Regulatory Compliance Tracker
Structured reference of KYC, AML, and biometric data regulations by jurisdiction. Each row links to compliant vendors in the PrimeBiometry directory – so you can identify your requirement and shortlist vendors in one step. Updated monthly.
5 regulations
in effect
1 coming soon
Last updated: July 2026
Jurisdiction
Business Type
| Regulation | Jurisdiction | Status | |||
|---|---|---|---|---|---|
| MiCA Travel Rule | EU | CryptoVASP | CASPs must share originator and beneficiary data for crypto-asset transfers above €1,000. | In Effect | |
| FATF Travel Rule | Global | CryptoVASPFintech | VASPs must collect and transmit originator and beneficiary information for virtual asset transfers of USD/EUR 1,000 or more. | In Effect | |
| GDPR – Biometric Data | EU | FintechHealthcareIdentity Verification | Biometric data processed for identification is classified as special-category data requiring explicit consent, legal basis documentation, and data minimization. | In Effect | |
| SOC 2 Type II | US | FintechSaaSAll | Annual third-party audit of security, availability, processing integrity, confidentiality, and privacy controls over a minimum 6-month observation period. | In Effect | |
| NIST SP 800-63 (IAL2/IAL3) | US | GovernmentFederalHealthcare | Federal agencies must use NIST 800-63 IAL2 or IAL3 identity proofing for digital service access. Contractors serving federal agencies must meet the same standard. | In Effect |
Vendor compliance status is verified against public trust center documentation and vendor-provided attestations. Last verified July 2026. Evaluation methodology