Intermediary AS Connecting Companies Cross Countries
Passport check

Automated background check of passport — built into your Norwegian onboarding

Before we register your Norwegian company in the Brønnøysund Register Centre, every foreign owner and signatory completes an automated, GDPR-compliant passport and identity check from a phone or laptop — powered by P-Secure, a Danish SaaS leader in compliance-first background screening.

Foundations of trust Why we verify every foreign owner before filing with Brønnøysund

Registering a Norwegian company — a NUF (Norwegian-registered foreign branch, our core product) or an AS (Aksjeselskap) — is a legally binding act. The directors we appoint, the share register we maintain and, for an AS, the share capital of NOK 30 000 we transfer in your name, all rely on the Brønnøysund Register Centre trusting that you really are the person we say you are.

The Norwegian Money Laundering Act of 2018 (Hvitvaskingsloven) § 12 and the EU AML directives (AMLD 5 / AMLD 6) require us as a professional intermediary to perform enhanced due diligence on every foreign owner and signatory. A scanned passport alone is not enough. We need to be able to demonstrate that:

  • The passport is a genuine machine-readable travel document issued by a recognised state.
  • The data in the chip matches the data printed in the visual zone.
  • The person presenting the passport is the same as the person depicted on it (liveness + face match).
  • The check was performed at a verifiable point in time and the audit trail can be reproduced for a regulator.
The result for you: a passport scan from your phone — typically under 60 seconds — replaces a notarised copy, courier shipments and a queue at a police station. The moment the check passes, we can move directly into drafting your articles, preparing the share register and submitting your filing.

Our provider P-Secure — the Danish SaaS platform behind our identity flow

We do not build identity verification from scratch. We use the platform built by P-Secure ApS (CVR 43151517, Strandvejen 100, 2900 Hellerup, Denmark) — a Danish SaaS leader in compliance-first background screening and personnel security.

P-Secure is trusted by leading European enterprises and authorities across aviation, energy, defence, telecommunications, transport and logistics, finance, research, public authorities, retail, healthcare, water supply and wastewater. Selected references and milestones:

ISAE-certified GDPR by design Data stored in Europe NATO NSPA standard software Backed by EIFO
  • Used by all airports in Denmark and Greenland, by Saab, Energinet and Roskilde Airport.
  • Recently admitted as standard software at NATO's procurement organisation NSPA.
  • Investment from EIFO (Eksport- og Investeringsfonden Danmark) and a Danish defence fund.
  • Platform is ISAE-certified, GDPR-compliant by design, with data stored inside the EU/EEA.

For us at Intermediary AS, this means we plug into a verification platform that already meets the strictest sector-specific requirements in Europe — and we extend it into the very specific use-case of foreign owners and signatories being registered into the Norwegian Brønnøysund Register Centre.

Story How we helped P-Secure enter Norway — and became their Norwegian reseller

This is one of our favourite customer stories. In May 2024, Intermediary AS helped P-Secure ApS register their Norwegian entity with the Brønnøysund Register Centre — yet another strong Danish technology brand taking the step across the Skagerrak with us as their operational partner. Date of registration: 7 May 2024.

The Danish–Norwegian corridor matters in this exact domain. Background screening, personnel security and compliance are subject to strict sector-specific requirements in both countries — and customers in critical infrastructure (energy, aviation, defence, telecom, water) require local anchoring and a locally registered supplier. Our job was to remove the friction so P-Secure only noticed the outcome: a fully operational Norwegian entity with its own organisation number.

Today the relationship has come full circle. Intermediary AS is a Norwegian reseller of the P-Secure platform — we use their technology in our own onboarding flow at registercompany.no. One platform, two roles: their technology behind our incorporation process, our team behind their first Norwegian organisation number.

Read the full case story: P-Secure to Norway — registered 7 May 2024 →

The check itself What we actually verify in the 60 seconds you spend on the scan

1. Document authenticity

The passport's chip (ICAO 9303) is read over NFC. Cryptographic signatures from the issuing state are validated against the public document signer certificates (CSCA). Forged or tampered documents fail at this step.

2. Visual / MRZ consistency

The visual zone (your photo, name, date of birth, document number) is OCR-read and compared to the data in the chip and to the machine-readable zone at the bottom of the page. Discrepancies are flagged.

3. Liveness

You take a short selfie. The platform confirms it is a live person — not a photo of a photo, not a static printout, not a deepfake video — using passive and active liveness signals.

4. Face match

The selfie is biometrically compared to the photograph stored in the passport chip. A confidence score is generated; below the threshold the case is escalated to a human operator at Intermediary AS.

5. Watchlist / PEP screening

The verified identity is screened against EU and UN sanctions lists, politically exposed person (PEP) lists, and adverse-media sources — as required by Norwegian AML rules.

6. Audit trail

The entire transaction — document images, chip data, selfie, liveness signals, biometric score, screening result and timestamps — is preserved in a tamper-evident audit record we can produce on regulatory request.

What it looks like for you The four-step process at registercompany.no

1

Start your registration

Choose an eID or proceed as a non-Nordic founder from the home page.

2

Scan your passport

Hold your passport open to your phone camera — the chip is read over NFC in a few seconds.

3

Selfie + liveness

A short selfie confirms you are present. The system matches you to the passport photo.

4

Verified — we file

P-Secure returns a signed result. We move directly into the Norwegian registration with Brønnøysund.

Typical end-to-end time for the verification itself is under 60 seconds on a modern smartphone with NFC enabled. If the chip cannot be read (older passport or no NFC on your device), the platform falls back to a high-resolution visual-only verification with additional liveness checks.

Data, retention and your rights What we keep — and what we delete

We minimise data by design. After a successful passport check, the data we store is the minimum required under the Norwegian Money Laundering Act § 30 (record-keeping) and the Bookkeeping Act § 13:

  • Verified full legal name, date of birth and nationality
  • Passport number, issuer and expiry
  • The verification result (pass / refer / fail) and the confidence score
  • A timestamp and the name of the verification provider (P-Secure)
  • The biometric template only where required to demonstrate match-evidence to a regulator; deleted otherwise

All processing happens inside the EU/EEA. P-Secure is the data processor and Intermediary AS is the data controller for this step. The data-processing agreement is available on request.

Retention: 10 years after the customer relationship ends (Money Laundering Act § 30 second paragraph). After that we delete or anonymise. You have the right to access, rectify and (subject to AML constraints) request erasure of your data — write to contact@intermediary.no.

See also our Cookie and Terms pages.

EU resilience framework NIS2 and CER — why our identity flow is already aligned, ahead of Norwegian transposition

Two EU directives reshape how identity, supply-chain trust and operational resilience must be handled across Europe:

  • NIS2 — Directive (EU) 2022/2555 on a high common level of cybersecurity. It expands the previous NIS scope dramatically and now covers essential and important entities across energy, transport, banking, financial market infrastructure, health, drinking water, waste water, digital infrastructure, ICT service management, public administration, space, postal and courier services, waste management, manufacturing of chemicals, food, manufacturing of medical devices, computers and electronics, machinery, motor vehicles, digital providers, and research. Member-state transposition deadline was 17 October 2024.
  • CER — Directive (EU) 2022/2557 on the resilience of critical entities. It is NIS2's physical-world counterpart: identification of critical entities, resilience plans, background verification of personnel in sensitive positions, and incident reporting. Same transposition deadline: 17 October 2024.

Both directives apply across the EU and the EEA. Norway is an EEA state and is in the process of transposing the NIS2 and CER frameworks into Norwegian law (a dedicated Digital Security Act and a Civil Protection Act revision). Until Norwegian law catches up, many Norwegian suppliers operate against the previous, narrower NIS1-era regime — while their European customers are already under the new one.

Why this matters for you as a foreign founder: if your future Norwegian company will sell into any EU/EEA market — and especially into critical or important sectors — your European customers are already required by NIS2 and CER to verify the integrity of their supply chain, including the identity and background of the people behind their suppliers. A compliant identity flow at incorporation is no longer a nice-to-have; it is the entry ticket to those contracts.

The identity, background and audit flow we deploy through P-Secure was designed under exactly these directives. Concretely it covers:

  • NIS2 Art. 21(2)(d) — supply-chain security including security-related aspects concerning the relationships between each entity and its direct suppliers or service providers.
  • NIS2 Art. 21(2)(i) — human-resources security, access-control policies and asset management.
  • CER Art. 14 — background checks on personnel in sensitive roles at critical entities, in accordance with Union and national law and proportionate to the risk.
  • GDPR Art. 6 & 9 — lawful basis (legal obligation under AML, public-interest task under CER) and a documented data-minimisation regime for biometric processing.

In practice this means the audit record we generate at incorporation is one your future EU/EEA customers can accept as evidence inside their NIS2 and CER programmes — without you having to redo the work later.

Pioneer position Pioneers in cross-border digital company formation — EU/EEA-aligned ahead of Norwegian transposition

Intermediary AS is one of very few Norwegian providers that has built a fully digital, cross-border incorporation flow for foreign founders — and we have deliberately built it against EU and EEA source law rather than waiting for the Norwegian transposition to catch up.

Concretely, we are already operating under:

  • The Digital Tools and Processes Directive (EU) 2019/1151 — the legal foundation for online formation of companies and online filing across the Single Market.
  • The eIDAS Regulation (EU) 910/2014, including the EU Digital Identity Wallet roadmap under (EU) 2024/1183 — for cross-border electronic identification and qualified electronic signatures.
  • The AML directives AMLD5 (EU) 2018/843 and AMLD6 (EU) 2024/1640, plus the new AML Regulation (EU) 2024/1624 and the EU Anti-Money Laundering Authority (AMLA) — for risk-based customer due diligence on foreign owners.
  • The NIS2 (EU) 2022/2555 and CER (EU) 2022/2557 directives — for supply-chain identity assurance and background verification of personnel in sensitive positions.
  • The GDPR (EU) 2016/679 with biometric data treated under Article 9.

Norway, as an EEA state, is bound to implement most of these into Norwegian law, but the transposition cycle takes time. We do not wait: every flow we operate is EU/EEA-compliant by default, which means a Norwegian company formed through us is already structured to meet the obligations that Norwegian transposition will subsequently codify.

Our position: for foreign founders in the EU/EEA who need a Norwegian presence — NUF or AS — Intermediary AS removes the gap between EU expectations and Norwegian local procedure. Same identity flow, same audit trail, same legal basis your European counterparties already use.

This pioneer position is not an accident. It is why P-Secure chose us as their Norwegian partner in 2024, and why our incorporation engine has been nominated for the Norwegian State Digitalisation Prize in both 2024 and 2026.

Edge cases If you cannot complete the automated passport check

The automated flow covers the overwhelming majority of foreign founders. If your passport chip cannot be read, your camera is not suitable, or you simply prefer a person to walk you through it, you have two fallback paths:

  • Assisted video verification. A member of our team joins you on a short video call, walks you through the document presentation and selfie, and we generate an equivalent audit record manually.
  • Notarised paper copy. You provide a notarised passport copy plus proof of address (utility bill, bank statement or government letter no older than three months). Slower and more expensive, but always available.

Contact contact@intermediary.no and we will set up an alternative KYC slot within one working day.

Ready to expand to Norway?

Start your Norwegian company registration today - fully digital, transparent pricing, end-to-end support.

Get started now
Connection lost

Attempting to reconnect to the server...

Connection failed

Could not reconnect to the server. Reload the page to restore functionality.

Session expired

Your session has expired. Please reload the page to continue.

An unhandled error has occurred. Reload 🗙