Identity Document Verification + Active Liveness + Face Match 1:1 for the tier-1 onboarding check.
  • ID-kaart / e-Residency / passport chip read for the document-grade authentication Finantsinspektsioon and Rahapesu Andmebüroo expect.
  • AML Screening ($0.20 per check) against the global 1,300+ pool plus Estonian regulatory watchlists and EU Consolidated Sanctions.
  • Wallet Screening (KYT) at $0.15 per check for the on-chain exposure assessment MiCA + Travel Rule require.
  • Ongoing AML monitoring ($0.07 per user / year) for the periodic-review obligation under the Money Laundering and Terrorist Financing Prevention Act.
How long does it take to integrate Didit in Estonia?

5 minutes to a working sandbox, a weekend to a production flow.

  • Sign up at business.didit.me, grab an API key, call POST /v3/session/ with a workflow_id that wires ID Verification + Active Liveness + Face Match + AML, done.
  • AI-agent path: paste the integration prompt at docs.didit.me/integration/integration-prompt into Claude Code, Cursor, Codex, Devin, Aider, or Replit Agent. The agent provisions the application, builds the workflow, wires the webhook, and runs a smoke test.
  • Five SDKs share the same session model: Web, iOS, Android, React Native, Flutter.

The first 500 verifications every month are free, forever, pilot the full Estonia stack at zero cost before flipping production traffic.

Which language does the hosted verification flow use for Estonian users?

Estonian, auto-detected from the user's browser / device locale. The hosted UI ships in 48+ languages; Estonian users land on the Estonian flow by default. English and Russian are also live on the same flow for cross-border, expat, and Russian-speaking users.

The document-recognition layer is decoupled from the UI layer, capture works in any language, and the admin console can be set independently to whichever language your compliance team prefers.

What does the Estonia verification cost end-to-end?

Per-module public pricing, pay only for what runs on the session:

  • ID Verification, $0.15 per document check (includes ID-kaart, e-Residency card, passport chip read).
  • Passive Liveness, $0.10. Active Liveness, $0.15.
  • Face Match 1:1, $0.05. Face Search 1:N, free.
  • AML Screening, $0.20 per check. Ongoing AML, $0.07 per user / year.

The full KYC bundle (Identity + Passive Liveness + Face Match + IP Analysis) is `$0.33`, same anchor price worldwide, no Estonia surcharge. 500 verifications free every month, no credit card. Volume discounts auto-apply above the free tier; Enterprise adds a custom Master Services Agreement (MSA) and data-residency choice.

Related

Related coverage

Infrastructure for identity and fraud.

One API for KYC, KYB, Transaction Monitoring, and Wallet Screening. Integrate in 5 minutes.

Start freeTalk to us
Ask an AI to summarise this page