Identity verification in Germany
Germany is the largest economy in the European Union and — after Wirecard and a decade of AML scandals — one of its strictest identity-verification markets. Onboarding a German customer is not simply a document-capture exercise: it is a regulated act governed by the Geldwäschegesetz (GwG), supervised by BaFin, benchmarked against BSI TR-03147 trust-level assessments, and historically funneled thro
Documents supported
(Government IDs from 220+ countries)
Average verification time
Countries covered
(Government-issued IDs validated)
Market overview
Germany has a population of roughly 84 million and the fourth-largest GDP in the world. It is a market of contradictions for any identity-verification vendor: - Cash and account culture remain unusually strong. Germans hold more physical cash per capita than almost any other G7 country, and current-account penetration sits above 99%. Yet the same population has embraced mobile neobanks at scale — N26, Trade Republic, Vivid, Scalable Capital, C24, and Tomorrow all originated here. - Fintech depth. Berlin and Frankfurt host one of Europe's deepest fintech ecosystems: payments (Adyen DE, Unzer, Mollie DE), EMIs, brokerages (Trade Republic, Scalable), lenders (auxmoney, iwoca, Creditshelf), and B2B banking-as-a-service (Solaris, Swan DE). - Crypto-friendly on paper, conservative in practice. G
Supported documents
Didit templates cover national IDs, passports, residence permits and regional documents — plus 14,000+ documents globally for cross-border flows.
Regulators
Bundesanstalt für Finanzdienstleistungsaufsicht
Germany's financial intelligence unit, organizationally attached to the Generalzolldirektion (Directorate General of Customs / Zoll
Bundesamt für Sicherheit in der Informationstechnik
ment under GDPR + Bundesdatenschutzgesetz (BDSG)
d operator must query in real time
BMI (Federal Ministry of the Interior) / AusweisApp
regulated
Electronic identity card (eID) with online identification function via AusweisApp. eIDAS highest trust level (high). Enables remote identity verification using the chip on the German ID card.
Municipal registration offices (Einwohnermeldeämter)
restricted
Decentralized population registration system managed at the municipal level. Access restricted to authorized entities with legitimate interest.
BZSt (Federal Central Tax Office)
restricted
Tax identification number (Steuerliche Identifikationsnummer / IdNr). Unique 11-digit number assigned to every person registered in Germany.
Local courts (Amtsgerichte)
open
Commercial register providing publicly accessible company registration data. Available via the common register portal (handelsregister.de).
Government & regulated databases
Compliance framework
AML framework
Supervised by BaFin
The Gesetz über das Aufspüren von Gewinnen aus schweren Straftaten (Money Laundering Act) is the backbone of German KYC. The sections that matter on any onboarding flow:
Data protection
Supervised by BfDI
Germany applies GDPR plus the BDSG. Key points for a KYC vendor:
Penalties for non-compliance
- N26 — BaFin fined the neobank €4.25 million in 2021 and a further €9.2 million in 2024 (announced May 2024) for systematic failures to file suspicious-transaction reports on time. BaFin also imposed a hard cap on the number of new customers N26 could onboard per month — a first of its kind in Germ
Use cases
Neobanks, EMIs, payment institutions, lenders, brokerages.
Fintech onboarding in Germany is the most tightly regulated flow in the EU, because BaFin has spent the last decade standardising exactly which identification methods a credit institution may use. Every current method traces back to the legal hook in §24c KWG and the corresponding GwG §§11–13.
Exchanges, custodians, wallets, on/off-ramps.
Crypto-asset service providers in Germany live under three overlapping regimes at once during 2025–2026: the legacy KWG Kryptoverwahrgeschäft authorisation, the MiCA CASP licence, and the EU Transfer of Funds Regulation (TFR) "travel rule" that came into force alongside MiCA on 30 December 2024.
Sports betting, online casinos, age-gated platforms.
Sports-betting, online-poker, and virtual-slots operators licensed by the GGL must build their onboarding around the GlüStV 2021 player-protection stack:
Gig platforms, delivery, creator economy, e-commerce.
Marketplaces face two parallel regimes. Under the Digital Services Act (applicable since 17 February 2024), Art. 30 DSA obliges any platform allowing traders to collect and verify trader identity information ("trader traceability"). Under the GwG §19 regime, any corporate seller must be cross-checke
Biometric liveness
Any remote, non-eID identification flow in Germany sits on top of a BSI / BaFin assurance framework: - BSI TR-03147 — Vertrauensniveaubewertung von Verfahren zur Identitätsprüfung natürlicher Personen — assigns procedures to trust levels normal / substantial / high based on scope and quality of controls. BaFin uses TR-03147 assessments (performed by BSI at BMI's request) as the yardstick for approving new identification methods. - BSI TR-03107-1 — the parent framework for electronic identities a
CERTIFICATIONS
Our platform meets the highest international standards for information security, data privacy, and biometric accuracy.
Full EU data protection compliance
Information security management
PAD (liveness + face match)
TRUSTED WORLDWIDE
Join thousands of companies that trust Didit for their verification needs
Didit’s NFC + active biometrics technology blocks the most advanced fraud scenarios, offering a level of security equivalent to or superior to in-person verification.
Spanish Financial Sandbox
CNMV, SEPBLAC & Spanish Treasury — Conclusions Report
Didit is an exceptionally valuable partner, delivering a stable and highly adaptable solution”.
Vuk Adžić
Head of the E-Business Department at Crnogorski Telekom
Didit offered us a robust technology with a simple implementation and adaptability to different markets”.
Fernando Pinto
CEO & CoFounder at TucanPay
Thanks to Didit we have been able to reduce manual processes and improve data extraction accuracy”.
Diana Garcia
Trust & Safety Executive at Shiply
Didit’s integration slashed verification times and costs, freeing resources for other projects”.
Guillem Medina
COO at GBTC Finance
Didit removed KYC costs, enabling faster scaling with high verification standards and less fraud.”
Paul Martin
VP Marketing & Growth at Bondex
Didit’s secure, user-friendly verification boosts customer trust and optimizes our process.”
Cristofer Montenegro
Executive assistant to the CEO at Adelantos
Didit ensures a precise, secure digital onboarding without slowing negotiations or client time.”
Ernesto Betancourth
Gerente de riesgos at CrediDemo
FAQ
Yes. Germany permits remote KYC onboarding under its national AML framework, including document verification, biometric liveness and video identification where required by regulation.
Didit verifies all major national IDs, passports and residence permits issued in Germany, plus 14,000+ document types globally for cross-border flows.
Didit charges $0.30 per verification with 500 free checks per month. No contracts, no minimums. Competitors typically charge $1.00–$2.50+ per verification.
Yes. Didit screens against 1,000+ global watchlists including PEP databases, sanctions lists (EU, UN, OFAC, OFSI), and adverse media — covering all AML obligations in Germany.
Most regulated sectors in Germany require or strongly recommend biometric liveness detection for remote onboarding. Didit provides ISO 30107-3 PAD Level 2 certified liveness.
Yes. Didit supports document verification, liveness, AML screening and ongoing monitoring aligned with Germany’s crypto regulatory framework, including EU Travel Rule compliance where applicable.
Yes. Didit provides document-based age verification and identity confirmation suitable for Germany’s iGaming regulatory requirements.
500 free verifications per month. No contracts, no minimums. $0.30 per verification after the free tier.
