Home / Use cases / AML & Compliance

AML & Compliance

VAT Validation for Anti-Money Laundering (AML) Compliance

AML frameworks require businesses to verify the identity and tax registration of counterparties before entering high-value transactions. Use the TaxID API to validate VAT numbers as part of your AML due diligence workflow, with a full audit trail per transaction.

Anti-Money Laundering (AML) regulations across the EU, UK, and globally require businesses in financial services, fintech, legal, and increasingly B2B SaaS to perform due diligence on the companies they transact with. A core component of that due diligence is confirming that the counterparty is a legitimately registered business — not a shell entity or a company that has ceased to trade. VAT registration status is one of the most reliable and programmatically accessible indicators of active business status available from government registries.

The TaxID API validates VAT numbers against 31 official government registries in real time and returns the registered company name, address, and registration status. For AML purposes, this creates a verifiable record that at the time of transaction initiation, the counterparty's VAT number was active and matched the declared company identity. The company_name and address fields from VIES allow cross-referencing against the company's self-reported details — a discrepancy (e.g., the VAT number belongs to a real company but the declared name does not match) is a risk signal that warrants enhanced due diligence.

AML regulations in the EU (particularly the 6AMLD and AMLD5) require firms to maintain records of due diligence checks for a minimum of five years. The TaxID API's request_id field uniquely identifies each validation query and can be used as a reference in your compliance records. Store the full response — status, company_name, address, validated_at, and request_id — with each transaction record to satisfy record-keeping obligations.

For high-risk counterparties, VAT validation is a first-line check within a broader AML workflow, not a substitute for it. It is most valuable as an automated gate that screens out clearly invalid or unregistered entities before they reach manual review queues. A business with an invalid VAT number, a number that returns service_unavailable on repeated attempts, or a number where the name does not match the declared company name should be flagged for enhanced due diligence rather than automatically rejected or approved.

Implementation steps

1
Trigger validation at transaction initiation
Call GET /api/v1/validate/:country/:vat from your server when a new counterparty relationship or high-value transaction is initiated. Do not rely on prior validation records — always validate in real time at the point of due diligence, since VAT registrations change.
2
Cross-reference returned company details
Compare the company_name and address returned by the API against the counterparty's self-declared company name and registered address. A mismatch is a risk signal. Exact string matching is too strict — normalise for formatting and legal suffixes (GmbH, Ltd, SRL), but flag substantial name differences for manual review.
3
Handle service_unavailable as pending — not cleared
If the API returns service_unavailable, do not proceed as though the counterparty is validated. Queue the transaction for re-validation within 24 hours and hold any risk decision until VIES recovers. Do not log service_unavailable responses as 'verified' in your compliance records.
4
Store the full response as a compliance record
Persist the complete API response — status, company_name, address, request_id, and validated_at — with the transaction record. EU AML regulations require due diligence records to be retained for 5 years. The request_id uniquely identifies the VIES query and can be referenced in audit documentation.
5
Re-validate for ongoing relationships
For counterparties with recurring transactions, re-validate VAT status monthly or before high-value transactions. A status change from active to inactive or invalid in an established relationship is a significant risk signal warranting immediate review.

Code example

Node.js

const res = await fetch(
  'http://localhost:3000/api/v1/validate/DE/DE123456789',
  { headers: { 'Authorization': 'Bearer YOUR_API_KEY' } }
);
const { valid, status, company_name, company_address } = await res.json();

if (valid) {
  console.log(`Valid EU business: ${company_name}`);
} else if (status === 'service_unavailable') {
  // VIES is temporarily down — retry or allow with manual check
  console.log('VIES unavailable — check back in a few minutes');
} else {
  console.log('Invalid VAT number — charge local tax rate');
}

Python

import requests

res = requests.get(
    "http://localhost:3000/api/v1/validate/DE/DE123456789",
    headers={"Authorization": "Bearer YOUR_API_KEY"}
)
data = res.json()

if data["valid"]:
    print(f"Valid: {data['company_name']}")
elif data["status"] == "service_unavailable":
    print("VIES temporarily unavailable")
else:
    print("Invalid VAT number")

API response

The TaxID API returns a consistent JSON response for every validation request:

200 OK (active)valid

{
  "valid": true,
  "status": "active",
  "country_code": "DE",
  "vat_number": "123456789",
  "company_name": "Example GmbH",
  "company_address": "Musterstraße 1, 10115 Berlin",
  "request_date": "2026-05-10T00:00:00.000Z",
  "cached": false,
  "request_id": "req_01j..."
}

Error handling

The API uses a consistent Stripe-style error format. Always handle service_unavailable separately — VIES has occasional downtime and you should not reject valid customers during outages.

active

VAT number is valid and the business is registered

invalid

VAT number format is wrong or not registered in VIES

service_unavailable

VIES or the national system is temporarily down — retry later

Frequently asked questions

Does VAT validation satisfy AML due diligence requirements?

VAT validation is a useful component of due diligence but is not by itself sufficient for AML compliance. It confirms that a business is or was registered with a tax authority, but it does not screen for sanctions, PEPs, or adverse media. Use it as a first-line automated check within a broader AML framework that also includes sanctions screening and, for high-risk counterparties, enhanced due diligence.

Which industries require VAT validation as part of AML?

Financial services, payment processors, and fintech companies regulated under the EU's AMLD5/6AMLD directives are the primary users. Additionally, B2B SaaS companies that sell to financial sector clients, legal and accounting firms with corporate clients, and marketplace platforms with high-value seller onboarding increasingly integrate VAT validation into their AML workflows.

What happens when VIES is unavailable during a required AML check?

The correct approach is to hold the transaction pending re-validation, not to proceed as cleared or to reject outright. Log the service_unavailable event with the counterparty ID and retry within a few hours. If VIES remains unavailable for an extended period, escalate to manual due diligence for time-sensitive transactions.

Evaluating EU VAT APIs? Compare TaxID vs Vatstack, Vatlayer, Avalara →

Ready to implement?

Get your free API key and start validating EU VAT numbers today.

Get free API key

Related use cases

Validate EU VAT numbers in Stripe Checkout

Add EU VAT validation to your Stripe checkout flow. Verify customer VAT numbers server-side before a...

UK VAT validation in Shopify B2B

Validate UK VAT numbers for B2B customers in Shopify. Required under UK Making Tax Digital rules for...

WooCommerce Spain NIF/CIF validation

Validate Spanish NIF and CIF numbers in WooCommerce checkout. Automatically apply B2B tax exemptions...