Reliable Identity Verification in a Regulated Environment

POSTIDENT stands for reliable, proven, and future-proof identification processes. This service provided by Deutsche Post AG supports you in conducting identity verification procedures within a regulated environment and is aligned with the applicable legal and regulatory requirements at any given time.

You benefit from a comprehensive portfolio of identification solutions with multiple verification methods that can be flexibly deployed depending on your specific use case. Security, compliance, and regulatory reliability are embedded in all services and supported by clearly defined governance, management, and control processes.

Ready for the Future

In July 2027, the European Anti-Money Laundering Regulation (AMLR) will replace the German Money Laundering Act (GwG) as the applicable legal framework. Deutsche Post is therefore adapting the POSTIDENT portfolio in line with the AMLR and eIDAS 2.0, with the objective of continuously aligning its identification procedures with new regulatory requirements.  In addition, Deutsche Post is expanding it with identification via the European Digital Identity (EUDI) Wallet.

As a result, POSTIDENT will continue to provide a future-proof identity verification portfolio that is aligned with applicable regulatory requirements while supporting efficient and user-friendly onboarding processes.

POSTIDENT offers a robust identity verification portfolio which is designed to meet user needs and is aligned with current German regulatory requirements, i.e. German anti-money laundering regulation (GwG). Deutsche Post is systematically preparing its existing identification procedures for future European regulatory frameworks, particularly the EU Anti-Money Laundering Regulation (AMLR) and eIDAS 2.0. Future regulatory requirements are proactively assessed and continuously incorporated into POSTIDENT services, as well as into established governance, control, and documentation frameworks.

In particular, the established video identification process is being enhanced to become eIDAS 2.0 compliant, while the automated identification procedure (AutoID) is being specifically aligned with future AMLR requirements and relevant ETSI standards. Compliance is documented through appropriate certifications and independent external assessments.

In addition, POSTIDENT is expanding its portfolio to include identification via the EUDI wallet, providing you with an additional future-ready identity verification option. This may enable you to efficiently meet regulatory requirements while benefiting from innovative, scalable, and secure identification solutions.

Our Compliance Approach

POSTIDENT's compliance framework is based on a holistic and structured management system that integrates key requirements related to regulation, security, operational resilience, and third-party management.

Through clearly defined objectives, systematic planning, and regular control mechanisms, relevant influencing factors are systematically identified, assessed, and effectively managed to ensure stable and reliable service delivery.

Particular attention is given to the involvement of third parties and subcontractors. Comprehensive monitoring, transparent governance structures, and consistent tracking of actions support sustainable and reliable collaboration with your business.

Service Delivery

POSTIDENT services are delivered through standardized and cross-procedure consistent processes. The objective is to ensure high process stability, transparent execution, and controlled availability of identity verification services.

Management, monitoring, and escalation mechanisms are designed to ensure reliable service delivery, even under changing or volatile operational conditions.

Information Security

Information security is a fundamental component of the POSTIDENT operating model.

All Services are embedded within a structured Information Security Management System (ISMS) that systematically identifies, evaluates, and addresses security requirements through appropriate technical and organizational measures.

Residual risks inherent to products and processes are managed transparently through established ISMS procedures. Security measures are subject to continuous review and improvement.

Data Protection

POSTIDENT identity verification services are designed in accordance with the requirements of the General Data Protection Regulation (GDPR). Comprehensive technical and organizational measures are implemented to govern the processing, access, and storage of personal data.

Data protection requirements are considered both internally and throughout the engagement of subcontractors. In addition, employees receive regular training and awareness measures regarding data protection obligations.

Compliance & Regulatory Framework

POSTIDENT operates within a structured compliance framework that addresses relevant national and European regulatory requirements and supports their effective implementation. These include, among others:

  • Anti-money laundering requirements (AML frameworks)

  • Digital identity and trust service regulations (eIDAS)

  • Data protection requirements (GDPR)

  • Information security and governance requirements

Compliance is supported through defined policies, control mechanisms, training programs, and internal and external audit processes. Operational procedures are designed to ensure reliability, process integrity, and traceability.

Business Continuity Management (BCM)

POSTIDENT applies a comprehensive approach to ensuring business continuity.

The Business Continuity Management System (BCMS) is based on established standards such as ISO 22301 and addresses both technical and organizational disruption and failure scenarios.

Key elements include:

  • Preventive measures to reduce the likelihood of disruptions

  • Preventive measures to stabilize critical processes

  • Preventive measures to avoid operational disruptions

  • Clearly defined escalation and decision-making processes

  • Structured emergency response and recovery plans

  • Regular training and simulation exercises.

Operational Resilience Testing

To ensure resilience under realistic operational scenarios, systems and processes are reviewed on a regular basis.

Resilience testing follows Group-wide security and quality standards and includes both automated and manual assessment methods.

Identified vulnerabilities are documented, prioritized, and addressed through established remediation processes. Findings are continuously incorporated into the improvement of systems, processes, and controls.

Outsourcing & Third-Party Risk Management

The engagement of third parties and subcontractors is governed through a structured Outsourcing and Third-Party Risk Management (TPRM) framework.

The objective is to ensure that external service providers meet regulatory, contractual, and quality requirements.

The framework covers the entire lifecycle, including:

  • Structured selection and due diligence processes

  • Contractually defined security and compliance obligations
  • Ongoing monitoring and audits
  • Formalized exit management procedures

Compliance with requirements is regularly reviewed and documented.

Monitoring, Communication & Governance

Implementation of security and compliance measures is supported through comprehensive monitoring activities and regular reviews.  Transparent communication structures and consistent tracking of defined actions contribute to effective governance and the continuous enhancement of compliance capabilities.

Legal Certainty for Digital Signatures

In July 2016, the European eIDAS Regulation has established the legal framework for trusted digital services, including Qualified Electronic Signatures (QES).

Digital signatures that comply with eIDAS requirements are legally equivalent to handwritten signatures throughout the European Union and may be used wherever legislation does not explicitly require a handwritten signature on a physical document.

Deutsche Post has successfully completed the comprehensive eIDAS audit process and has been recognized by the German Federal Network Agency (Bundesnetzagentur) as a Qualified Trust Service Provider.

As a result, POSTIDENT E-Signing and POSTIDENT via Video Chat meet the highest applicable standards and provide a legally secure and user-friendly solution for digital signatures.

A Reliable Foundation for Collaboration

POSTIDENT's security and compliance framework provides a strong foundation for the use of identity verification services within regulated businesses.

The clear alignment with governance, process, and control requirements support you in integrating POSTIDENT into your own governance and compliance frameworks.

Want to find out more?