Beneficial Ownership Data: New Access Rules in Estonia 

Beneficial Ownership Data New Access Rules in Estonia 

From 10 July 2026, Estonia will update access to beneficial ownership data in the e-Business Register. The key change is simple: beneficial owner details will no longer be freely visible to every unauthenticated user. Access will move to a purpose-based model for competent authorities, obliged entities, contractual partners with rights, and persons who can justify a legitimate interest. This follows the Ministry of Finance announcement and the practical update published by the e-Business Register help portal.

What is changing for beneficial ownership data in Estonia?

The Ministry of Finance is preparing amendments to the rules for the beneficial ownership register, known as TEKSA. Today, the public can view beneficial owner information through the e-Business Register. From 10 July 2026, that model changes because the data will be no longer freely accessibleaccess will require a defined basis, e unauthenticated users will not be able to view the data. 

The policy direction is to balance three goals: transparency, anti-money laundering controls, and privacy protection. That balance matters because beneficial ownership data identifies the natural persons who ultimately control a company. It is useful for due diligence, supervision, and anti-money laundering work, but it also contains personal information that should not be public without a proper reason. 

The change follows the European Union’s new anti-money laundering framework and European Court of Justice case law on unrestricted public access to beneficial owner registers. In practice, Estonia is moving from open public visibility to controlled access. We should treat this as a compliance and data governance change, not only as a technical register update. 

The main shift can be summarized as follows: 

  • Public visibility becomes restricted access.
  • Curiosity-based searches are replaced by purpose-based access.
  • Users without rights must submit a justified request.

Who will still be able to access the register?

Access groups and practical impact 

The new rules do not remove beneficial ownership data from compliance workflows. Instead, they narrow access to people and organizations with a legally recognized reason to use it. Competent authorities will use it for statutory duties, obliged entities will use it for customer due diligence and compliance, and persons with legitimate interest may request access to specific data. 

For companies, banks, fintechs, law firms, accountants, notaries, auditors, and other obliged entities, the practical question is not whether the register disappears. It does not. The practical question is whether their access routeuser permissions, e internal procedures are ready before 10 July 2026. 

We recommend mapping each user group inside the organization. A person who needs access for client onboarding may not need the same rights as a person handling filings, administration, or reporting. The safest approach is role-based access, documented purpose, and periodic review.

How beneficial ownership data requests will work from 10 July 2026 

From the effective date, a person without automatic access rights may submit a request and explain why access to the beneficial ownership data is necessary. The Ministry of Finance announcement states that users with access through the e-Business Register portal will continue to have free access when they fall within the permitted categories. 

The request process is especially relevant for parties that are not competent authorities or obliged entities but still need specific information for a legitimate purpose. In those cases, the justification should be precise. A broad request for market research, general curiosity, or unrestricted monitoring is unlikely to fit the purpose-based model. 

strong internal request file should include: 

  • The entity whose data is requested.
  • The specific reason access is needed.
  • The legal, contractual, or compliance context for the request.
  • The person responsible for handling and storing the data.  

We expect access requests to become more formal than current public searches. That means teams should prepare templates now, train staff on acceptable purposes, and keep evidence showing why the data was accessed.

What contractual partners and API users should check

The e-Business Register help portal gives important operational detail for contractual partners and API users. Authorized persons designated by the Ministry of Finance will be able to access the data by logging into the e-Business Register as contractual partners. New contractual partners, and existing contractual partners who do not receive rights by default, will be able to submit an application for access in the e-Business Register environment from July 2026.

API and open data impact

The access restrictions will apply to individual queries and API services. Beneficial owner data will not be published as open data files from the date the amendment enters into force. In addition, entitled users will receive data through the Beneficial Owners API service, while beneficial owner data will no longer be transmitted through the Detailed Data API after the change.

API and open data impact

User permissions and e-ID login

Contractual partners also need to manage internal permissions. Access will be restricted to all users by default, and the contractual partner must assign the correct rights to each user who should see the data. Users making inquiries must log in with an e-ID, such as an Estonian ID card, Smart-IDMobile-ID, oppure EU eID

Before July, administrators should check: 

  • Whether each user has a personal identification number in their profile.
  • Which employees actually need access.
  • Whether API integrations point to the correct service.
  • Whether internal logs show who accessed the data and why.  

Practical action points before 10 July 2026

The update to beneficial ownership data access is manageable if organizations prepare early. We suggest treating 10 July 2026 as a deadline for legal reviewtechnical readiness, e staff training

First, review whether the organization is a competent authority, an obliged entity, a contractual partner, or another person that may need to prove legitimate interest. Second, document the business purpose for every type of access. Third, test the operational process for logins, rights, API calls, and request files. 

For teams that handle client onboarding or transaction checks, this is also a good moment to review internal AML procedures. Our AML compliance advisory page can be linked here as supporting internal guidance. Companies that follow Estonian registry developments may also want to connect this update with wider company law updates in Estonia. 

A practical readiness checklist should include: 

  • Confirm the access category for the organization.
  • Identify named users who need register access.
  • Update internal privacy and data retention notes.
  • Review API connections and open data dependencies.
  • Prepare a legitimate interest request template.
  • Train staff before the effective date.  

The legal message is clear: beneficial ownership transparency remains part of Estonia’s anti-money laundering system, but access is becoming more targeted. Organisations should now move from open-search habits to purpose-based access controls. That protects compliance work while reducing unnecessary exposure of personal data. 

Written by Elena Crimaldi, Legal Team.

Tempo di lettura stimato: 12 minuti