As Europe accelerates its digital transformation, the future of business registries in Europe is becoming a key driver of trust, transparency, and cross-border cooperation. Business registries are no longer just repositories – they are evolving into critical digital infrastructure. European Business Registry Association (EBRA) Conference 2025, held in Milan, brought together registry authorities, policymakers, and technology experts to explore the evolving role of business registries in a fast-changing digital landscape. With regulatory demands tightening, new technologies emerging, and public expectations growing, the event served as a timely checkpoint for what registries must do to remain transparent, resilient, and citizen-focused. The insights shared below are grounded in the key discussions and expert perspectives exchanged during the conference.
Priorities Shaping the Future of Business Registries
At EBRA 2025, four recurring themes emerged across sessions and discussions – each highlighting a critical area that registry authorities must address to stay effective, secure, and relevant in a changing environment. These priorities reflect not only current challenges but also opportunities for long-term transformation.
Responsible AI: Balancing Innovation with Oversight
Artificial intelligence (AI) is already enhancing registry workflows – supporting tasks like document intake, data validation, user support, and fraud detection. As AI becomes more capable, business registries have a real opportunity to enhance their operations and better serve the public. But with that opportunity comes responsibility.
At the heart of every registry lies trust, and introducing AI doesn’t change that. People need to understand how decisions are made, mainly when those decisions affect something as important as starting or running a business. AI systems must be transparent and explainable, clear in both outcome and reasoning.
Regulatory compliance is another critical area. The EU AI Act has set out detailed requirements, particularly for high-risk systems. Registries will need to ensure transparency, apply human oversight where necessary, manage data carefully to avoid bias and follow certification procedures, such as CE marking, which indicates that an AI system meets the EU’s health, safety, and data protection standards. In a digital setting, this mark can be shown electronically, but it must be visible and accessible as a clear sign of compliance.
Ethics should guide everything from design to deployment. AI in the public sector must respect human autonomy, prevent harm, be fair, and be easy to understand. These aren’t just abstract ideas, they directly impact public trust and how people experience registry services.
Some registries are already moving ahead:
- In Italy, InfoCamere is utilizing AI to classify business activities based on free-text descriptions, extract metadata from documents, and even identify legal representatives with impressive accuracy. These systems help automate tedious tasks while maintaining a human review layer for sensitive cases.
- In Sweden, Bolagsverket is utilizing AI to review company names, classify emails, and support caseworkers, all while maintaining explainability and traceability as central to their approach.
- In Germany, Bundesanzeiger Verlag is using AI to anonymize annual reports and extract key information from unstructured documents, helping the registry meet both transparency and privacy requirements under EU law.
These examples demonstrate what is possible, but they also highlight the need for cross-border coordination. Harmonized standards, such as the upcoming Code of Practice for General Purpose AI Models, will enable registries across Europe to collaborate more effectively, ensuring that AI systems remain interoperable and aligned with shared values.
Lastly, none of this works without strong risk management. High-risk AI applications must be identified, well-documented, and monitored throughout their lifecycle. Having a quality management system in place isn’t just good practice, it’s essential to keeping AI reliable and safe over time.
Done right, AI can make registries more responsive, accessible, and efficient, without compromising the trust and accountability that have always defined their role.
Data Quality and Registry Interoperability
Business registries are no longer just repositories of legal information. In a world that runs on data, the job of a registry isn’t just to collect information anymore. It’s to ensure that information is usable, secure, intelligent, and available in real-time.
This shift is already visible across Europe. Many registries are working to make data more machine-readable, interoperable, and connected across borders. Through initiatives like the Business Registers Interconnection System (BRIS) and the European Unique Identifier (EUID), companies can now be reliably identified and verified across jurisdictions. This reduces administrative friction, eliminates the need for certified translations, and supports the “once-only” principle for cross-border activities.
There’s a growing expectation that registry data feeds directly into compliance workflows, risk analysis systems, and public service delivery platforms. Whether it’s sanctions screening, beneficial ownership transparency, or AML/CFT supervision, registries play a foundational role. That means the quality, timeliness, and structure of registry data matter more than ever.
Some jurisdictions are already responding:
- In Italy, InfoCamere is utilizing AI not only to classify business activities but also to extract structured data from unstructured documents, identify legal representatives, and detect form-filling errors, all while preserving privacy through robust anonymization techniques.
- Meanwhile, in Spain and Italy, comparative analyses of digital sector growth have been enabled by registry data in standardized XBRL formats, supporting policy decisions based on robust evidence.
- In the Netherlands, a close partnership between the statistical office and the Dutch Chamber of Commerce enables daily updates and enriched datasets, which combine registry data with tax and social security information. This enhances not only legal reliability but also the accuracy of national and cross-border business statistics.
However, the transformation isn’t just technical, it’s also strategic. Operating effectively in a data-driven world means rethinking roles and responsibilities. Registries must embrace semantic clarity, support robust APIs, and ensure data is timestamped and traceable. Legal frameworks must enable secure integration with other data sources while protecting privacy and ensuring the rights of personal data.
The message is clear: in a fast-evolving digital economy, where regulatory demands are growing and risks are more interconnected than ever, registries aren’t just service desks. They are stewards of high-value data. The more reliable, accessible, and well-structured their information is, the greater the value they create, not just for governments or businesses but for society as a whole.
Beneficial Ownership: AML Reform in Action
Beneficial ownership (BO) registries are entering a new era, characterized by a more proactive stance, accountability, and a central role in combating financial crime. Registries are no longer viewed as passive data collectors, but as active participants in verifying information, resolving inconsistencies, and supporting broader efforts in risk management and transparency.
The European Commission outlined this shift clearly. Under the new directive and regulation, registries are now expected to verify the adequacy, accuracy, and timeliness of BO data. They must reconcile discrepancies and have the authority to impose sanctions for non-compliance. These are significant changes that elevate the role of registries in the broader fight against financial crime.
Two pillars define this evolution – data integrity and access to information. BO data must be timely, accurate, and complete to serve its purpose. This often includes collecting supporting documents and resolving mismatches within set timeframes. Meanwhile, access rules are evolving. While public access may be subject to legitimate interest, competent authorities such as FIUs, tax agencies, and law enforcement increasingly benefit from direct access to complete datasets.
Experts emphasized that BO data alone is rarely enough. Understanding real risk requires a broader view, linking BO information to company registries, financial filings, and property records. When integrated, these sources provide a more comprehensive view of ownership and control across jurisdictions.
Several examples from across Europe highlight how registries are adapting to these new responsibilities:
- Transparency International also shared a practical viewpoint. Investigative journalists and civil society rely heavily on BO data to uncover corruption and misuse of public funds. However, inconsistent access rules and data formats across EU countries limit their effectiveness. There is a growing call for registers to become more user-friendly, providing searchable, downloadable, and API-accessible information, as well as streamlined legitimate interest procedures.
- Belgium’s experience offers a concrete example. Since launching its BO register in 2017, it has expanded requirements to cover complete ownership chains and worked closely with stakeholders to clarify rules. With over 170 foreign jurisdictions linked to Belgian entities, complexity is high. In 2023 alone, over 15,000 discrepancy reports were submitted, many of which were generated automatically through data-matching tools used by the financial sector.
Looking ahead, many countries are working to standardize the collection, verification, and sharing of BO data. Technical frameworks are being developed to support quality, consistency, and practical cross-border cooperation. Registers are no longer just compliance mechanisms, they are becoming vital infrastructure for integrity and trust.
Cybersecurity: From Infrastructure to Culture
As registries deepen their digital operations and take on greater responsibility for data exchange, cybersecurity becomes a core responsibility. It is no longer limited to the IT department. It touches every aspect of how a registry functions, from the design of systems to the delivery of services and the protection of data on a day-to-day basis.
With increasing interconnectivity, third-party services, and reliance on cloud infrastructure, registries face growing exposure to cyber risks. These risks go beyond technical flaws. Insider threats, human error, and vulnerabilities in the supply chain all create potential entry points for attackers. Cyber incidents, such as ransomware or data breaches, are not rare disruptions. They are a real and ongoing threat to registry operations and public trust.
In the European Union, the NIS 2 Directive places clear expectations on registries classified as essential entities. The directive requires structured risk management, timely incident reporting, and business continuity planning. It also calls for governance models that support cybersecurity as an institutional priority. While NIS 2 applies specifically to EU jurisdictions, the principles are relevant globally. Maintaining the reliability and integrity of registry services depends on digital resilience, not just legal authority.
Cybersecurity is not an isolated function. It is a foundation for delivering trusted public services. Registries must integrate security into all aspects of procurement, system architecture, software development, and daily workflows. Every decision, from vendor selection to the management of access rights, affects the institution’s security posture.
To strengthen their defences, registries are increasingly collaborating through cybersecurity networks. These platforms enable peers to share early warnings, exchange practical experiences, and support one another in building maturity. In a rapidly evolving threat landscape, cooperation becomes just as crucial as technology. A good example of this is the Cyber Security Network launched by the European Business Registry Association (EBRA), which brings together registries from across Europe to share incident response insights, identify risks, and build collective resilience through trusted communication and joint initiatives.
New tools, such as artificial intelligence, offer efficiency gains but also introduce new risks if deployed without proper oversight. AI can help detect anomalies or automate data checks, but it also expands the attack surface and raises new governance questions. Adopting innovative solutions must go hand in hand with risk awareness and clear accountability.
Trust in registries depends on more than accurate data. It depends on secure systems, prepared teams, and leadership that views cybersecurity as a strategic function. In a data-driven environment, resilience is not optional. It is essential to the credibility, continuity, and impact of every modern registry.
How NRD Companies Can Help
With over 30 years of global experience in registry modernization, NRD Companies offers targeted solutions and advisory support to help authorities address today’s most pressing challenges in data governance, compliance, and digital transformation.
Ready-to-Deploy and Configurable Registry Solutions
NRD Companies offers a suite of ready-to-deploy solutions built on a unified registry platform. This platform enables the rapid deployment of sector-specific modules, including business, beneficial ownership, and secured transactions or any other registries, while remaining adaptable to each jurisdiction’s unique legal and operational context. Designed for interoperability, scalability, and configurability, these tools provide registries with a robust digital foundation to enhance service delivery, ensure compliance, and expedite the time-to-market for new functionality.
Flexible Collaboration Through Extended Teams
Recognizing that registry modernization is an evolving process, we offer flexible engagement models that go beyond traditional project delivery. Our Team-as-a-Service approach allows registry authorities to augment their internal capacity with dedicated professionals from NRD Companies, ranging from analysts and architects to UX specialists, developers, and trainers. This model ensures continuity, knowledge transfer, and iterative development support. For more defined needs, we also deliver fixed-scope enhancements, enabling fast and efficient implementation of new features or regulatory changes.
Capacity Building & Strategic Advisory
To complement technical implementation, NRD Companies also provides advisory support and capacity-building programs – helping registry authorities navigate reforms, improve internal processes, and build institutional capabilities for long-term success.
The Core Trends Defining the Future of Registries
- Registries are no longer static repositories – they are critical infrastructure, enabling cross-border trust, economic development, and public accountability.
- AI is here to stay, and registries must adopt it responsibly – guided by transparency, ethics, and regulation.
- High-quality, connected data is foundational to everything from service delivery to fraud prevention.
- Beneficial ownership reform is accelerating, with higher expectations for data verification, interoperability, and public access.
- Cybersecurity is now a strategic pillar, requiring strong governance, risk management, and compliance with NIS 2.
Ready to modernize your registry? Let’s talk.
If your registry is preparing for reforms, navigating AML or cybersecurity obligations, or planning a digital transformation, NRD Companies is ready to support your journey with proven, practical solutions.
Thank you for your message!
Our team will review it and get back to you shortly. For urgent questions, you can reach us at connect@nrdcompanies.com.
