Following the acquisition, Onfido is now known as Entrust.Read more
Onfido LogoOnfido Logo

Developers

Support
HomeGetting StartedAccount OpeningAccount Takeover PreventionAPISDKs
Back to Home
Market-ready solutions
Document verification solutions
Biometric verification solutions
Electronic Signature solutions
Authoritative issuing database solutions
Fraud prevention solutions
Electronic Identification
Compliance Suite
General Guides
Support

Market compliant workflow for France

Introduction

Organisations who want to do business in France must adhere to a range of stringent compliance regulations. Supervised and enforced by the Autorité de Contrôle Prudentiel et de Résolution (ACPR), businesses must satisfy know your customer (KYC) and anti-money laundering (AML) requirements set by the French Code Monétaire et Financier (CMF), particularly when it comes to remote identity verification and digital onboarding.

To help customers satisfy these compliance requirements, Entrust offers a tailored, market-ready digital onboarding solution for France that combines ETSI certified identity verification with Qualified Electronic Signature (QES) and One-Time Password (OTP). This solution has been certified against the following European Union standards and regulations:

This guide presents an overview for integrating Entrust's market-compliant solution for France, available through Workflow Studio.

Please note: To enable ETSI certified IDV for your account, contact your Customer Success Manager or Account Executive. Alternatively, contact Client Support.

Integrating Entrust's compliance package for France

Workflow Studio offers a tailor-made template for regulatory compliance for digital onboarding in France. You can select this template when creating a new workflow in the Workflow Builder.

France compliant template

This workflow template comes with all the relevant Workflow Studio tasks needed to satisfy French compliance requirements, including:

France compliant workflow

This tailored combination of verification solutions helps you to comply with the applicable regulations, in particular Article R561-5-2 of the CMF. You may wish to add additional verifications, or make further changes as needed.

Customers integrating a market-compliant workflow for France must use our SDKs, or Smart Capture Link.

While Entrust recommends customers integrate using the latest versions of the SDK, the following minimum SDK versions are required for ETSI certified IDV and are subject to change over time to ensure compliance with evolving requirements:

To authenticate the SDK when integrating our ETSI certified IDV solution, customers must use SDK tokens obtained from the workflow run payload returned by the API when a workflow run is created, as documented here.

Clients using Smart Capture Link will automatically run on the latest version of the hosted Web SDK.

Please note: Templates are provided for guidance and informational purposes only. Check that they meet your regulatory or business needs in the context of your specific use case.

Evidence Folder

For each completed identity verification workflow (whether approved, rejected or marked for review), Entrust generates an evidence folder, which is a compressed directory containing a signed and stored audit trail (an evidence file), as well as all collected media of the end-to-end IDV process performed by Entrust.

To be fully compliant in France, you are required to download the evidence folder and retain this information for the period specified by the applicable legislation in which you operate. To do this, you can make a call to the Entrust Identity Verification API to retrieve and download the evidence folder, or it can be downloaded as a ZIP file directly from the Dashboard.

You can find more detailed documentation about the Evidence folder here.

Compliance Policy Validation

For regulatory compliance in France, you must configure a Compliance Policy Validation task as part of your workflow. This task is included at the end of a workflow's Approved scenario to validate at design-time that the minimum set of requirements in the policy have been met, and to understand if or where there are any errors.

These design-time validations include:

  • Task presence
  • Task configuration requirements
  • Task input presence and semantic type requirements

For any policy requirements that cannot be validated at design-time, they will be validated at run-time instead. This includes task input/output values and whether the task results are cleared.

This Policy Validation task is currently only available for customers who have enabled ETSI certified IDV for their account, and comes included with the ETSI certified IDV with QES & OTP for France Studio template.

Table of contents
SolutionsIdentity SolutionsWorkflow StudioIdentity Verification SDKsSupported Documents
Challenges we solveComplianceCustomer acquisitionReducing cost of acquisitionFraud prevention
IndustriesFinancial ServicesGovernmentEnterpriseEducationHealthcareGaming
Our companyAbout EntrustOur PartnersCertificationsLeadershipPressBlog
Entrust logo
Contact Us
Back to top
Onfido (now part of Entrust) uses 256-bit SSL encryption 100% of the time on every device.
SOC 2 Type II compliantOnfido (now part of Entrust) is SOC 2 Type II compliant.
ISO 27001 certifiedOnfido (now part of Entrust) has been certified by BSI to ISO 27001 under certificate number IS 660122.
Service StatusPrivacy PolicySecurityWebsite Data Usage and Cookie PolicyTerms of UseAnti Modern Slavery Statement
© 2026. Entrust Corporation. All rights reserved.