Verifying a customer’s identity — known as Know Your Customer or KYC — has become a crucial step for building trust between businesses and their users in today’s digital world.

More than just a formality when onboarding new clients, KYC is now one of the most effective tools for preventing digital fraud and reinforcing trust and security in online interactions.

Because of its growing importance, adopting this kind of technology is now essential for companies that need to comply with both national regulations (such as Spain’s SEPBLAC) and European directives (AML6 / KYC / CTF) designed to fight money laundering and the financing of terrorism.

Compliance and global regulations in identity verification

The way remote identity verification is regulated can vary widely from one country to another. However, every jurisdiction shares the same goal: ensuring that all digital transactions are transparent, secure and trustworthy.

Let’s have a look at the leading legal frameworks you should be aware of.

Supervision and regulations in Spain (SEPBLAC and AML compliance)

In Spain, the Law on the Prevention of Money Laundering and the Financing of Terrorism (Law 10/2010, 28 April) defines the obligations companies must meet to prevent criminal misuse of financial and business systems.

These obligations apply not only to banks and financial institutions, but also to a broad range of professionals and sectors , from real estate agencies and lawyers to auditors and jewellers.

The main goal of this legislation is to stop the financial system being used to launder money from illegal activities or to fund terrorism. It also establishes a strict penalty regime for organisations that fail to comply.

Main KYC and AML6 compliance measures include:

• Customer identification: verifying every client’s identity before a business relationship begins.
• Ongoing transaction monitoring: setting up internal systems to detect suspicious activity.
• Understanding the business purpose behind the relationship.
• Reporting suspicious operations: notifying SEPBLAC (Spain’s Financial Intelligence Unit) if a transaction may be linked to criminal activity.
• Document retention: keeping identification and transaction records for a minimum of 10 years.

SEPBLAC: Spain’s financial intelligence unit explained

SEPBLAC (Servicio Ejecutivo de la Comisión de Prevención del Blanqueo de Capitales e Infracciones Monetarias) is the Spanish authority responsible for preventing money laundering and terrorist financing.

It operates under the Ministry of Economic Affairs and Digital Transformation and includes representatives from the Bank of Spain, CNMV, National Police, Civil Guard, and Tax Agency.

Under its framework, SEPBLAC has approved the use of automated video identification, establishing technical and legal requirements to guarantee its validity and reliability.

SEPBLAC-approved digital identity verification and video identification

Digital identity verification systems authorised by SEPBLAC must comply with the following standards:

• Reliable identification through biometric and document validation.
• Full display of both sides of the ID.
• Real-time recording (live audio and video).
• Verification performed on a single device.
• Secure storage of electronic evidence.
• Advanced fraud detection and risk management.
• Data protection compliance under GDPR.
• Managed by qualified professionals.

eKYC Video is a secure, certified and SEPBLAC-compliant solution for digital identity verification.

→ Discover how eKYC Video can help your organisation meet SEPBLAC standards and reinforce customer trust.

Digital identity verification in the EU: AML6, CTF and GDPR compliance

Across Europe, the fight against money laundering and terrorism has evolved with the AML/CFT 2024 package, complemented by eIDAS and eIDAS 2 regulations.

Since 2016, the AML4, AML5 and AML6 directives have extended KYC and due diligence requirements to more sectors, strengthening the verification of beneficial ownership and enforcing tighter fraud prevention controls.

The new European Anti-Money Laundering Authority (AMLA) now coordinates these efforts, ensuring consistency across all EU states.

Technical standards and GDPR data protection

The ETSI EN 319 401 and ETSI EN 319 411-1 standards define the level of assurance required for trust service providers in identity verification.

Meanwhile, the General Data Protection Regulation (GDPR) safeguards the privacy and data rights of all EU citizens across digital identification processes.

→ Request a free eKYC Video demo and ensure compliance with AML6, SEPBLAC and GDPR today.

Staying compliant with eKYC Video

In this fast-moving regulatory landscape, eKYC Video is designed to grow alongside new laws — ensuring your company always meets the latest compliance and identity verification standards.

Why your business needs a compliant video identification system

Whether your business is in finance, real estate or technology, using a compliant video identification system like eKYC Video helps you:

• Identify customers accurately and securely.
• Prevent financial crime and digital fraud.
• Maintain trust and protect your brand reputation.
• Ensure seamless AML and KYC compliance.
• Improve efficiency in onboarding and verification workflows.

→ It’s time to integrate eKYC Video into your digital onboarding process.

eKYC Video: fast, secure digital identity verification

Lleida.net’s eKYC Video detects fraud in real time. As a no-code platform, it can be deployed in hours — providing a tailored, branded customer experience without complex integration.

Key features include:

Future-proofing your business with identity verification technology

As cyber threats grow more sophisticated, innovation in digital identity verification has become a strategic priority.

New technologies such as biometrics, blockchain-based decentralised identity, AI-powered machine learning, and passwordless authentication are shaping the next generation of secure, frictionless identity experiences.

At Lleida.net, we continue to push boundaries — combining compliance, technology and innovation to help businesses stay ahead of regulatory and security challenges.

FAQs on KYC, AML and eKYC Video

What is digital identity verification?

It’s a process that uses technology — including biometric recognition and document analysis — to confirm a person’s identity, helping to prevent fraud and unauthorised access.

What documents are accepted by eKYC Video?

You can use an official photo ID such as a passport, national identity card , residence permit or driving licence. eKYC Video supports over 240 international document types.

How does the video identification process work?

1. Document capture: both sides of the ID are scanned for authenticity.
2. Facial verification: the system matches a selfie with the ID photo using advanced algorithms and live checks like blinking or head movements.
3. Automatic validation: once verified, the process is stored securely and made available on the management platform.

Why choose eKYC Video?

• Rapid deployment (under 48 hours)
• Full compliance (SEPBLAC, AML, GDPR)
• Customisable UX/UI
• Integration with other Lleida.net registered services
• No-code configuration

A last-minute contract with a client. A tax filing with the Spanish Tax Agency. The onboarding of a new supplier. In Spain, business happens online, and it must be resolved quickly.

The question is: how do you prove it’s really you signing? And how can you ensure the document stays unchanged and legally valid?

That’s the role of digital certificates in Spain.
They verify identity, protect transactions, and ensure legal recognition — not only in Spain, but also across the European Union.

What is a digital certificate?

A digital certificate is more than just a file. It’s your official identity in the online world. A Certification Authority (CA) issues it to securely link a person or organisation to a cryptographic key, acting like a digital passport.

In practice, a valid certificate allows you to:

• Identify yourself online with Spanish public administrations and private companies
• Sign electronic documents with the same legal validity as a handwritten signature (depending on the certificate type)
• Guarantee document integrity, and detect any modification.
• Protect digital transactions and communications, with legal proof of every step.

Types of digital certificates in Spain and the EU

Not all digital certificates serve the same purpose. Depending on whether you are a citizen, a business, or an institution, you may need a specific type.

Personal certificate

Your personal digital identity. It allows citizens to file tax returns with the Tax agency, manage Social Security and deal with local services without queues or paperwork.

Corporate certificate

Designed for businesses and organisations. It authenticates the entity in contracts, filings, or agreements with the administration.

Electronic seal certificate

Ideal for companies and institutions that issue automated documents such as invoices, notifications, or certificates. It guarantees authenticity and origin without human action.

Qualified electronic signature certificate

The highest level. Equivalent to a handwritten signature and legally binding across the EU, it offers maximum legal security for critical operations and high-value contracts.

Legal framework

Digital certificates in Spain are regulated by two main laws::

• eIDAS Regulation (EU 910/2014): the European framework for electronic identification and trust services It recognises qualified electronic signatures as equal to handwritten ones.
• Spanish Law 59/2003 on electronic signatures: the national rule defining their validity and use.

This means that a certificate issued by a qualified Trust Service Provider has full legal validity in Spain and the EU, and can be used as evidence in court.

Practical use cases

Digital certificates are not just a technical tool, they are essential for secure online activity.
They enable citizens, businesses, and institutions to operate safely every day.

• For citizens: filing taxes, managing Social Security, or communicating with local authorities.
• For businesses: signing employment contracts, validating suppliers, onboarding customers, and reducing fraud risks
• For international operations: ensuring contracts are legally recognised not only in Spain but across the EU and in many Latin American countries

Benefits of digital certificates

• Legal certainty: every signature and transaction has a valid legal trail
• Efficiency: less paperwork, faster procedures, and no queues.
• Integrity: documents cannot be altered without detection
• Trust: users, companies, and administrations interact securely and transparently

FAQs

Are digital certificates legally valid in Spain?

Yes. Certificates issued by a qualified provider have full legal validity in Spain and across the European Union. They are regulated by the eIDAS Regulation (910/2014) and the Spanish Electronic Signature Law 59/2003, meaning they can be used as evidence in European courts.

Who can apply for a digital certificate?

Any individual, company or institution doing business in Spain or the EU. They are commonly used by citizens, SMEs and multinational organisations to prove identity online, sign documents with legal effect, and secure digital transactions.

What is the difference between a digital certificate and an electronic signature?

A digital certificate is the credential that verifies your official identity online. The electronic signature is the action of applying that credential to a document. Depending on the certificate type, the signature may carry the same legal validity as a handwritten one across the EU.

Where are digital certificates typically used?

• Filing tax returns and social security documents with Spanish authorities.
• Signing employment, commercial and cross-border contracts.
• Onboarding and verification of clients, suppliers or partners in regulated sectors (finance, insurance, telecoms).
• Transactions legally recognised across the EU and in many Latin American countries.

How long is a digital certificate valid for?

Most certificates are valid for 2 to 4 years, depending on the issuing provider’s policy. After that period, they must be renewed to remain active and legally valid.

What happens if a digitally signed document is altered?

The signature immediately becomes invalid. Any modification is detected by the system, which breaks the integrity of the document. This protects both the sender and the recipient against fraud or manipulation.

Are digital certificates safe for corporate use?

Yes. Certificates issued under eIDAS and Spanish law meet strict EU security standards. They ensure identity authentication, document integrity and generate legally admissible evidence of every transaction.

Are digital certificates recognised outside Spain?

Yes. Qualified certificates issued in Spain are recognised throughout the EU under eIDAS. Many Latin American countries also accept them within their regulatory frameworks, making them useful for international operations.

Conclusion

In Spain, digital certificates are essential for secure business. They ensure that every signature and every document has identity, legal validity, and full protection.

Whether you are a citizen, a company or an institution, adopting them means saving time, reducing risks, and building trust in every transaction.

At Lleida.net, as a qualified Trust Service Provider under eIDAS, we issue digital certificates recognized in Europe and Latin America. Our certificates integrate with electronic signature solutions, automation, and registered communications to give your processes full legal traceability.

Secure your business with a qualified digital certificate

Get your digital certificate today

Digital fraud never takes a break. Every year, scammers get smarter, their tricks more convincing, and spotting them becomes harder.

Picture this: you get a call from someone claiming to be your bank’s fraud team. They know your name, sound professional, and warn you about “suspicious activity.” Their urgent advice? Move your money into a “safe account.” It feels real, it feels urgent—but it’s a trap.

Or maybe it’s a WhatsApp message: “Mum, I’ve lost my phone. Can you help me pay something quickly?” Designed to play on emotion and bypass logic, these scams succeed precisely because they feel personal.

Why digital fraud is surging in 2025

The rise of digital fraud isn’t just hurting individuals—it’s hitting businesses, banks and even governments. As more of our lives move online, the attack surface grows larger than ever.

The numbers back it up fraud reports in the UK show double-digit growth year-on-year, with phishing, smishing and identity theft topping the charts.

But there’s good news too. Cybersecurity technology has caught up. Tools now exist that not only detect threats but prevent fraud before it happens. That’s where Lleida.net comes in: building digital trust into every interaction.

Fighting today’s digital fraud ccams with Lleida.net

1. The fake tax authority email (phishing)

Still one of the most effective scams: criminals impersonate tax agencies like HMRC or the IRS. The emails look official, the branding is polished, and the links lead to credential-harvesting sites.

Solution

With Registered Email from Lleida.net, authenticity is guaranteed. Only verified senders can use it, so you know exactly who’s contacting yo

Only pre-verified senders can use the service, so the address you see genuinely belongs to the person or organisation contacting you. Every message is routed through Lleida.net’s secure infrastructure, adding a neutral digital witness between sender and recipient. Visible security markers—DKIM signatures and DMARC policies—evidence authentication and deliver messages straight to the inbox rather than spam folders, and you can brand the sender domain to make authenticity clear at first glance.

Crucially, each registered email generates a digital evidence record containing sender details, timestamps and attachments—proof that the file the recipient opens is undoubtedly the one that was sent. The certificate can also be shared automatically with the recipient for full transparency.

Technology is powerful, but good hygiene still matters: keep software updated, use strong passwords and enable multifactor authentication. Combine those best practices with Registered Email, and phishing loses its bite.

2. The “delivery service” text message (smishing)

It looks harmless: “Your parcel is being held. Pay £2/$2 to release it.” The small fee lowers defences, and once card details are entered, money and personal data flow straight to the criminals.

The most sophisticated versions use spoofing, inserting the fake text into the same SMS thread as genuine updates from Royal Mail, FedEx or USPS. Sitting alongside real messages, the fake looks authentic.

Solution

With Openum from Lleida.net, organisations send registered notifications through WhatsApp, a secure, verified channel. v traceable in real time.

Openum also adds legal and technical weight. Communications across email, SMS and WhatsApp carry full evidentiary value. Documents open in a secure, encrypted viewer (HTTPS/TLS 1.2, AES-256, ISO 27001), so there’s no risky downloading or running external software—minimising ransomware and malware exposure. Where extra assurance is needed, you can require a shared code, OTP or 2FA before access.

Instead of leaving customers wondering whether a message is genuine, Openum makes authenticity obvious from the start.

3. The contract that “changed” after signing

Tampering with signed documents is more common than you’d think. In one case, a contract was quietly edited after both parties signed; in another, a scanned image of a signature was pasted onto a PDF to make it look valid. Disputes like these escalate quickly—and without reliable evidence, they’re challenging to win.

Solution

With Click & Sign, manipulation is impossible without leaving a trace. Every stage of the signature process—from the initial send by a pre-verified sender, through the recipient’s interactions, to final delivery—is captured in a registered digital evidence record, time-stamped, digitally sealed and custodied under ISO 27001:2022. As a Qualified Trust Service Provider (QTSP) under eIDAS, Lleida.net guarantees authenticity, integrity, non-alteration and precise time stamping—ensuring non-repudiation.

If you need to validate documents received from outside your organisation, the Universal Signature Verifier checks electronic signatures in all major standards—XAdES, CAdES, PAdES, Facturae, UBL, among others. It integrates via API to automate validation at scale and supports long-term custody requirements, so you can prove integrity years later.

4. The customer who never existed

Imagine running an online store. An order arrives, you ship the goods—and later discover the “customer” never existed. The address was fake, the payment details invalid. You’re left with lost stock and no recourse. As e-commerce grows, this synthetic identity fraud is rising.

Solution

Certvalidator from Lleida.net integrates directly into your platform to verify users with digital certificates at registration and login. Whether personal or legal-entity certificates, only credentials issued by recognised, trusted authorities are accepted—closing the door on fictitious accounts.

The result: fewer chargebacks and stock losses, stronger KYC at checkout and a safer, more trustworthy purchasing experience.

5. Identity theft in online banking

One of the most damaging—and widespread—frauds is identity theft. Criminals use stolen or fabricated IDs to open accounts, launder money, apply for loans or execute unauthorised transfers. The financial, reputational and compliance risks are enormous.

Solution

Banks worldwide rely on eKYC Video from Lleida.net to verify customers remotely. The process combines document checks (front/back capture, OCR, MRZ validation and fraud signals), facial recognition and liveness detection (prompted gestures) to confirm the user is a real person—not a screenshot, not a scan, not a deepfake. The entire journey—images, video with audio, validation results and configured parameters—is recorded and certified, producing legally admissible evidence across jurisdictions (EU eIDAS, GDPR, and local AML/KYC/CTF frameworks).

Deployment is fast—live in under 48 hours—and the service integrates via API or a ready-to-use branded URL, ensuring compliance without friction.

By raising the bar for identity verification, eKYC Video makes impersonation—the fraudster’s favourite tactic—far harder to pull off.

The bigger picture

Fraud is evolving fast. So are the defences. From phishing emails to fake customers, the pattern is the same: scams thrive on doubt. If victims hesitate, criminals win.

At Lleida.net, our job is to remove that doubt. By combining legal certainty with advanced digital-trust solutions—registered email and SMS, secure messaging with Openum, Click & Sign, eKYC Video and universal signature validation—we make every digital interaction simple, verifiable and, above all, trusted.

Lleida.net provides extra protection against digital fraud across industries.

Start protecting your business — talk to our experts today