Skip to main content
Didit Raises $2M and Joins Y Combinator (W26)
Didit
Asia-Pacific

Identity verification
built for Sri Lanka Flag of Sri Lanka

National Identity Card and biometric e-Passport on one session — face-matched against a live selfie, AML-screened across the Securities and Exchange Commission of Sri Lanka, global sanctions, and PEP registers. $0.33 full KYC, 500 free every month.

Start freeRead the docs
Backed by
Y Combinator
GBTC Finance
Bondex
Crnogorski Telekom
UCSF Neuroscape
Shiply
Adelantos

Trusted by 2,000+ organizations worldwide.

Country brief

How identity verification works in Sri Lanka.

The fraud surface and the frameworks an engineering or compliance lead needs before scoping an integration.
Fraud landscape
Sri Lanka faces three identity-fraud pressures: synthetic-NIC attacks exploiting the transition from the old 9-digit to the newer 12-digit National Identity Card format, document forgery on the older laminate NIC, and cross-border fraud involving the large Sri Lankan diaspora in the Middle East and Europe. Didit scores 200+ real-time fraud signals on every session — face morph, replay, injection, document tampering, device intelligence, IP geolocation.
Compliance frameworks
  • Financial Transactions Reporting Act No. 6 of 2006 (FTRA)
  • Banking Act No. 30 of 1988
  • Securities and Exchange Commission Act No. 19 of 2021
  • Personal Data Protection Act No. 9 of 2022 (PDPA)
  • Prevention of Money Laundering Act No. 5 of 2006 (PMLA)
  • APG Mutual Evaluation Framework
  • FATF 40 Recommendations
Regulators

Who supervises identity verification in Sri Lanka.

These are the supervisors a Sri Lanka verification flow has to answer to. One Didit hosted flow + one audit log covers every one of them — no separate integration per agency.

  • CBSL

    Central Bank of Sri Lanka — prudential supervisor for licensed commercial banks, specialised banks, and licensed finance companies. Issues Customer Due Diligence and KYC requirements under the Banking Act No. 30 of 1988.

  • FIU-Sri Lanka

    Financial Intelligence Unit — operating within CBSL. Receives Suspicious Transaction Reports and oversees AML/CFT enforcement under the Financial Transactions Reporting Act No. 6 of 2006 (FTRA).

  • SEC-SL

    Securities and Exchange Commission of Sri Lanka — supervises capital-market participants, broker-dealers, and collective investment schemes under the SEC Act No. 19 of 2021. Issues KYC compliance requirements and publishes Administrative Sanctions.

  • DRP

    Department for Registration of Persons — issues the National Identity Card and maintains Sri Lanka's civil population registry. The authoritative identity data source for NIC-based verification flows.

  • Department of Immigration and Emigration

    Issues biometric e-Passports and manages immigration records. Governs cross-border identity verification under the Immigrants and Emigrants Act and enforces the Personal Data Protection Act No. 9 of 2022 (PDPA) for identity data.

Verification flow · One API

Four modules. One verification.

ID, biometric, AML, and a Sri Lanka database cross-check — composed on one workflow, billed per success, returned in one report.
Read the docsGet an API key
01 · ID

Capture and read the ID.

Captured on any phone — auto-classified, OCR-parsed, and template-verified.

  • National Identity Card (both 9-digit and 12-digit smart NIC formats), biometric e-Passport (with NFC chip read), Driving Licence, and Senior Citizen ID Card.
  • Returns: full name, date of birth, document number, expiry, MRZ.
Read the docs
Stage 01Capture and read the ID
  • National Identity Card (9-digit and 12-digit smart NIC)
  • Biometric e-Passport — chip read
  • Driving Licence · Senior Citizen ID Card
02 · Biometric

Match the face. Prove it's a real person..

Selfie confirmed live and matched against the ID portrait.

  • Duplicate check: 1:N face search across existing users. Free.
  • Active liveness ($0.15) for elevated-risk flows — user turns or blinks.
Read the docs
Stage 02Match the face. Prove it's a real person.
  • Selfie on any phone or laptop camera
  • Mobile-handoff QR when the user starts on desktop
03 · AML

Screen for sanctions, PEPs, and adverse media.

1,300+ global sanctions, PEP, and adverse-media lists — plus Sri Lankan watchlists:

  • Parliament of Sri Lanka — PEP Level 1 (members of parliament).
  • Bar Association of Sri Lanka (BASL) — PEP Level 2 (legal officials).
  • United National Party (UNP) — PEP Level 3 (major political party figures).
  • United National Front (Sri Lanka) — PEP Level 3 (political coalition figures).
  • Ceylon Electricity Board (CEB) — PEP Level 3 (state enterprise officials).
  • Sri Lanka Ports Authority (SLPA) — PEP Level 3 (port authority officials).
  • Sri Lanka Freedom Party (SLFP) — PEP Level 3 (major political party figures).
  • SEC-SL Administrative Sanctions — regulatory enforcement notices from the Securities and Exchange Commission.
  • UTHR(J), Sri Lanka — Warnings (human rights and civil-society enforcement notices).
  • UN Security Council Consolidated Sanctions List — global designations.
  • OFAC Specially Designated Nationals (SDN) — US Treasury designations.
  • APG (Asia/Pacific Group on Money Laundering) — mutual evaluation watchlist.

Severity-scored. Ongoing monitoring ($0.07/user/yr) re-checks daily and fires a webhook on new hits.

Read the docs
Stage 03Screen for sanctions, PEPs, and adverse media

Screen for sanctions, PEPs, and adverse media — see the docs for the full module surface.

04 · Registry

Database validation for Sri Lankan identities.

  • There is no public government database validation API for Sri Lanka currently exposed as a standalone Didit service — the Department for Registration of Persons (DRP) civil registry does not currently offer a public consumer API open to third-party integrators.
Read the docs
Stage 04Database validation for Sri Lankan identities

Database validation for Sri Lankan identities — see the docs for the full module surface.

Documents covered

Every Sri Lanka document Didit accepts.

One row per accepted credential — flag, document name, document type. Live from the Didit Business Console.
Authoritative datasets

Civil-registry and AML coverage for Sri Lanka.

One card per dataset Didit cross-checks against — civil registries on the Database Validation API plus the global AML watchlist pool. Each card links to the technical docs.
aml-screening

AML lists screened in Sri Lanka

1,300+ sanctions, Politically Exposed Persons (PEP), and adverse-media lists, plus the country's regulatory watchlists and PEP registries.

Read the AML coverage docs
Compliant by design

Open a new country in one click. We do the hard work.

We open the local subsidiaries, secure the licenses, run the penetration tests, earn the certifications, and align with every new regulation. To ship verifications in a new country, flip a toggle. 220+ countries live, audited and pen-tested every quarter — the only identity provider an EU member-state government has formally called safer than in-person verification.
Read the security & compliance dossier
EU financial sandbox
Tesoro · SEPBLAC · BdE
ISO/IEC 27001
Information security · 2026
SOC 2 · Type I
AICPA · 2026
iBeta Level 1 PAD
NIST / NIAP · 2026
GDPR
EU 2016/679
DORA
EU 2022/2554
MiCA
EU 2023/1114
AMLD6 · eIDAS 2.0
EU-aligned by design
FAQ

Common questions about Sri Lanka.

Related

Related coverage

Infrastructure for identity and fraud.

One API for KYC, KYB, Transaction Monitoring, and Wallet Screening. Integrate in 5 minutes.

Start freeTalk to us
Ask an AI to summarise this page