The State of Business Identity Data in Europe 2026

European B2B commerce runs on business identity. Every invoice, every contract, every bank transfer, every sanctions screen, every onboarding form depends on answering one question in advance: who is this counterparty?

In April 2026, answering that question for a German supplier from a Polish buyer still requires opening seven browser tabs. VIES for the VAT number. Handelsregister for the registration. Bundesanzeiger for the latest financial statement. Three language switches. No bulk export. No API. Five to ten minutes per counterparty if the SME checking is patient and English-literate; longer if not. For the 26.1 million SMEs that make up 99.8% of European enterprises (European Commission SME Performance Review, 2025¹), the friction is the product.

The state of business identity data in Europe 2026 is fragmentation with price discrimination on top, and a demand signal now strong enough to measure. This article measures both: the fragmentation baseline, the cost stack, the cross-border demand, the commercial response building above the data layer, and the regulatory stack arriving above that.

1. The fragmentation baseline

The European Union has 27 member states, 30-plus active national business registries, and not one of them speaks the same identifier, format, or access rule as its neighbour.

Each country runs its own authority, its own numbering system, its own document fees, its own data dictionary. Poland alone operates five registries: KRS (court-held company register), CEIDG (sole proprietorships), GUS/REGON (statistical register), Biała Lista (VAT taxpayer list with registered bank accounts), and CRBR (beneficial ownership register). Germany has Handelsregister run by local courts; France has SIRENE operated by INSEE; the UK has Companies House; Czechia has ARES; Norway has Brønnøysund. Identifier formats diverge: NIP (10 digits, Poland), HRB with court locality prefix (Germany), SIREN 9-digit plus SIRET 14-digit (France), IČO 8-digit (Czechia), 8-digit CRN (UK), 9-digit organisasjonsnummer (Norway).

Access rules diverge further. The United Kingdom, France, Czechia, Norway, Finland, and Poland publish machine-readable data through open APIs and bulk downloads. Germany makes basic queries free through the common register portal but refuses a public API, refuses bulk data, and continues to charge for document downloads. The Netherlands, Belgium, Italy, Spain, Austria, and Ireland price access per document through national portals.

The European Union's Business Registers Interconnection System (BRIS), formalised by Commission Implementing Regulation 2021/1042 and accessible through the e-Justice Portal, was supposed to be the cross-border layer. It works as a consumer-facing search. It is not an API. It does not expose bulk data. It does not standardise identifier formats. Twenty-seven registries can be searched from one web page; the data behind each of them remains in its original silo.

The absence of standardisation is structural, not accidental. Each registry was built by each member state for that state's own legal and tax purposes. Harmonisation at the data layer has never been a legislative priority at the scale it would require.

2. The cost stack

The price to answer "is this business real?" in Europe ranges across six orders of magnitude, depending on whose definition of "real" the question adopts and which country the answer has to come from.

At the free end sit open APIs published directly by government registries. UK Companies House accepts an API key and returns full company records at no cost. CZ ARES, NO Brreg, FR SIRENE operate the same way. Poland's CEIDG, Biała Lista, and CRBR registries publish data through public endpoints. Bulk downloads exist for Germany (OffeneRegister.de, CC-BY 4.0), the UK, France, and Czechia. Total direct cost per verification at this layer: zero.

One step up: per-document paywall. Germany's Handelsregister charges individual fees for document downloads, free to query the metadata and paid to retrieve the filings. Netherlands KVK charges approximately €2.70 per item. Italy's InfoCamere portal, Belgium's BCE, and Spain's provincial Registros Mercantiles work similarly.

Commercial aggregators operate the middle layer. OpenCorporates, the largest open-data business registry aggregator, prices API access at £2,250–12,000 per year for 500–5,000 calls per month, roughly £0.20–0.38 per call or €0.23–0.44². Dun & Bradstreet sells individual company reports at €100–200 each, with enterprise contracts negotiated separately. Bureau van Dijk's Orbis database is enterprise-only with undisclosed list pricing.

Traditional due diligence lives at the top. Full KYB onboarding for a new counterparty, including beneficial ownership verification, sanctions screening, document review, and recurring monitoring, costs €800–2,500 per counterparty³. Cross-border KYC processes in regulated contexts take 30–50 days end to end, according to European Commission data on fragmented cross-border public services⁴.

The SME segment is priced out. An SME that cannot pay €4,000–50,000 per year for structured counterparty verification chooses between three options: check nothing, check badly with a free registry query and manual language translation, or subscribe to a commercial aggregator at a price point calibrated for enterprise compliance budgets. Two of those three options leak risk; the third costs more than most annual software budgets.

3. Demand signal — cross-border is the default

The most-cited assumption about business identity data, that cross-border verification is an enterprise edge case, is measurably wrong in April 2026.

The b2trust.com platform publishes search distribution by country. Germany generates approximately 29% of monthly search volume, Poland 27%, the United Kingdom 17%, France 13%, Czechia 12%, and Norway 10% (b2trust.com platform analytics, April 2026). Germany is the country with the most restricted commercial registry access in the top six: no public API, no bulk download, paid document retrieval. Germany also generates the single largest share of cross-border demand. The correlation inverts the intuition that demand follows supply: access restriction drives demand, not supply abundance.

Deeper platform analytics confirm that cross-border is not an edge case but close to a default. In the logged sample of 1,898 queries recorded between 15 March and 17 April 2026, 598 queries (31.5%) touched more than one country. Users of b2trust.com are not checking local suppliers. They are checking foreign ones in meaningful proportion of their sessions.

The same sample distributes across eight locales: English 58%, Czech 7%, Portuguese 7%, Norwegian 7%, French 6%, German 6%, Polish 5%, Danish 5%. Cross-border demand is also cross-lingual by default, a second dimension of fragmentation that commercial aggregators still solve by charging enterprise subscriptions for machine-translation add-ons.

Regional visitor distribution reinforces the picture. Europe accounts for approximately 94% of total visitors, Oceania 6%, Americas under 1% (b2trust.com visitor analytics, April 2026). The demand is concentrated within Europe; within Europe, it concentrates on the hardest-to-reach countries.

Eurobarometer data from the European Commission's Border Focal Point Network (2025) shows that only 56% of EU public services are digitally accessible to cross-border users⁵. Regulatory complexity remains the single largest deterrent to SME cross-border growth. The b2trust.com platform is capturing the aggregated demand signal where public infrastructure still falls short.

4. The commercial response stack

The commercial response to business-identity fragmentation in Europe has drawn more than $160M of venture capital since 2022, all of it into the layer above the data.

The four-layer stack is legible once companies are arranged by what they actually own. Layer 1 is government registries, 170-plus globally and 30-plus in the EU, fragmented and non-interoperable by construction. Layer 2 is data aggregation and standardisation: OpenCorporates (London, 235 million records, 145 jurisdictions, bootstrapped since 2010 at roughly $7M ARR), Global Database (600M+ records, VC-backed, undisclosed round), InfobelPRO (Belgium, 375M records, self-funded over 30 years). Layer 3 is KYB and compliance platforms: Middesk in San Francisco, AiPrise, Condukt, Dotfile. Layer 4 is GRC workflow, including Formalize.

Two facts about this stack are worth naming.

First, every Layer 3 operator needs Layer 2 data; none of them own the registry data they route. Condukt, AiPrise, and Dotfile all describe themselves as orchestrators: software that plugs into multiple country-level data providers and unifies the output into a compliance workflow. When a European customer onboards through Condukt, somewhere a registry connector is hitting a government API on Condukt's behalf. Orchestration compounds cost as geographies scale: each new country means a new provider contract, a new integration, a new data dictionary, a new cost line. Middesk owns its data, which is how it reaches a reported $500M–$1B valuation, but it owns only United States registry data. The equivalent for Europe does not exist at Middesk scale.

Second, the capital asymmetry. Layer 3 has raised over $160M since 2022: AiPrise ($13M Series A, October 2025), Condukt ($10M seed, November 2025), Dotfile (€9.7M combined, 2023–2024), Formalize (€50M Series B, October 2025), plus Middesk's $77M that predates 2022. Layer 2 remains historically under-invested. OpenCorporates, the largest European-aligned data aggregator, has never taken venture capital. Global Database's rounds are undisclosed. InfobelPRO is bootstrapped.

Three dynamics follow from the capital asymmetry. Layer 3 valuations grow faster than Layer 2 capability, because venture markets price workflow near customer budgets and data near commodity margins. Layer 3 dependencies on Layer 2 data create concentration risk: if OpenCorporates changes licensing, a non-trivial number of downstream compliance products need contingency plans. And the layer least dependent on external capital (data ownership) is also the layer most structurally defensible over a ten-year horizon.

5. The regulatory layer arriving above

Four regulatory vectors are tightening the requirements around business identity in Europe between now and 2028, and none of them directly address the data layer.

Directive 2019/1151, the first Digitalization Directive, was in force from August 2019 with transposition deadlines through August 2023. It formalised digital company-formation processes and mandated BRIS as the cross-border interconnection. Its success is legal (compliance achieved) and functional (BRIS operates). Its limitation is architectural: BRIS is a search UI, not an API, not a bulk channel.

Directive 2025/25, known as DigiRL II, was published in the Official Journal on 10 January 2025 and entered into force 30 January 2025. Member states have until 31 July 2027 to transpose. It expands the 2019 scope to cross-border branch registration, simplified company formation, and wider identifier interoperability. The legislative trajectory continues to assume that a data layer providing cross-border machine access already exists underneath these higher-order primitives.

Regulation 2024/1183, commonly called eIDAS 2.0, entered into force 20 May 2024. Member states must make at least one European Digital Identity Wallet (EUDIW) available to citizens by the end of December 2026, with mandatory acceptance by specified private-sector relying parties following a year later. The EUDIW is designed around citizen identity. Business identity is out of its explicit scope.

The European Business Wallet (EBW) draft regulation, published in November 2025 as the logical complement to eIDAS 2.0, addresses the business-identity primitive directly. The Bitkom position paper from June 2025 sets out the industry perspective: the EBW is expected to carry business-identity attestations, sign invoices, and interoperate with eIDAS 2.0 trust services. Legislative passage is expected over 2026–2028. The EBW assumes, again, that a data layer exists underneath.

The EU anti-money-laundering package, combining Regulation 2024/1624 with the sixth Anti-Money Laundering Directive (AMLD6), was adopted in June 2024 with effective date 10 July 2027. The package tightens requirements around beneficial ownership register access following the 2022 Court of Justice ruling that restricted public access, and introduces the single EU rulebook on AML/CFT.

Four vectors move in the same direction. Digital identity becomes a structured, verifiable, portable primitive. The citizen wallet arrives first. The business wallet follows. Beneficial ownership access is formalised. Digital company formation is harmonised at the instrumentation layer. None of them provide a single free-access, cross-border, machine-readable business registry at the data layer, and each of them implicitly assumes that layer exists.

6. The gap

The gap between what Europe's regulatory stack now requires and what its data layer provides is measured in orders of magnitude, not percentage points.

What Europe has in April 2026: 27 member states, 30-plus active business registries, four layers of commercial stack above those registries, four regulatory vectors converging on business-identity formalisation, an estimated $340B global annual economic burden tied to B2B trust failure (FBI IC3 Annual Report 2024; ACFE Report to the Nations 2024; Europol European Cybercrime Report 2024; PwC Global Economic Crime Survey 2024; European Central Bank Payment Statistics 2022), 26.1 million SMEs running a handful of supplier verifications each per year, and approximately zero standardised cross-border access at the registry layer itself.

What Europe does not have: a single business identifier format. A single cross-border registry API. A single free-access layer consolidating 30-plus country sources. A single way for a Polish SME to verify a German supplier in under 30 seconds without a €200/month subscription or a 30-day compliance loop.

b2trust.com indexes more than 29 million business entities across 32 countries, free, cross-border, multilingual across eight languages, no registration required. Platform analytics, April 2026 (b2trust.com; country surface example at b2trust.com/en/companies/germany). The platform exists as existence proof that the gap is addressable at consumer-grade UX and zero marginal cost per search.

That paragraph, with its shipped surface and measured traction level, is the only passage in this article that describes what any one actor is doing about the fragmentation. The four-layer commercial stack above it is still building, the four-vector regulatory stack above that is still legislating. The data layer itself is where the problem sits and where the answer eventually has to live.

Closing

The state of business identity data in Europe 2026 is not static fragmentation.

Registry digitalization is advancing. DigiRL II started its 2.5-year transposition clock in January 2025. Identity regulation is maturing: eIDAS 2.0 EUDIW wallets within the year, European Business Wallet on the legislative agenda, AMLD6 in force by mid-2027. The commercial stack above the data layer has drawn more than $160M of venture capital since 2022. Every vector is pointing the same direction, toward more structure, more portability, more verifiability.

Underneath all of that, the data layer remains fragmented, paywalled, and structurally hostile to the 26.1 million SMEs that make up 99.8% of European enterprises. The stack has four layers; the bottom one is the oldest infrastructure, the least invested-in, the one where the pricing still reads like 1998, and the one where demand is quietly crossing 30% multi-country by default. Everything else being built in Europe between 2025 and 2028 assumes that layer works. In April 2026, it does not.

---

Footnotes

1. European Commission, Annual Report on European SMEs 2024/2025 — SME Performance Review, published July 2025. Accessed 2026-04-17. ↩ ↩²

2. OpenCorporates public pricing, https://opencorporates.com/info/plans. Accessed 2026-04-17. ↩

3. Industry KYB cost estimates for traditional due diligence sit in the €800–2,500 range per counterparty, reflecting beneficial-ownership verification, sanctions screening, document review, and ongoing monitoring. See LexisNexis Risk Solutions True Cost of Financial Crime Compliance Study (EMEA, 2024 edition) and Thomson Reuters KYC Cost research for industry benchmarks. Costs vary materially by jurisdiction, entity complexity, and whether enhanced due diligence applies. ↩ ↩²

4. European Commission, Border Focal Point Network, Latest Eurobarometer survey reveals key barriers to cross-border growth for SMEs (2025). Accessed 2026-04-17. ↩

5. Border Focal Point Network Eurobarometer (2025). ↩