Skip to main content
Didit Raises $7.5M to Build the Infrastructure for Identity and Fraud
Didit
Europe

Identity verification
built for Gibraltar Flag of Gibraltar

Gibraltar ID Card, British passport (Gibraltar endorsement), driving licence on one session, GFSC + GRA iGaming + UK FCA-mirror + UK GDPR aligned. $0.33 full KYC, 500 free every month.

Start freeRead the docs
Backed by
Y CombinatorRobinhood Ventures
GBTC Finance
Bondex
Crnogorski Telekom
UCSF Neuroscape
Shiply
Adelantos

Trusted by 2,000+ organizations worldwide.

Country brief

How identity verification works in Gibraltar.

The fraud surface and the frameworks an engineering or compliance lead needs before scoping an integration.
Fraud landscape
Two pressures shape Gibraltar identity fraud: deepfake and synthetic-ID attacks on the world's longest-standing online-gambling hub (Gibraltar Regulatory Authority, GRA), and elevated forgery pressure as Gibraltar Distributed Ledger Technology (DLT) firms onboard high-net-worth crypto customers worldwide. Didit scores 200+ real-time fraud signals on every session, face morph, replay, injection, document tampering, device intelligence, IP geolocation.
Compliance frameworks
  • Proceeds of Crime Act 2015 (POCA)
  • GFSC AML/CFT Code of Practice
  • GRA Gambling Act 2005
  • Gibraltar DLT Framework
  • UK GDPR / Data Protection Act 2004
  • MoneyVal recommendations
  • FATF 40 recommendations
Regulators

Who supervises identity verification in Gibraltar.

These are the supervisors a Gibraltar verification flow has to answer to. One Didit hosted flow + one audit log covers every one of them, no separate integration per agency.

  • GFSC

    Gibraltar Financial Services Commission, unified prudential supervisor for banks, e-money institutions, payment service providers, insurers, securities firms, and Distributed Ledger Technology (DLT) providers. Mirrors UK FCA standards post-Brexit.

  • GRA

    Gibraltar Regulatory Authority, supervises remote-gambling operators under the Gambling Act 2005 and runs the UK GDPR data-protection mandate as the Gibraltar Information Commissioner.

  • GFIU

    Gibraltar Financial Intelligence Unit, Gibraltar's Financial Intelligence Unit. Receives Suspicious Activity Reports under the Proceeds of Crime Act 2015 (POCA).

  • HM Government of Gibraltar

    Issues the Gibraltar Stock Exchange warnings register referenced in AML screening, plus the Companies House Gibraltar registry referenced by KYB onboarding.

  • Royal Gibraltar Police

    Law-enforcement authority. Maintains Wanted Persons notices and law-enforcement signals relevant to AML/CFT screening obligations under the Proceeds of Crime Act 2015.

Verification flow · One API

Four modules. One verification.

ID, biometric, AML, and a Gibraltar database cross-check, composed on one workflow, billed per success, returned in one report.
Read the docsGet an API key
01 · ID

Capture and read the ID.

Captured on any phone, auto-classified, OCR-parsed, and template-verified.

  • Gibraltar Identity Card, British passport with Gibraltar endorsement (with the chip read on e-Passports), Gibraltar driving licence, and Gibraltar residence permit for non-British and non-EU residents.
  • Returns the name, ID number, date of birth, place of issue, and expiry. Same flow handles every EU/EEA national identity card for cross-border players and Spain-adjacent customers.
Read the docs
Stage 01Capture and read the ID
  • Gibraltar Identity Card · Residence permit
  • Gibraltar driving licence
  • British passport (Gibraltar endorsement), chip read on e-Passport
02 · Biometric

Match the face. Prove it's a real person..

Selfie confirmed live and matched against the ID portrait.

  • Same selfie is searched against the customer's prior users, catches anyone trying to onboard twice or under a different name. Critical for GRA-licensed operators chasing self-excluded players or multi-account fraud rings. Free.
  • Active liveness ($0.15) for elevated-risk flows, user turns or blinks.
Read the docs
Stage 02Match the face. Prove it's a real person.
  • Selfie on any phone or laptop camera
  • Mobile-handoff QR when the user starts on desktop
03 · AML

Screen for sanctions, PEPs, and adverse media.

1,300+ global sanctions, PEP, and adverse-media lists, plus Gibraltar watchlists:

  • Gibraltar Stock Exchange, Warnings, Gibraltar-specific regulatory warnings register.
  • GFSC, regulatory enforcement and market warnings, Gibraltar Financial Services Commission enforcement actions and prohibited-person notices.
  • HM Government of Gibraltar, Crown Court enforcement and debarment register, court-level enforcement and debarment notices.
  • Royal Gibraltar Police, Wanted Persons notices, active domestic criminal and fugitive notices.
  • UK OFSI, Consolidated List, UK HM Treasury Office of Financial Sanctions Implementation, applies via UK-mirror perimeter.
  • OFAC, Specially Designated Nationals (SDN), US Treasury sanctions.
  • UN Security Council Consolidated Sanctions, global multilateral sanctions.
  • EU Consolidated Financial Sanctions, EU-level sanctions applicable via GFIU monitoring obligations.

Severity-scored. Ongoing monitoring ($0.07/user/yr) re-checks daily and fires a webhook on new hits.

Read the docs
Stage 03Screen for sanctions, PEPs, and adverse media

Screen for sanctions, PEPs, and adverse media , see the docs for the full module surface.

04 · Registry

Add country-specific data sources as Gibraltar partners onboard.

Gibraltar does not currently expose a public government consumer API for civil-registry lookups, no database validation service exists for the Civil Status and Registration Office register.

  • The Gibraltar ID Card and British passport with Gibraltar endorsement are captured + OCR-parsed (and chip-read on e-Passports) via the Identity Document Verification module, the authoritative document-side assurance the GFSC and GFIU expect.
  • The full AML Screening surface ($0.20 per check) is live today, global sanctions, PEPs, adverse media, UK OFSI Consolidated List, OFAC SDN, UN sanctions, GFSC enforcement, plus the Gibraltar Stock Exchange Warnings register.
  • A Gibraltar-specific authoritative-source lookup ships as data partners onboard, no integration change needed when the service goes live.
Read the docs
Stage 04Add country-specific data sources as Gibraltar partners onboard

Add country-specific data sources as Gibraltar partners onboard , see the docs for the full module surface.

Documents covered

Every Gibraltar document Didit accepts.

One row per accepted credential, flag, document name, document type. Live from the Didit Business Console.
Authoritative datasets

Civil-registry and AML coverage for Gibraltar.

One card per dataset Didit cross-checks against, civil registries on the Database Validation API plus the global AML watchlist pool. Each card links to the technical docs.
aml-screening

AML lists screened in Gibraltar

1,300+ sanctions, Politically Exposed Persons (PEP), and adverse-media lists, plus the country's regulatory watchlists and PEP registries.

Read the AML coverage docs
Compliant by design

Open a new country in one click. We do the hard work.

We open the local subsidiaries, secure the licenses, run the penetration tests, earn the certifications, and align with every new regulation. To ship verifications in a new country, flip a toggle. 220+ countries live, audited and pen-tested every quarter, the only identity provider an EU member-state government has formally called safer than in-person verification.
Read the security & compliance dossier
EU financial sandbox
Tesoro · SEPBLAC · BdE
ISO/IEC 27001
Information security · 2026
SOC 2 · Type I
AICPA · 2026
iBeta Level 1 PAD
NIST / NIAP · 2026
GDPR
EU 2016/679
DORA
EU 2022/2554
MiCA
EU 2023/1114
AMLD6 · eIDAS 2.0
EU-aligned by design
FAQ

Common questions about Gibraltar.

What does Didit ship?

Didit is the infrastructure layer for identity and fraud. One Application Programming Interface (API), 25+ composable modules across four product lines:

  • User Verification (KYC, know your customer), Identity Document Verification, liveness, face match, Anti-Money Laundering (AML) screening, Internet Protocol (IP) analysis. $0.33 per full bundle.
  • Business Verification (KYB, know your business), registry, Ultimate Beneficial Owner (UBO), officers, entity AML, plus a linked KYC session per UBO.
  • Transaction Monitoring, real-time rule engine, case management, Suspicious Activity Report (SAR) workflow.
  • Wallet Screening (KYT, know your transaction), on-chain wallet risk at $0.15 per check, or bring your own screening provider and run it inside Didit.

Compose any module into a workflow with the visual no-code builder, ship in 5 minutes, 500 verifications free every month, forever.

How is Didit different from a single-product Know Your Customer (KYC) vendor?

Most identity vendors sell one slice, a KYC check, an Anti-Money Laundering (AML) list, a wallet screen. Didit ships the infrastructure underneath all of them, and the gap shows up on six axes:

  • Pricing. Public price on every module, $0.33 for a full KYC, 500 verifications free every month, no minimums, no contracts. Single-product vendors hide six-figure minimums behind a sales call.
  • Access. Sandbox in one click, self-serve from day one, production keys on signup. Single-product vendors gate the sandbox behind a contract, months to evaluate.
  • Developer experience. Public docs, a Model Context Protocol (MCP) server for Claude Code and Cursor, and native Software Development Kits (SDKs) for Web, iOS, Android, React Native, and Flutter. Integrate in 5 minutes with an AI agent or in a working afternoon by hand.
  • User experience. Highest pass rates in the market, sub-2-second end-to-end inference, country-specialised capture flows, 48+ languages out of the box.
  • Flexibility. One /v3/ Application Programming Interface (API) composes 25+ modules across KYC, Know Your Business (KYB), Transaction Monitoring, and Wallet Screening (KYT, know your transaction). A KYB session spawns a linked KYC for every Ultimate Beneficial Owner (UBO); a flagged transaction spawns a step-up KYC remediation, same session, same webhook contract, same audit trail. Single-product vendors sell one shape of KYC and stop there.
  • AI-era fraud. 200+ real-time fraud signals scored on every session, deepfake, injection, synthetic-ID, document forgery, face-morph, device intelligence, replay. Single-product vendors treat deepfake and injection detection as roadmap items, not defaults.

Common in fintech and crypto, the same architecture fits marketplaces, iGaming, mobility, and any vertical where you need to know who someone is and what they are doing.

What does it cost? Is anything actually free?

500 verifications free every month, forever, on every account. No credit card. No sales call. No expiry.

Above the free tier, every module has a public per-success price on didit.me/pricing, $0.33 per full KYC bundle, $0.15 per Identity Document Verification, $0.15 per Wallet Screening, $0.20 per Anti-Money Laundering (AML) Screening, $0.10 per liveness, $0.05 per face match, $0.03 per Internet Protocol (IP) analysis.

Pay-as-you-go, no minimums, no overage surprises. Volume discounts kick in automatically as you grow.

Is Didit ready for a Gibraltar Regulatory Authority (GRA) gambling licence?

Yes. The Gibraltar Regulatory Authority (GRA) supervises every B2C and B2B remote-gambling operator under the Gambling Act 2005, Gibraltar hosts some of the world's largest licensed online-gambling brands (Bet365, Entain, William Hill, 888 Holdings) and the GRA's source-of-funds and Know-Your-Player (KYP) regime is among the strictest globally.

Didit covers the full GRA stack on one workflow:

  • Identity Document Verification + Active Liveness + Face Match 1:1 for the tier-1 onboarding check.
  • Age Estimation ($0.10) for under-18 gates on the marketing funnel before full KYC.
  • AML Screening ($0.20 per check) against the global pool plus Gibraltar regulatory watchlists, UK OFSI, OFAC, and UN sanctions.
  • Face Search 1:N (free) for self-exclusion enforcement and multi-account fraud detection.
  • Ongoing AML monitoring ($0.07 per user / year) for the periodic-review obligation, plus a GFIU Suspicious Activity Report evidence pack on every hit.
Which Gibraltar regulator covers identity verification on a digital onboarding?

Four sit on top of every Gibraltar identity-verification flow:

  • Gibraltar Financial Services Commission (GFSC), unified prudential supervisor for banks, e-money institutions, payment service providers, insurers, securities firms, and Distributed Ledger Technology (DLT) providers. Post-Brexit, GFSC mirrors UK Financial Conduct Authority (FCA) standards.
  • Gibraltar Regulatory Authority (GRA), supervises remote-gambling operators under the Gambling Act 2005 and runs the UK General Data Protection Regulation (UK GDPR) mandate as the Gibraltar Information Commissioner.
  • Gibraltar Financial Intelligence Unit (GFIU), Gibraltar's Financial Intelligence Unit. Receives Suspicious Activity Reports under the Proceeds of Crime Act 2015 (POCA).
  • HM Government of Gibraltar, issues the Gibraltar Stock Exchange Warnings register and runs the Companies House Gibraltar referenced by KYB onboarding.

Didit ships the hosted flow + the audit log + the watchlist coverage to satisfy all four at the same time, same POST /v3/session/ workflow, same JSON report, same SOC 2 Type 1 + ISO/IEC 27001 evidence pack.

Does Didit cross-check Gibraltar identities against an authoritative registry?

The Gibraltar ID Card and the British passport with Gibraltar endorsement are both captured + OCR-parsed (and chip-read on the e-Passport) on the same session via the Identity Document Verification module.

A Gibraltar-specific Database Validation service_id is on the roadmap as Gibraltar data partners onboard, the open catalogue ships pay-per-call authoritative-source checks for the territory as each partner goes live. In the meantime:

  • Identity Document Verification captures + reads + validates the Gibraltar ID Card and British passport with Gibraltar endorsement.
  • AML Screening ($0.20 per check) covers the full Gibraltar regulatory watchlist surface (Gibraltar Stock Exchange Warnings) plus UK HM Treasury OFSI, OFAC SDN, UN Security Council Consolidated Sanctions, and EU Consolidated Sanctions.
  • The same POST /v3/database-validation/ endpoint adds the Gibraltar service ID the moment it ships, no integration change for existing customers.
How long does it take to integrate Didit in Gibraltar?

5 minutes to a working sandbox, a weekend to a production flow.

  • Sign up at business.didit.me, grab an API key, call POST /v3/session/ with a workflow_id that wires ID Verification + Active Liveness + Face Match + AML, done.
  • AI-agent path: paste the integration prompt at docs.didit.me/integration/integration-prompt into Claude Code, Cursor, Codex, Devin, Aider, or Replit Agent. The agent provisions the application, builds the workflow, wires the webhook, and runs a smoke test.
  • Five SDKs share the same session model: Web, iOS, Android, React Native, Flutter.

The first 500 verifications every month are free, forever, pilot the full Gibraltar stack at zero cost before flipping production traffic.

Which language does the hosted verification flow use for Gibraltar users?

English, auto-detected from the user's browser / device locale. English is the official language of Gibraltar, with the hosted UI also shipping in Spanish, Italian, Russian, and Portuguese for the cross-border player and customer base (Gibraltar shares a land border with Spain).

The document-recognition layer is decoupled from the UI layer, capture works in any language, and the admin console can be set independently to whichever language your compliance team prefers. The hosted UI ships in 48+ languages total.

What does the Gibraltar verification cost end-to-end?

Per-module public pricing, pay only for what runs on the session:

  • ID Verification, $0.15 per document check.
  • Passive Liveness, $0.10. Active Liveness, $0.15.
  • Face Match 1:1, $0.05. Face Search 1:N, free (critical for self-exclusion enforcement).
  • Age Estimation, $0.10 per check (useful for under-18 gates before full KYC on iGaming).
  • AML Screening, $0.20 per check. Ongoing AML, $0.07 per user / year.

The full KYC bundle (Identity + Passive Liveness + Face Match + IP Analysis) is `$0.33`, same anchor price worldwide, no Gibraltar surcharge. 500 verifications free every month, no credit card. Volume discounts auto-apply above the free tier; Enterprise adds a custom Master Services Agreement (MSA) and data-residency choice.

Related

Related coverage

Infrastructure for identity and fraud.

One API for KYC, KYB, Transaction Monitoring, and Wallet Screening. Integrate in 5 minutes.

Start freeTalk to us
Ask an AI to summarise this page