EXPATLEGAL#Stand With Ukraine
Compliance

Compliance & Standards

How EXPAT LEGAL meets European regulatory requirements.

Regulatory framework

EXPAT LEGAL OÜ operates as an EU-registered platform and aligns its practices with the regulations below. Each links to its official text.

GDPR (EU 2016/679)Scope: Personal data protectionCompliant — DPO designated
AML Directive 2015/849 (AMLD4)Scope: Anti-money launderingPolicy in place — see AML Policy
EU Digital Services ActScope: Platform accountabilityCompliant as a small platform
eIDAS Regulation (EU 910/2014)Scope: Electronic identificationIdentity verification aligned
Consumer Rights Directive 2011/83/EUScope: Client protections14-day withdrawal rights disclosed

Information security

EXPAT LEGAL implements information-security practices aligned with ISO/IEC 27001 principles, including:

  • Encrypted data transmission (TLS 1.3)
  • Access control and least-privilege principles
  • Regular security reviews
  • Incident-response procedures
  • A vulnerability-disclosure policy (see /.well-known/security.txt)

Payment security

Payment processing is handled exclusively by Mercuryo (mercuryo.io), a licensed Electronic Money Institution authorised under EU payment-services regulations. EXPAT LEGAL does not store or process payment-card data. All payment data is subject to Mercuryo's PCI-DSS compliance programme.

Mercuryo

Specialist verification standards

Every specialist passes a five-stage protocol before a profile goes live. Around 40% of applicants are rejected.

  1. 1

    Credential submission

    The specialist submits a degree certificate, a current practising licence, government-issued ID, and proof of professional indemnity insurance.

  2. 2

    Registry verification

    EXPAT LEGAL verifies the practising licence against the official professional registry of the specialist's jurisdiction of practice. For lawyers: the national bar association. For accountants: the national accountancy body. For notaries: the national notary council.

  3. 3

    Identity proofing

    The identity document is verified against the specialist's face by video, aligned with the eIDAS identity-assurance level "Substantial".

  4. 4

    Structured competency interview

    A recorded interview of at least 30 minutes, conducted by EXPAT LEGAL compliance staff, covering jurisdictional knowledge, ethical obligations, case-handling procedures and acknowledgement of platform policy.

  5. 5

    Probationary monitoring

    The first 10 consultations are subject to enhanced monitoring. A specialist must maintain at least a 4.0 rating to keep active status.

Ongoing: annual re-verification. An immediate review is triggered by any formal complaint.

Client rights

Under EU consumer-protection law, clients using EXPAT LEGAL have the following rights:

Right to refund

If the service is not provided — within T+3 business days.

Right to dispute

Any transaction, within 72 hours of the scheduled service.

Right to data access

Request all personal data held about you (GDPR Art. 15).

Right to erasure

Request deletion of your personal data (GDPR Art. 17).

Right to escalation

Escalate unresolved disputes to the Estonian Consumer Protection Board.

Contact for rights requests:

dpo@expatlegaleu.it.com

Designated officers

Compliance & Legal

Money Laundering Reporting Officer (MLRO)

compliance@expatlegal.com

Data Protection

Data Protection Officer (DPO)

dpo@expatlegal.com

Client Protection

Client Relations & Disputes

support@expatlegal.com
Find a specialist