Customer due diligence risk checks powered by the Legal Entity Identifier (LEI), open data and open standards - including the Beneficial Ownership Data Standard (BODS).
Try the demo at https://opencheck.onrender.com/
You paste in a Legal Entity Identifier. OpenCheck queries GLEIF first, derives every cross-source identifier it can (UK Companies House number, Norwegian organisation number, Irish company registration number, Finnish Y-tunnus, Latvian registration number, Lithuanian entity code, Estonian registry code, Czech IČO, Polish KRS number, Austrian Firmenbuchnummer, Slovak IČO, French SIREN, Dutch KvK number, Swedish organisation number, Swiss UID, Canadian corporation number, Belgian enterprise number, Danish CVR number, Croatian MBS, OpenCorporates ID, Wikidata Q-ID, and more), and uses those bridges to fan out across 28 national and international corporate data sources.
Everything maps into BODS v0.4. Cross-source links and risk signals are computed deterministically, and the whole bundle is one click away from a downloadable export (JSON / JSONL / XML / ZIP).
The risk-signal layer mirrors the EU AMLA draft customer due diligence regulatory technical standards conditions for "complex corporate structures" — trust/arrangement, non-EU jurisdiction, nominee, ≥3 ownership layers, plus the composite threshold rule and an advisory mirror of the subjective obfuscation condition.
Latest: Phase 47 — Cyprus DRCOR adapter (committed, inactive — bulk-only)
Cyprus company + officer data from the Department of Registrar of Companies and Intellectual Property (DRCOR), published as three monthly CSVs on data.gov.cy under CC BY 4.0. cy_he derived from GLEIF RA code RA000161 (DRCOR Companies Section), taken from the registeredAs field (Greek-script ΗΕ number, normalised to digits). data.gov.cy exposes no working query API — /api/1/datastore/query returns HTTP 404 and the large CSVs (officials ≈126 MB) are not imported into a queryable datastore — so the adapter follows the ACRA/BCE local-SQLite pattern: the three CSVs (organisations, registered office, officials) are built into a local DB via scripts/extract_cyprus.py and queried by registration number. Maps a company entityStatement plus one person/entity statement per official and a seniorManagingOfficial relationshipStatement each (no shareholders in the open data). Kept inactive (ACRA tier): not registered in REGISTRY and not wired into /lookup or /lookup-stream, so it never appears on /sources — pending an API or a bulk-data strategy for OpenCheck. Activate via CYPRUS_DRCOR_DB_FILE. 14 new tests.
Previous: Phase 46 — Sudski registar (Croatia) adapter
The backend ships with cache-first dispatch: in stub mode (no API keys, no OPENCHECK_ALLOW_LIVE) every adapter returns deterministic placeholder data. Live mode is opt-in per source via env vars.
cp .env.example .env
docker compose up --build- Frontend: http://localhost:5173
- Backend: http://localhost:8000 (OpenAPI docs at
/docs)
Backend:
cd backend
uv sync
uv run uvicorn opencheck.app:app --reload --port 8000Frontend:
cd frontend
npm install
npm run devThe first frontend build copies bundled images for @openownership/bods-dagre into public/bods-dagre-images/. If they're missing, run npm run build once.
| Page | Contents |
|---|---|
| How it works | Step-by-step lookup flow, per-adapter detail, Open Ownership BODS bundles, API surface, project structure |
| Sources | Full adapter table — 26 active sources plus inactive bulk-only adapters, license, entry point, description |
| Risk signals | All 12 signal codes: source-derived, AMLA CDD RTS, FATF jurisdiction, cross-source name match, ICIJ Offshore Leaks |
| Configuration | Environment variables, Render deployment, running the test suite |
| Development history | All 46 phases |
OpenCheck's own code is MIT-licensed. Data retrieved from third-party sources is licensed under each source's own terms — see ATTRIBUTIONS.md. Downloaded exports include a LICENSES.md listing every source that contributed data, with re-use guidance for the most-restrictive licence in the bundle.
The frontend also uses the Beneficial Ownership Visualisation System design tokens and @openownership/bods-dagre, both © Open Ownership and re-used under CC BY 4.0 / Apache 2.0 respectively.
- Live opentender.eu integration — the adapter is wired but
live_available=Falsefor now. - Surface
RELATED_*signals on the BODS dagre graph — currently they appear in the chip strip; ideally they'd render an OpenSanctions / EveryPolitician icon next to the matching node. - A "complex offshore" demo subject that fires every AMLA chip simultaneously.
- BODS RDF / SPARQL backbone via Oxigraph — load the assembled BODS bundle into a triple store, expose
/sparqlfor the published Open Ownership red-flag queries.
Open issues and discussion live in the GitHub repo.
- Beneficial Ownership Data Standard (BODS)
- BODS RDF vocabulary 0.4 — the
risk.pyrules are designed to be portable to a SPARQL/Oxigraph backbone. - GODIN — Global Open Data Integration Network — the LEI-as-connector vision OpenCheck is built around.
- AMLA draft CDD RTS public consultation.
- Open Ownership red flags in BODS data and risk-detection across BO + procurement + sanctions.