Skip to main content
Didit Raises $7.5M to Build the Infrastructure for Identity and Fraud
Didit
Europe

Identity verification
built for Luxembourg Flag of Luxembourg

Luxembourg eID, passport and residence permit on one CSSF-aligned session, $0.33 full KYC, 500 free every month.

Start freeRead the docs
Backed by
Y CombinatorRobinhood Ventures
GBTC Finance
Bondex
Crnogorski Telekom
UCSF Neuroscape
Shiply
Adelantos

Trusted by 2,000+ organizations worldwide.

Country brief

How identity verification works in Luxembourg.

The fraud surface and the frameworks an engineering or compliance lead needs before scoping an integration.
Fraud landscape
Three pressures shape Luxembourg identity fraud: synthetic-identity attacks on CSSF-authorised investment funds and private banks, sophisticated forgery on the cross-border worker corridor (Luxembourg has 220,000 daily cross-border commuters from France, Belgium and Germany), and deepfake injection against CSSF-supervised remote-onboarding flows for high-net-worth clients. Didit scores 200+ real-time fraud signals on every session, face morph, replay, injection, document tampering, device intelligence, IP geolocation.
Compliance frameworks
  • Luxembourg AML Law of 12 November 2004
  • CSSF Circular 24/847 (Customer Due Diligence)
  • CSSF Regulation 12-02
  • AMLD6
  • MiCA
  • DORA
  • GDPR / Luxembourg Data Protection Law
  • eIDAS 2.0
Regulators

Who supervises identity verification in Luxembourg.

These are the supervisors a Luxembourg verification flow has to answer to. One Didit hosted flow + one audit log covers every one of them, no separate integration per agency.

  • CSSF

    Commission de Surveillance du Secteur Financier, Luxembourg's financial supervisor. Covers banks, payment institutions, investment funds, electronic money institutions and virtual asset service providers.

  • CNPD

    Commission Nationale pour la Protection des Données, Luxembourg data-protection authority. Supervises GDPR (General Data Protection Regulation) enforcement nationally.

  • CRF

    Cellule de Renseignement Financier, Luxembourg's Financial Intelligence Unit. Receives Suspicious Activity Reports under the Luxembourg AML Law of 12 November 2004 (as amended).

  • CAA

    Commissariat aux Assurances, Luxembourg insurance supervisor. Co-supervises AML / CTF compliance for life-insurance and investment-linked policies.

  • BCL

    Banque centrale du Luxembourg, Luxembourg central bank. Operates the SEPA / TARGET2 payment infrastructure and oversees monetary stability.

Verification flow · One API

Four modules. One verification.

ID, biometric, AML, and a Luxembourg database cross-check, composed on one workflow, billed per success, returned in one report.
Read the docsGet an API key
01 · ID

Capture and read the ID.

Captured on any phone, auto-classified, OCR-parsed, and template-verified.

  • Luxembourg eID (the post-2019/1157 polycarbonate card with embedded certificates), Luxembourg passport (with NFC chip read on e-Passports), Titre de séjour, Permis de conduire, and every EU/EEA national identity card (essential for the 220,000 cross-border workers from France, Belgium, Germany).
  • Returns the name, document number, date of birth, place of birth, nationality, and expiry.
Read the docs
Stage 01Capture and read the ID
  • Luxembourg eID
  • Luxembourg passport, NFC e-Passport
  • Titre de séjour · Permis de conduire · EU/EEA IDs
02 · Biometric

Match the face. Prove it's a real person..

Selfie confirmed live and matched against the ID portrait.

  • Duplicate check: 1:N face search across existing users. Free.
  • Active liveness ($0.15) for elevated-risk flows, user turns or blinks.
Read the docs
Stage 02Match the face. Prove it's a real person.
  • Selfie on any phone or laptop camera
  • Mobile-handoff QR when the user starts on desktop
03 · AML

Screen for sanctions, PEPs, and adverse media.

1,300+ global sanctions, PEP, and adverse-media lists, plus Luxembourg watchlists:

  • Commission de Surveillance du Secteur Financier (CSSF), Administrative sanctions and Warnings, formal enforcement actions against regulated financial-sector entities.
  • Commissariat aux Assurances, Sanctions list, insurance-sector regulatory sanctions and enforcement decisions.
  • Luxembourg Police, Warnings, law-enforcement warnings and alerts issued by the Grand-Ducal Police.
  • National Assembly of Luxembourg, PEP register, Chambre des Députés members (PEP Level 1).
  • McDermott Will & Emery, SIE, state-invested enterprise register tracking Luxembourg government-affiliated entities.
  • Cellule de Renseignement Financier (CRF), sanctions and FIU bulletins, Luxembourg's Financial Intelligence Unit suspicious-transaction alerts and typology notices.
  • Luxembourg Government, Consolidated National Sanctions List, national designations aligned with EU Council and UN Security Council resolutions.
  • Hits are scored by severity, a Chambre des Députés member surfaces as a PEP Level 1, a ministerial cabinet member as PEP Level 2, sanctions as critical.
  • Turn on ongoing monitoring ($0.07 per user / year) and Didit re-checks every customer daily, firing a webhook the moment a new hit appears.
Read the docs
Stage 03Screen for sanctions, PEPs, and adverse media

Screen for sanctions, PEPs, and adverse media , see the docs for the full module surface.

04 · Registry

Cross-check identity through the regional dataset network.

Luxembourg's resident population is uniquely cross-border, 220,000 daily commuters from France, Belgium, and Germany. Didit's Database Validation surface for Luxembourg residents leans on the neighbouring datasets your customer base actually shares.

  • France, credit-bureau and residential services for French cross-border workers.
  • Belgium, bel_consumer ($0.03), bel_residential ($0.37), bel_utility ($0.04).
  • Germany, deu_consumer, deu_residential, deu_credit_bureau, deu_utility, deu_phone.
  • The global Database Validation index lists every service available across the EU, pick the dataset matching where your user actually lives, not just where they hold a Luxembourg eID.
Read the docs
Stage 04Cross-check identity through the regional dataset network

Cross-check identity through the regional dataset network , see the docs for the full module surface.

Documents covered

Every Luxembourg document Didit accepts.

One row per accepted credential, flag, document name, document type. Live from the Didit Business Console.
Authoritative datasets

Civil-registry and AML coverage for Luxembourg.

One card per dataset Didit cross-checks against, civil registries on the Database Validation API plus the global AML watchlist pool. Each card links to the technical docs.
aml-screening

AML lists screened in Luxembourg

1,300+ sanctions, Politically Exposed Persons (PEP), and adverse-media lists, plus the country's regulatory watchlists and PEP registries.

Read the AML coverage docs
Compliant by design

Open a new country in one click. We do the hard work.

We open the local subsidiaries, secure the licenses, run the penetration tests, earn the certifications, and align with every new regulation. To ship verifications in a new country, flip a toggle. 220+ countries live, audited and pen-tested every quarter, the only identity provider an EU member-state government has formally called safer than in-person verification.
Read the security & compliance dossier
EU financial sandbox
Tesoro · SEPBLAC · BdE
ISO/IEC 27001
Information security · 2026
SOC 2 · Type I
AICPA · 2026
iBeta Level 1 PAD
NIST / NIAP · 2026
GDPR
EU 2016/679
DORA
EU 2022/2554
MiCA
EU 2023/1114
AMLD6 · eIDAS 2.0
EU-aligned by design
FAQ

Common questions about Luxembourg.

What does Didit ship?

Didit is the infrastructure layer for identity and fraud. One Application Programming Interface (API), 25+ composable modules across four product lines:

  • User Verification (KYC, know your customer), Identity Document Verification, liveness, face match, Anti-Money Laundering (AML) screening, Internet Protocol (IP) analysis. $0.33 per full bundle.
  • Business Verification (KYB, know your business), registry, Ultimate Beneficial Owner (UBO), officers, entity AML, plus a linked KYC session per UBO.
  • Transaction Monitoring, real-time rule engine, case management, Suspicious Activity Report (SAR) workflow.
  • Wallet Screening (KYT, know your transaction), on-chain wallet risk at $0.15 per check, or bring your own screening provider and run it inside Didit.

Compose any module into a workflow with the visual no-code builder, ship in 5 minutes, 500 verifications free every month, forever.

How is Didit different from a single-product Know Your Customer (KYC) vendor?

Most identity vendors sell one slice, a KYC check, an Anti-Money Laundering (AML) list, a wallet screen. Didit ships the infrastructure underneath all of them, and the gap shows up on six axes:

  • Pricing. Public price on every module, $0.33 for a full KYC, 500 verifications free every month, no minimums, no contracts. Single-product vendors hide six-figure minimums behind a sales call.
  • Access. Sandbox in one click, self-serve from day one, production keys on signup. Single-product vendors gate the sandbox behind a contract, months to evaluate.
  • Developer experience. Public docs, a Model Context Protocol (MCP) server for Claude Code and Cursor, and native Software Development Kits (SDKs) for Web, iOS, Android, React Native, and Flutter. Integrate in 5 minutes with an AI agent or in a working afternoon by hand.
  • User experience. Highest pass rates in the market, sub-2-second end-to-end inference, country-specialised capture flows, 48+ languages out of the box.
  • Flexibility. One /v3/ Application Programming Interface (API) composes 25+ modules across KYC, Know Your Business (KYB), Transaction Monitoring, and Wallet Screening (KYT, know your transaction). A KYB session spawns a linked KYC for every Ultimate Beneficial Owner (UBO); a flagged transaction spawns a step-up KYC remediation, same session, same webhook contract, same audit trail. Single-product vendors sell one shape of KYC and stop there.
  • AI-era fraud. 200+ real-time fraud signals scored on every session, deepfake, injection, synthetic-ID, document forgery, face-morph, device intelligence, replay. Single-product vendors treat deepfake and injection detection as roadmap items, not defaults.

Common in fintech and crypto, the same architecture fits marketplaces, iGaming, mobility, and any vertical where you need to know who someone is and what they are doing.

What does it cost? Is anything actually free?

500 verifications free every month, forever, on every account. No credit card. No sales call. No expiry.

Above the free tier, every module has a public per-success price on didit.me/pricing, $0.33 per full KYC bundle, $0.15 per Identity Document Verification, $0.15 per Wallet Screening, $0.20 per Anti-Money Laundering (AML) Screening, $0.10 per liveness, $0.05 per face match, $0.03 per Internet Protocol (IP) analysis.

Pay-as-you-go, no minimums, no overage surprises. Volume discounts kick in automatically as you grow.

Which Luxembourg regulator covers identity verification on a digital onboarding?

Five sit on top of every Luxembourg identity-verification flow:

  • Commission de Surveillance du Secteur Financier (CSSF), Luxembourg's financial supervisor. Sets remote-onboarding requirements for banks, payment institutions, investment funds, electronic money institutions and VASPs under CSSF Circular 24/847 and CSSF Regulation 12-02.
  • Commissariat aux Assurances (CAA), insurance supervisor. Co-supervises AML / CTF compliance for life-insurance and investment-linked policies.
  • Commission Nationale pour la Protection des Données (CNPD), supervises GDPR + the Luxembourg Data Protection Law enforcement nationally.
  • Cellule de Renseignement Financier (CRF), Luxembourg's Financial Intelligence Unit. Receives Suspicious Activity Reports under the Luxembourg AML Law of 12 November 2004 (as amended).
  • Banque centrale du Luxembourg (BCL), operates the SEPA / TARGET2 payment infrastructure and oversees monetary stability.

Didit ships the hosted flow + the audit log + the watchlist coverage to satisfy all five at the same time, same POST /v3/session/ workflow, same JSON report, same SOC 2 Type 1 + ISO/IEC 27001 evidence pack.

Does Didit handle the cross-border nature of the Luxembourg user base?

Yes. Luxembourg has 220,000 daily cross-border workers from France, Belgium, and Germany, Didit ships the document and database coverage for all four jurisdictions on one workflow:

  • Luxembourg eID + passport + Titre de séjour captured natively.
  • Every EU/EEA national identity card accepted on the same hosted flow under AMLD6 mutual recognition (French CNIe, Belgian eID, German Personalausweis, etc.).
  • Database Validation services live across France, Belgium, Germany, the Netherlands, Italy and beyond, pick the dataset matching where your user actually lives. Belgium: bel_consumer ($0.03), bel_residential ($0.37), bel_utility ($0.04). Germany: deu_consumer, deu_residential, deu_credit_bureau, deu_utility, deu_phone.
  • Hosted UI in French, German, Luxembourgish, English, and Portuguese, auto-detected from the user's browser locale, matching Luxembourg's official trilingual regime plus its largest expat communities.
Is Didit ready for CSSF Circular 24/847 Customer Due Diligence?

Yes. Every Customer Due Diligence (CDD) pillar under CSSF Circular 24/847 and the Luxembourg AML Law of 12 November 2004 maps to a Didit module on one Application Programming Interface (API):

  • Identity Document Verification + Passive Liveness + Face Match 1:1 for the tier-1 onboarding check.
  • Luxembourg eID + passport chip-read and OCR parsing, the source check CSSF expects.
  • AML Screening ($0.20 per check) against the global pool plus Luxembourg regulatory watchlists (CSSF Administrative Sanctions, CAA Sanctions, CRF bulletins).
  • Ongoing AML monitoring ($0.07 per user / year) for the periodic-review obligation under CSSF Circular 24/847.
  • KYB with Ultimate Beneficial Owner (UBO) resolution + linked KYC per UBO for the RBE (Registre des Bénéficiaires Effectifs) beneficial-ownership pillar.
  • eIDAS 2.0 wallet-ready, Didit's Reusable Identity issues credentials in both mso_mdoc (EUDI Wallet format) and Selective Disclosure JSON Web Token Verifiable Credentials (SD-JWT-VC).
How long does it take to integrate Didit in Luxembourg?

5 minutes to a working sandbox, a weekend to a production flow.

  • Sign up at business.didit.me, grab an API key, call POST /v3/session/ with a workflow_id that wires ID Verification + Passive Liveness + Face Match + AML + the regional Database Validation services for your cross-border population, done.
  • AI-agent path: paste the integration prompt at docs.didit.me/integration/integration-prompt into Claude Code, Cursor, Codex, Devin, Aider, or Replit Agent. The agent provisions the application, builds the workflow, wires the webhook, and runs a smoke test.
  • Five SDKs share the same session model: Web, iOS, Android, React Native, Flutter.

The first 500 verifications every month are free, forever, pilot the full Luxembourg stack at zero cost before flipping production traffic.

Which language does the hosted verification flow use for Luxembourg users?

French, German, and Luxembourgish, auto-detected from the user's browser / device locale, matching Luxembourg's three official languages. English and Portuguese are also live on the same flow for cross-border or expat users (Portuguese is the largest immigrant community in Luxembourg).

The document-recognition layer is decoupled from the UI layer, capture works in any language, and the admin console can be set independently to whichever language your compliance team prefers.

What does the Luxembourg verification cost end-to-end?

Per-module public pricing, pay only for what runs on the session:

  • ID Verification, $0.15 per document check.
  • Passive Liveness, $0.10. Active Liveness, $0.15.
  • Face Match 1:1, $0.05. Face Search 1:N, free.
  • AML Screening, $0.20 per check. Ongoing AML, $0.07 per user / year.
  • Cross-border Database Validation, pay-per-success against the matching jurisdiction (Belgium bel_residential at $0.37, Germany deu_residential at $0.61, France residential, etc.).

The full KYC bundle (Identity + Passive Liveness + Face Match + IP Analysis) is `$0.33`, same anchor price worldwide, no Luxembourg surcharge. 500 verifications free every month, no credit card. Volume discounts auto-apply above the free tier; Enterprise adds a custom Master Services Agreement (MSA) and data-residency choice.

Related

Related coverage

Infrastructure for identity and fraud.

One API for KYC, KYB, Transaction Monitoring, and Wallet Screening. Integrate in 5 minutes.

Start freeTalk to us
Ask an AI to summarise this page