ComplianceReference

International Data Compliance — Which Identifiers You Must Validate

A practical reference for compliance teams and developers. Across KYC, tax, financial reporting, and trade compliance, different regulations require you to collect and validate specific identifiers — not just store them.

ℹ️This guide covers validation requirements — not legal advice. Requirements vary by jurisdiction, entity type, and transaction value. Always consult legal counsel for compliance decisions.

Contents

  1. KYC & AML — Know Your Customer
  2. EU Tax Compliance — VAT & EORI
  3. Financial Services — MiFID II, EMIR, AML
  4. Regional Tax IDs — India, Australia, Spain, Brazil
  5. Trade & Logistics — Container, HS Code, LOCODE
  6. Fintech & Payments — IBAN, BIC, Card
  7. Academic & Publishing
  8. Quick reference by region
  9. Implementation checklist

1. KYC & AML — Know Your Customer

Anti-Money Laundering (AML) regulations — including EU AMLD6, US Bank Secrecy Act, and FATF recommendations — require financial institutions, payment providers, and crypto exchanges to verify customer identity. For business customers, this typically means validating:

IdentifierRequired forRegulationGuide
LEICorporate customer identificationEU AMLD, MiFID IIGuide →
VAT / GSTEU business customer verificationEU VAT DirectiveGuide →
IBANBank account ownershipPSD2, SEPA rulesGuide →
NIF/NIESpanish individuals & businessesSpanish AML lawGuide →
GSTINIndian business verificationIndia GST ActGuide →
ABNAustralian business verificationAML/CTF Act 2006Guide →
⚠️Storing an identifier is not the same as validating it. AML regulations typically require verification — confirming that the identifier is structurally valid, passes checksum checks, and where possible, matches a registry record. A stored but invalid VAT number does not satisfy CDD (Customer Due Diligence) requirements.

2. EU Tax Compliance — VAT & EORI

EU businesses supplying goods or services to other EU businesses must validate VAT numbers to apply the reverse charge mechanism and avoid incorrect VAT accounting.

IdentifierObligationRegulation
EU VATVerify B2B customer VAT number before applying zero-rateEU VAT Directive 2006/112/EC
EORIRequired for all EU imports/exports above de minimis thresholdEU Customs Code (UCC)
IBANMandate verification for SEPA Credit TransfersSEPA Regulation (260/2012)
LEIRequired for all financial instrument transactions above thresholdMiFID II Art. 26

VIES (VAT Information Exchange System) is the EU's VAT registry. The IsValid /v0/vat endpoint checks the format and checksum — for VIES confirmation (active status), consult the official VIES service.

3. Financial Services — MiFID II, EMIR, AML

IdentifierUse caseFramework
LEIEntity identification in transaction reportsMiFID II, EMIR, SFTR
ISINFinancial instrument identificationMiFID II, ESMA FIRDS
CFIInstrument classification in reportsMiFID II Annex I
MICTrading venue identificationMiFID II Art. 25
BIC/SWIFTCorrespondent bank identificationSWIFT, PSD2
DTIDigital token identification for cryptoMiCA, EMIR (digital assets)
CUSIPUS securities (for US market access)SEC, FINRA

4. Regional Tax IDs — India, Australia, Spain, Brazil

🇮🇳 India

GSTINMandatory on all B2B GST invoices above ₹20,000Guide →
PANRequired for all entities filing income tax

GSTIN format encodes state code + PAN + entity number. Validate both format and the embedded PAN cross-check.

🇦🇺 Australia

ABNRequired on all tax invoices; GST cannot be claimed without a valid ABNGuide →

Also check gstRegistered — a valid ABN does not automatically mean the entity is registered for GST.

🇪🇸 Spain

NIFRequired for all Spanish residents and companies on invoicesGuide →
NIEFor foreign individuals with Spanish tax obligationsGuide →

Spanish VAT (ESxxxxxx) is the NIF with ES prefix — validate both when the business supplies both.

🇧🇷 Brazil

CNPJRequired on all Brazilian company invoices (Nota Fiscal)Guide →
CPFRequired for all Brazilian individuals (income tax, contracts)Guide →

Both CNPJ and CPF have two-check-digit MOD-11 validation — reject if either check digit fails.

5. Trade & Logistics Compliance

IdentifierRequired forStandard
EORIAll EU imports, exports, and customs declarationsEU UCC Reg. 952/2013
HS CodeCustoms declarations, tariff classification, duty calculationWCO HS Convention
Container codeShipping container identification, manifests, BLISO 6346
UN/LOCODEPort identification in shipping documentsUN/ECE Rec. 16
→ Complete logistics validation guide (Node.js)

6. Fintech & Payments

IdentifierRequired forStandard / Regulation
IBANSEPA credit transfers, direct debitsSEPA Reg. 260/2012, ISO 13616
BIC/SWIFTCross-border wire transfers, correspondent bankingISO 9362, SWIFT
Credit cardCard payments — Luhn check required pre-authorizationPCI-DSS, ISO 7812
Sort codeUK domestic bank transfers (Faster Payments, BACS)UK Payment Systems Regulator
ABA routingUS ACH transfers and wire routingUS Federal Reserve, NACHA

7. Academic & Publishing

IdentifierRequired forStandard
DOIPersistent linking of published works, citation trackingISO 26324
ORCIDAuthor identification in manuscript submissions, funder reportingORCID Registry
ISBNBook identification for retail, libraries, ONIX metadataISO 2108
ISSNJournal identification in bibliographic databasesISO 3297

8. Quick reference by region

🇪🇺 European Union
VAT (EU)EORIIBANBICLEIISINCFIMIC
🇬🇧 United Kingdom
VAT (GB)EORI (GB)Sort codeIBAN
🇮🇳 India
GSTINPAN
🇦🇺 Australia
ABNACN (from ABN)GST registration
🇪🇸 Spain
NIFNIEVAT (ES)
🇧🇷 Brazil
CNPJCPF
🇺🇸 United States
ABA routingCUSIPNPI (healthcare)
🌐 Global (trade)
HS CodeContainer codeUN/LOCODEIATA airport / airlineIMEI (telecom)

9. Implementation checklist

Identify which identifiers are required for your jurisdiction
Validate on ingest — not just display
Check checksum AND registry status where available
For VAT: cross-check against VIES for EU businesses
For GSTIN: cross-check embedded PAN across multiple GSTINs
For ABN: require gstRegistered for tax invoice purposes
Return field-level errors so users can correct mistakes
Log validation failures for compliance audit trail
Re-validate stored identifiers periodically (status changes)
Document which validation checks are performed for audit

Scenario guides by region

KYC Onboarding — Node.js
IBAN, LEI and VAT in one parallel flow
Logistics & Shipping — Node.js
Container, HS Code, LOCODE, EORI
Fintech Onboarding — Node.js
IBAN, BIC, credit card, sort code
Indian Compliance — Node.js
GSTIN validation for India GST
Australian Compliance — Node.js
ABN and GST registration
Spanish Compliance — Node.js
NIF, NIE and VAT validation
MiFID II Reporting — Node.js
ISIN, LEI and CFI together
Academic Publishing — Node.js
DOI, ORCID, ISBN, ISSN

Validate any identifier with one API

VAT, IBAN, GSTIN, ABN, LEI, ISIN, container codes, crypto addresses, and 40+ more — one SDK, one key.

Get your API key →