Following the acquisition, Onfido is now known as Entrust.Read more
Onfido LogoOnfido Logo

Developers

Support
HomeGetting StartedAccount OpeningAccount Takeover PreventionAPISDKs
Back to Home
Market-ready solutions
Document verification solutions
Biometric verification solutions
Electronic Signature solutions
Authoritative issuing database solutions
Fraud prevention solutions
Electronic Identification
Compliance Suite
General Guides
Support

Market compliant workflow for Romania

Introduction

Organisations who want to operate in Romania must adhere to a range of stringent compliance regulations, particularly when it comes to know your customer (KYC) and anti-money laundering (AML) requirements. A framework for performing remote customer identity verification and digital onboarding - Decision no. 564/2021 - was established in 2021 by the Autoritatea pentru Digitalizarea României (ADR), and is enforced and governed by both the ADR, for identity verification (IDV) providers established locally, and more generally the National Bank of Romania (BNR).

To help customers satisfy these requirements and navigate regulatory compliance, Entrust offers a tailored, market-ready digital onboarding solution for Romania. This solution has been certified against the following European Union standards and regulations:

This guide presents an overview for integrating Entrust's market-compliant solution for Romania, available through Workflow Studio.

Please note: To enable ETSI certified IDV for your account, contact your Customer Success Manager or Account Executive. Alternatively, contact Client Support.

Integrating Entrust's compliance package for Romania

Workflow Studio offers a tailor-made template for regulatory compliance for digital onboarding in Romania. You can select this template when creating a new workflow in the Workflow Builder.

Romania compliant template

This workflow template comes with all the relevant Workflow Studio tasks needed to satisfy Romanian compliance requirements, including:

Romania compliant workflow

This tailored combination of verification solutions helps you to comply with the applicable regulations, in particular Article 4 of Decision no. 564/2021. You may wish to add additional verifications, or make further changes as needed.

Customers integrating a market-compliant workflow for Romania must use our SDKs, or Smart Capture Link.

While Entrust recommends customers integrate using the latest versions of the SDK, the following minimum SDK versions are required for ETSI certified IDV and are subject to change over time to ensure compliance with evolving requirements:

To authenticate the SDK when integrating our ETSI certified IDV solution, customers must use SDK tokens obtained from the workflow run payload returned by the API when a workflow run is created, as documented here.

Clients using Smart Capture Link will automatically run on the latest version of the hosted Web SDK.

Please note: Templates are provided for guidance and informational purposes only. Check that they meet your regulatory or business needs in the context of your specific use case.

Evidence Folder

For each completed identity verification workflow (whether approved, rejected or marked for review), Entrust generates an evidence folder, which is a compressed directory containing a signed and stored audit trail (an evidence file), as well as all collected media of the end-to-end IDV process performed by Entrust.

To be fully compliant in Romania, you are required to download the evidence folder and retain this information for the period specified by the applicable legislation in which you operate. To do this, make a call to the Entrust Identity Verification API to retrieve and download the evidence folder, or it can be downloaded as a ZIP file directly from the Dashboard.

You can find more detailed documentation about the Evidence folder here.

Compliance Policy Validation

For regulatory compliance in Romania, you must configure a Compliance Policy Validation task as part of your workflow. This task can be included at the end of a workflow’s ‘Approved’ scenario to validate at design-time that the minimum set of requirements in the policy have been met, and to understand if or where there are any errors.

These design-time validations include:

  • Task presence
  • Task configuration requirements
  • Task input presence and semantic type requirements

For any policy requirements that cannot be validated at design-time, they will be validated at run-time instead. This includes task input/output values and whether the task results are cleared.

This Policy Validation task is currently only available for customers who have enabled ETSI certified IDV for their account, and comes included with the ETSI certified IDV for Romania Studio template.

Table of contents
SolutionsIdentity SolutionsWorkflow StudioIdentity Verification SDKsSupported Documents
Challenges we solveComplianceCustomer acquisitionReducing cost of acquisitionFraud prevention
IndustriesFinancial ServicesGovernmentEnterpriseEducationHealthcareGaming
Our companyAbout EntrustOur PartnersCertificationsLeadershipPressBlog
Entrust logo
Contact Us
Back to top
Onfido (now part of Entrust) uses 256-bit SSL encryption 100% of the time on every device.
SOC 2 Type II compliantOnfido (now part of Entrust) is SOC 2 Type II compliant.
ISO 27001 certifiedOnfido (now part of Entrust) has been certified by BSI to ISO 27001 under certificate number IS 660122.
Service StatusPrivacy PolicySecurityWebsite Data Usage and Cookie PolicyTerms of UseAnti Modern Slavery Statement
© 2026. Entrust Corporation. All rights reserved.