Identity verification in Timor-Leste
Executive summary. Timor-Leste (East Timor) is one of the world's youngest nations, independent since 2002, with a population of roughly 1.3 million and an oil-dependent economy transitioning toward diversification. The AML/CFT framework centres on the Lei Anti-Branqueamento de Capitais e Financiamento do Terrorismo (Anti-Money Laundering and Counter-Financing of Terrorism Law, Law No. 17/2011), s
Documents supported
(Government IDs from 220+ countries)
Average verification time
Countries covered
(Government-issued IDs validated)
Market overview
Timor-Leste has a population of approximately 1.3 million and a GDP of around USD 3.1 billion, heavily dependent on petroleum revenues managed through the Petroleum Fund (Fundo Petrolífero). The economy is one of the smallest in Southeast Asia. Financial sector activity is concentrated in banking:
Supported documents
Didit templates cover national IDs, passports, residence permits and regional documents — plus 14,000+ documents globally for cross-border flows.
Regulators
the central bank, supervises all banks, payment service providers, and insurance companies for AML compliance
the national Financial Intelligence Unit, responsible for receiving, analysing, and disseminating suspicious-transaction reports
SEFOPE / National Directorate of Civil Registration
restricted
Civil registration system established post-independence (2002). National ID card (Cartao de Identidade) issued. Birth registration coverage improving but gaps remain in rural areas. Biometric voter re
Technical Secretariat for Electoral Administration (STAE)
restricted
Biometric registration of eligible voters. Supplements civil registry for identity verification purposes.
Government & regulated databases
Compliance framework
AML framework
Supervised by BCTL
- Law No. 17/2011 — Anti-Money Laundering and Counter-Financing of Terrorism Law. Defines obliged entities, CDD requirements, suspicious-transaction reporting, and beneficial ownership obligations. - BCTL Instruction No. 02/2012 — Implementing regulations for AML/CFT obligations of banks and financial institutions. - BCTL Instruction No. 03/2017 — Enhanced CDD requirements for wire transfers and correspondent banking. - Law No. 5/2017 — On Insurance, including AML obligations for insurance provi
Data protection
Supervised by National DPA
Timor-Leste has no comprehensive data protection law. BCTL regulations require banking records to be maintained within the jurisdiction, but there is no general data localisation requirement.
Use cases
Neobanks, EMIs, payment institutions, lenders, brokerages.
1. Document capture. Photograph of the Bilhete de Identidade (front and back) or Timorese passport data page. 2. Liveness and biometric match. Selfie with liveness detection, matched against the document portrait. Essential given limited database verification options. 3. Data extraction. Full name,
Exchanges, custodians, wallets, on/off-ramps.
Timor-Leste has no dedicated virtual-asset legislation and no licensed VASPs. Any crypto-related service operating in or targeting Timor-Leste would fall under general AML/CFT obligations via Law No. 17/2011. In practice, no regulated crypto market exists, and BCTL has issued informal warnings about
Sports betting, online casinos, age-gated platforms.
Online gambling is not formally regulated in Timor-Leste. There is no licensing regime for iGaming operators. Any operator targeting Timorese users from offshore would not benefit from a local regulatory framework, and KYC obligations would depend on the operator's jurisdiction of licence.
Gig platforms, delivery, creator economy, e-commerce.
E-commerce activity in Timor-Leste is minimal, with limited internet penetration (approximately 35-40% of the population). No marketplace-specific KYC regulations exist. General AML obligations under Law No. 17/2011 apply to any payment service provider facilitating marketplace transactions.
Biometric liveness
Biometric verification is critical in Timor-Leste given the absence of reliable database lookups. The national ID card includes a photograph but no embedded biometric chip. Liveness detection paired with document-portrait matching is the primary automated verification method available. Facial-recognition accuracy must account for diverse lighting conditions (many users in rural areas photograph documents outdoors) and older, lower-quality ID card photographs. ISO 30107-3 PAD Level 2 certificatio
CERTIFICATIONS
Our platform meets the highest international standards for information security, data privacy, and biometric accuracy.
Full EU data protection compliance
Information security management
PAD (liveness + face match)
TRUSTED WORLDWIDE
Join thousands of companies that trust Didit for their verification needs
Didit’s NFC + active biometrics technology blocks the most advanced fraud scenarios, offering a level of security equivalent to or superior to in-person verification.
Spanish Financial Sandbox
CNMV, SEPBLAC & Spanish Treasury — Conclusions Report
Didit is an exceptionally valuable partner, delivering a stable and highly adaptable solution”.
Vuk Adžić
Head of the E-Business Department at Crnogorski Telekom
Didit offered us a robust technology with a simple implementation and adaptability to different markets”.
Fernando Pinto
CEO & CoFounder at TucanPay
Thanks to Didit we have been able to reduce manual processes and improve data extraction accuracy”.
Diana Garcia
Trust & Safety Executive at Shiply
Didit’s integration slashed verification times and costs, freeing resources for other projects”.
Guillem Medina
COO at GBTC Finance
Didit removed KYC costs, enabling faster scaling with high verification standards and less fraud.”
Paul Martin
VP Marketing & Growth at Bondex
Didit’s secure, user-friendly verification boosts customer trust and optimizes our process.”
Cristofer Montenegro
Executive assistant to the CEO at Adelantos
Didit ensures a precise, secure digital onboarding without slowing negotiations or client time.”
Ernesto Betancourth
Gerente de riesgos at CrediDemo
FAQ
Yes. Timor-Leste permits remote KYC onboarding under its national AML framework, including document verification, biometric liveness and video identification where required by regulation.
Didit verifies all major national IDs, passports and residence permits issued in Timor-Leste, plus 14,000+ document types globally for cross-border flows.
Didit charges $0.30 per verification with 500 free checks per month. No contracts, no minimums. Competitors typically charge $1.00–$2.50+ per verification.
Yes. Didit screens against 1,000+ global watchlists including PEP databases, sanctions lists (EU, UN, OFAC, OFSI), and adverse media — covering all AML obligations in Timor-Leste.
Most regulated sectors in Timor-Leste require or strongly recommend biometric liveness detection for remote onboarding. Didit provides ISO 30107-3 PAD Level 2 certified liveness.
Yes. Didit supports document verification, liveness, AML screening and ongoing monitoring aligned with Timor-Leste’s crypto regulatory framework, including EU Travel Rule compliance where applicable.
Yes. Didit provides document-based age verification and identity confirmation suitable for Timor-Leste’s iGaming regulatory requirements.
500 free verifications per month. No contracts, no minimums. $0.30 per verification after the free tier.
