Post

Remote video identification in Spain: legal and technical Keys to ensure regulatory compliance

5 August 20253 September 2025 | 4 minutes of reading

SEPBLAC, Order ETD/465/2021, and Annex F.11 Requirements from CCN

Remote video identification has become an essential tool for ensuring security in the digital world. In sectors like finance and trusted electronic services, this technology delivers both convenience and reliability, playing a critical role in fraud prevention and regulatory compliance.

By Ramón Villot, Legal & Compliance Director

Digital transformation has driven the need for secure and reliable remote verification processes, especially in sectors like finance and trusted electronic services. Video identification should not be confused with video surveillance or mass monitoring: it is a regulated procedure designed specifically to validate identities securely and in accordance with the law. Thanks to a robust legal framework that governs its use—with particular focus on anti-money laundering and identity fraud prevention—Spain has emerged as a leader in this area. Below, we explain the key legal and technical requirements to ensure compliance with current regulations.

SEPBLAC: the key framework for remote identification in Spain

SEPBLAC (Executive Service of the Commission for the Prevention of Money Laundering and Monetary Offenses) is the authority responsible for overseeing anti-money laundering efforts in Spain.

Since 2016, it has allowed non-face-to-face identification via video conference for opening accounts and conducting financial transactions, under strict conditions:

Secure, authorized procedures.

Authenticity and validity of the identity document.

Full recording of the video conference with clear images.

Post-session review of evidence by a qualified operator.

In 2017, SEPBLAC expanded its guidance to include automated video identification, as long as it is conducted in real time, on a single device, and without pre-recorded files.

Order ETD/465/2021: enhanced security for electronic certificates

L Order ETD/465/2021 strengthens controls over the issuance of qualified electronic certificates via video identification. Its main guarantees include:

Single-session process on one device.

Real-time processing with no edited recordings.

Mandatory biometric validation and liveness detection.

Human review of the recorded process afterward.

The goal is clear: to strengthen reliability and prevent fraud in critical processes like electronic signatures.

CCN-STIC-140 guide: essential technical requirements (Annex F.11)

Annex F.11 of Spain’s CCN-STIC-140 Guide from the National Cryptologic Center defines the technical requirements for video identification tools, distinguishing two models:

Assisted (synchronous): video call with active operator participation.

Unassisted (asynchronous): back-office review afterward.

Key threats to mitigate include:

Identity spoofing (deepfakes, masks, makeup).

Network or infrastructure attacks.

Unauthorized access or biometric fraud.

Fundamental security requirements (FSR) include:

Single-session, single-device, real-time process.

Facial biometric verification and liveness detection (PAD).

Full audit trail and encrypted communications.

Protection of sensitive data and trustworthy administration.

For document validation, the regulation requires:

Detection of replica or print attacks.

Verification of document integrity (VIZ/MRZ comparison).

Automatic alerts for failures or attack attempts.

Biometric evaluation and certifications: a guarantee of trust

To be truly secure, video identification solutions must pass tests against spoofing attempts using images, videos, masks, or deepfakes.

Key certifications include:

Common Criteria (EAL2) or LINCE certification with the Biometric Evaluation Module (MEB).

Biometric engines evaluated by NIST (National Institute of Standards and Technology), the global reference authority.

These certifications ensure compliance with the highest security and identity protection standards.

Regulatory compliance: beyond technology

Meeting Spain’s video identification regulations goes far beyond deploying a technical solution. It means ensuring security, privacy, and reliability at every stage—from evidence capture to biometric and document validation.

At Facephi, we take a comprehensive legal and technical approach so our solutions not only meet SEPBLAC, CCN, or NIST requirements but also deliver a secure, transparent, and trustworthy user experience.

Is your video identification system ready to meet all these requirements?

Discover how our solutions help you ensure regulatory compliance and strengthen security in your digital verification processes.

Remote video identification in Spain: legal and technical Keys to ensure regulatory compliance

SEPBLAC: the key framework for remote identification in Spain

Order ETD/465/2021: enhanced security for electronic certificates

CCN-STIC-140 guide: essential technical requirements (Annex F.11)

Biometric evaluation and certifications: a guarantee of trust

Regulatory compliance: beyond technology

Key Digital Identity trends to watch in 2025: trust and sustainability (part 2)

Key Digital Identity trends to watch in 2025: Innovation and security (part 1)

Money mule accounts: how to detect them with AI to prevent financial fraud

Know Your Passenger (KYP): redefining identity on travels

pKYC: the key to continuous and secure identity verification

The Role of DIV in Financial Security

Identity Verification and Validation: Keys to Digital Security

Data protection and artificial intelligence in Europe: the major legal challenge of the future