Identity verification in Spain
Spain is a Tier-1 European market of ~48 million people with a mature regulatory stack led by SEPBLAC (AML), Banco de España and CNMV (financial supervision), DGOJ (gambling), and AEPD (data protection). The single most important fact for any fintech or crypto operator entering Spain: remote onboarding is legal and mainstream — but only through a SEPBLAC-authorized video-identification procedure u
Documents supported
(Government IDs from 220+ countries)
Average verification time
Countries covered
(Government-issued IDs validated)
Market overview
Spain is the EU's fourth-largest economy and one of the most fintech-intensive markets in southern Europe. The population sits around 48 million, with near-universal bank account access (World Bank Findex places Spain above 98% banked) and smartphone penetration above 90%. More than half of Spanish retail banking customers now interact primarily through digital channels, and the neobank segment is one of the fastest-growing in Europe — Statista projects the Spanish neobanking market to exceed US$160 billion in transaction value by 2028, with CAGR among the highest on the continent. The non-bank fintech industry tracked by Banco de España's Observatorio de la Industria Fintech No Bancaria en España counts hundreds of licensed payment institutions, electronic money institutions (EMIs), lendi
Supported documents
Didit templates cover national IDs, passports, residence permits and regional documents — plus 14,000+ documents globally for cross-border flows.
Dirección General de la Policía
Polycarbonate card with contact chip (DNI 3.0 added NFC in 2015; DNI 4.0, EU-format under Reg. 2019/1157, rolled out from June 2021)
The gold-standard ID. Chip holds authentication + signature certificates. Main fraud patterns: photo substitution on older DNI 3.0, printed composites, and deepfake photos used in remote flows. MRZ +
Dirección General de la Policía
Digital wallet credential on smartphone (live since 2 April 2025)
Mobile-first credential accepted for many administrative, age-check and some financial-service use cases. Not yet a universal substitute for physical DNI in remote KYC.
Ministerio del Interior
A4 paper NIE certificate + TIE polycarbonate card for residents
TIE is chip-less on older versions; new TIE follows EU Reg. 2019/1157 with ICAO-compliant MRZ. Common fraud: tampered expiry dates, fake "NIE verde" paper certificates.
Dirección General de la Policía
ICAO-compliant biometric passport with contactless chip
Rarely primary ID for domestic onboarding but mandatory fallback for non-DNI holders.
Member State authorities
ICAO chip or card-format IDs
Must be accepted under free-movement principles. Spanish obliged entities generally treat them as equivalent to DNI for KYC purposes but must still apply the same verification rigor.
Ministerio del Interior
TIE card
Always pair with NIE number.
Regulators
Servicio Ejecutivo de la Comisión de Prevención del Blanqueo de Capitales e Infracciones Monetarias
Comisión Nacional del Mercado de Valores
Dirección General de Ordenación del Juego
Dirección General de Policía
regulated
Electronic national identity card with chip-based PKI. Enables digital signatures and online authentication for Spanish citizens.
Dirección General de Policía
restricted
Foreigner identification number issued to non-Spanish residents. Verification primarily through portal-based access.
Agencia Tributaria (AEAT)
regulated
Tax identification number for individuals (NIF) and companies (CIF). Verification available to regulated entities via Agencia Tributaria services.
Colegio de Registradores
open
Commercial registry providing publicly accessible company registration and filing data.
Government & regulated databases
Compliance framework
AML framework
Supervised by SEPBLAC
Primary AML law. Ley 10/2010, de 28 de abril, de prevención del blanqueo de capitales y de la financiación del terrorismo (BOE-A-2010-6737), as amended by Real Decreto-ley 7/2021 to transpose the EU 5th AML Directive, and by Real Decreto-ley 24/2021 and subsequent reforms. The implementing regulation is Real Decreto 304/2014, which sets out the detailed due-diligence, risk-assessment, record-keeping and internal-control rules. Obliged entities (sujetos obligados) are listed in Article 2, and inc
Data protection
Supervised by AEPD
- GDPR Chapter V governs transfers outside the EEA: adequacy decisions, Standard Contractual Clauses + Transfer Impact Assessment, or derogations. - AEPD has published detailed guidance on international transfers and is active in enforcement against transfers lacking documented safeguards. - Biometr
Penalties for non-compliance
Spain's regulators are increasingly active, and fines are sized to sting.
Use cases
Neobanks, EMIs, payment institutions, lenders, brokerages.
Spanish fintechs run a largely standardized remote-onboarding flow aligned with SEPBLAC's 2016 video-identification authorization and the EBA Guidelines on remote customer onboarding (EBA/GL/2022/15), which SEPBLAC has explicitly adopted.
Exchanges, custodians, wallets, on/off-ramps.
Until 30 December 2024, VASPs operating in Spain had to register with the Banco de España VASP registry and apply Ley 10/2010 as sujetos obligados. The registry is now closed to new entrants; existing registrants operate under a transitional regime ending 30 December 2025, extended to 30 June 2026 o
Sports betting, online casinos, age-gated platforms.
Spanish online gambling is licensed and supervised by DGOJ under Ley 13/2011 and Real Decreto 958/2020 on commercial communications (with parts annulled by Tribunal Supremo ruling 527/2024 for lack of legal basis on advertising restrictions). Operators must:
Gig platforms, delivery, creator economy, e-commerce.
Pure consumer marketplaces are generally not sujetos obligados under Ley 10/2010, so their KYC obligations come from three other directions:
Biometric liveness
Remote biometric liveness is effectively mandatory for Spanish AML-grade onboarding. The framework: - SEPBLAC Authorization of 2016 — Autorización de procedimientos de identificación no presencial mediante videoconferencia — permitted real-time video calls with trained agents. - SEPBLAC Authorization of 2017 — extended to asynchronous "video identification" without a live operator, provided the technology verifies the authenticity and validity of the document, detects presentation attacks and ca
CERTIFICATIONS
Our platform meets the highest international standards for information security, data privacy, and biometric accuracy.
Full EU data protection compliance
Information security management
PAD (liveness + face match)
TRUSTED WORLDWIDE
Join thousands of companies that trust Didit for their verification needs
Didit’s NFC + active biometrics technology blocks the most advanced fraud scenarios, offering a level of security equivalent to or superior to in-person verification.
Spanish Financial Sandbox
CNMV, SEPBLAC & Spanish Treasury — Conclusions Report
Didit is an exceptionally valuable partner, delivering a stable and highly adaptable solution”.
Vuk Adžić
Head of the E-Business Department at Crnogorski Telekom
Didit offered us a robust technology with a simple implementation and adaptability to different markets”.
Fernando Pinto
CEO & CoFounder at TucanPay
Thanks to Didit we have been able to reduce manual processes and improve data extraction accuracy”.
Diana Garcia
Trust & Safety Executive at Shiply
Didit’s integration slashed verification times and costs, freeing resources for other projects”.
Guillem Medina
COO at GBTC Finance
Didit removed KYC costs, enabling faster scaling with high verification standards and less fraud.”
Paul Martin
VP Marketing & Growth at Bondex
Didit’s secure, user-friendly verification boosts customer trust and optimizes our process.”
Cristofer Montenegro
Executive assistant to the CEO at Adelantos
Didit ensures a precise, secure digital onboarding without slowing negotiations or client time.”
Ernesto Betancourth
Gerente de riesgos at CrediDemo
FAQ
Yes. Spain permits remote KYC onboarding under its national AML framework, including document verification, biometric liveness and video identification where required by regulation.
Didit verifies all major national IDs, passports and residence permits issued in Spain, plus 14,000+ document types globally for cross-border flows.
Didit charges $0.30 per verification with 500 free checks per month. No contracts, no minimums. Competitors typically charge $1.00–$2.50+ per verification.
Yes. Didit screens against 1,000+ global watchlists including PEP databases, sanctions lists (EU, UN, OFAC, OFSI), and adverse media — covering all AML obligations in Spain.
Most regulated sectors in Spain require or strongly recommend biometric liveness detection for remote onboarding. Didit provides ISO 30107-3 PAD Level 2 certified liveness.
Yes. Didit supports document verification, liveness, AML screening and ongoing monitoring aligned with Spain’s crypto regulatory framework, including EU Travel Rule compliance where applicable.
Yes. Didit provides document-based age verification and identity confirmation suitable for Spain’s iGaming regulatory requirements.
500 free verifications per month. No contracts, no minimums. $0.30 per verification after the free tier.
