What background checks are available in Romania?

Standard checks include identity (CNP and Carte de Identitate), criminal record (Cazier Judiciar from the Ministry of Internal Affairs), education (RMU and ARACIS for HEIs, ANC for vocational), employment (REVISAL contracts register plus CNAS), and address. Credit checks via Biroul de Credit are available for relevant roles.

How long does background verification take in Romania?

Cazier Judiciar typically takes 1 to 3 working days when issued electronically. CNP identity is 1 to 3 days. RMU and ARACIS education verification is 3 to 7 days. REVISAL employment history is 2 to 5 days. Pre-2011 (pre-REVISAL) employment can stretch to 14 to 21 days via paper archives.

What's the regulatory environment for background checks in Romania?

Romania is GDPR-aligned, with regulator ANSPDCP (Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal). Law 190/2018 supplements GDPR. Cazier Judiciar requests for employment are restricted to specific roles under Law 290/2004 (finance, education, healthcare, security). Blanket screening is not permitted.

What are the common verification challenges in Romania?

Cazier Judiciar access for employment is sector-restricted under Law 290/2004, so general-role criminal checks are not legally available. Pre-2011 employment pre-dates REVISAL and requires physical archive retrieval. Romanian diacritics drop in transliteration. Moldovan and former-Soviet university claims need a different verification route.

Romania: Workforce Risk Intelligence

01 / Market Reality

Romania is the EU's fastest-growing nearshore verification corridor

19M+ population. EU member state with full GDPR applicability. REVISAL electronic employment registry. e-cazier digital criminal portal. Institutional response times slower than Poland or Czechia, but structurally sound.

Population

Southeast Europe, EU member

GDPR

Data protection

Law 190/2018 implements

REVISAL

Employment registry

Mandatory electronic register

e-cazier

Criminal register

Digital portal, regional courts

Romania offers EU-grade infrastructure with CEE-specific operational gaps

Structural risk profile for nearshore workforce screening

What's happening

Bucharest, Cluj-Napoca, Timisoara, and Iasi are emerging as major IT and BPO hubs. Oracle, Microsoft, HP, Amazon, and UiPath all maintain significant Romanian operations. Rising verification volumes as nearshore demand accelerates.

Why it matters

Romania operates under the same GDPR framework as Western Europe, but institutional responsiveness is 2-4 days slower than Poland or Czechia. The gap is operational, not regulatory. Screening programmes calibrated for EU-8 timelines will miss this.

Where it breaks

Tier-2/3 city candidates with non-digitized records. Small employers that fail to update REVISAL promptly. Regional courts slower to respond to e-cazier queries. Romanian-language requirements for registrar and court communication.

Reality insight

IT salaries in Romania are 30-40% lower than Poland and 50-60% lower than Western Europe. This cost advantage drives rapid hiring growth, but verification infrastructure has not scaled proportionally.

Decision trigger

Does your vendor have the same depth of local-source access in Cluj-Napoca and Timisoara as they do in Bucharest? Tier-2 city coverage is where vendor capability diverges most sharply.

02 / Hiring Risks

Red flags in Romania are structural, not dramatic

REVISAL trace gaps, unverifiable degrees, Schengen cross-border employment holes, and CNP validity issues. Lower fraud rates than South Asia, but the failures are harder to detect.

Four structural failure points in Romania screening

Failure modes are institutional. They do not resolve with better technology alone.

What's happening

REVISAL trace incomplete for small employers that delay or skip registration. 60% of education verifications still require manual registrar contact. Schengen freedom-of-movement creates cross-border employment gaps.

Why it matters

Every verification type depends on institutional response times that vary by region and institution size. Romanian registrars and courts respond primarily in Romanian. Non-Romanian-language requests face 2-4 week delays.

Where it breaks

Candidates with Schengen cross-border employment in Austria, Hungary, or Germany without formal notification. Degrees from non-ARACIS-accredited institutions. Criminal records from smaller counties (Tulcea, Constanta, Botosani) requiring 7-14 day archival searches.

Reality insight

REVISAL captures only formal employment contracts. Freelance work (PFA), civil contracts, and undeclared work are not recorded. For IT contractors and gig-economy workers, REVISAL alone will not reflect the full employment picture.

where verification actually resolves

Education verification paths: operational reality

Distribution across institutional access tiers. 60% still resolve via manual registrar chase.

100%

verification paths

ARACIS accredited (portal)2-4 day TAT, online access

20%

Registrar email/form6-10 day TAT, Romanian response

60%

Physical document request8-14 day TAT, archival lookup

20%

Source: OutsourceVerify Romania operating distribution, 2024-2026. ARACIS-accredited institutions comprise 40% of higher-ed market; remainder require manual registrar contact.

detection frequency

Red flag detection rate: Romanian tech and shared-services programmes

Per 1,000 candidates verified. IT and shared-services verticals, 2024-2026.

REVISAL trace incompleteinstitutional response gap

2.8-4.5%

28-45 / 1k

Degree unverifiableinstitution not in registry

2.2-3.8%

22-38 / 1k

Schengen cross-border gapemployment in Austria/Hungary

1.8-3.2%

18-32 / 1k

CNP validity issuechecksum mismatch or format

0.8-1.5%

8-15 / 1k

Source: OutsourceVerify Romania operating data, 2024-2026. REVISAL gaps are the primary variance driver, often due to small-employer non-compliance.

REVISAL is the strongest tool in CEE employment verification, but it has limits

Romania's mandatory electronic registry outperforms every CEE peer. The gaps are in what it does not capture.

What's happening

REVISAL (Registrul General de Evidenta a Salariatilor) is a mandatory electronic register where every Romanian employer must record all employment contracts, amendments, and terminations. No other CEE country has an equivalent system.

Why it matters

REVISAL provides a government-authenticated employment trace that does not rely on employer cooperation. When an employer is unresponsive or has ceased operations, the REVISAL extract serves as a reliable alternative.

Where it breaks

Freelance work (PFA / Persoana Fizica Autorizata), civil contracts (contracte de prestari servicii), and undeclared work are not recorded. For IT contractors and gig-economy workers, REVISAL alone will not reflect the full employment picture.

Reality insight

Data quality varies by employer size. Large employers update promptly. Small and informal employers may have gaps or delays of 2-4 weeks. The closest global comparisons are India's EPFO and Brazil's eSocial.

28-45

REVISAL gaps per 1,000

Primary red flag driver

60%

Education via registrar

Manual chase required

2-4 wk

Non-Romanian request delay

Language barrier TAT penalty

REVISAL

Unique in CEE

No peer equivalent

Decision trigger

Does your vendor have native Romanian-language capability for registrar and court communications, or do they rely on English-language requests that typically face 2-4 week delays?

03 / Compliance Landscape

GDPR applies directly. Law 190/2018 implements it. ANSPDCP enforces it.

Romania is a full EU member state. GDPR (Regulation 2016/679) has direct effect. There is no local "adaptation" layer as seen in non-EU countries. ANSPDCP fines range from RON 5,000 to RON 100,000 for screening violations.

GDPR + Law 190/2018: the binding compliance framework

Direct-effect EU regulation. Supervised by ANSPDCP with active enforcement.

What's happening

GDPR (Regulation 2016/679) applies in full force. Law 190/2018 implements GDPR into Romanian law. The supervisory authority is ANSPDCP (Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal).

Why it matters

Employment screening requires explicit consent in most cases. Legitimate-interest basis is permissible under Article 6(1)(f) with documented impact assessment. Criminal data processing requires additional legal basis under Article 10.

Where it breaks

Vendors processing Romanian personal data without documented DPIA, consent capture audit trail, or sub-processor list. Criminal record data retained beyond stated purpose. No breach notification SLA in the vendor contract.

Reality insight

ANSPDCP actively monitors how employers and screening vendors handle criminal record data. Fines range from RON 5,000 to RON 100,000 for GDPR violations in background checks, including processing criminal data without a valid legal basis.

Cazier Judiciar: the criminal clearance process

Candidates must self-obtain the Cazier Judiciar (Certificate of Criminal Records). Unlike some jurisdictions, Romanian law requires the individual to apply for their own certificate.
Standard issuance takes 3-4 business days via local court or police station. The e-cazier digital portal can reduce this to 1-2 days for candidates with valid electronic ID.
Rural or archival records (pre-2010, smaller counties) may take 7-14 days to retrieve.
Vendors can guide the process and validate the resulting document, but cannot submit the application on behalf of the candidate.

3-4 days

Standard Cazier issuance

Via local court or police station

1-2 days

e-cazier portal

Requires valid electronic ID

7-14 days

Rural / archival

Smaller counties, pre-2010 records

Procurement implication If your offshore workforce serves regulated clients in the EU, the verification programme must meet GDPR standards for criminal data processing (Article 10), not just general screening standards. Ask your vendor which ANSPDCP guidelines they comply with and whether they can produce a DPIA on demand.

Decision trigger

Does your current BGV contract reference GDPR Article 10 compliance for criminal data? Can your vendor produce a DPIA, consent capture audit trail, and sub-processor list on demand?

04 / Operational Gaps

Every check type has its own dependency chain, timeline, and failure mode

Constraints are institutional. Romanian response times are 2-3 days slower than Poland or Czechia on average. Cross-border Schengen employment adds 4-6 days per jurisdiction.

Verification process: where it stalls

Candidate consent

GDPR-compliant capture

Identity (CNP)

Carte de identitate, 0-1 day

Employment

REVISAL + HR confirm

Stall: small employer gaps

Education

ARACIS / registrar / archive

Stall: 60% manual chase

Criminal

e-cazier / regional courts

Gap: candidate self-obtains

Address

Admin records, field if needed

Identity: CNP-anchored system

CNP (Codul Numeric Personal): 13-digit unique national identifier issued at birth. Present on all government-issued documents. Format: YYMMDDSSSCCC with checksum validation.
Carte de identitate (national ID): primary identity document, issued by local police. Valid in EU/Schengen.
Passport: required for travel outside Schengen. CNP-linked.
Red flag: malformed CNP with checksum mismatch. Always validate format and checksum.

Employment: REVISAL is the independent layer

REVISAL captures all formal employment contracts, amendments, and terminations. Managed by ITM (Inspectoratul Teritorial de Munca).
CNPP (Casa Nationala de Pensii Publice) provides contribution history as a secondary verification source.
Gaps: freelance (PFA) work, civil contracts, undeclared employment. Schengen cross-border employment in Hungary, Austria, or Germany without formal notification.

Education: ARACIS vs. manual registrar

ARACIS (accreditation body) maintains registry of valid programmes. Direct portal lookup for accredited institutions (20% of cases, 2-4 day TAT).
MEC (Ministry of Education and Research) supervises higher education. Registry of Qualifications for recognised degrees.
60% of verifications resolve via manual registrar email or form (6-10 day TAT). 20% require physical document request (8-14 day TAT).
ENIC-NARIC evaluation for foreign degrees adds 3-6 weeks. Clarify degree origin early.

Schengen cross-border employment gaps Many Romanian candidates have worked in Hungary, Austria, Germany, or other Schengen states without formal notification. Always flag 6+ month unexplained gaps for cross-border trace. Schengen freedom-of-movement rules mean many candidates do not formally report interim employment.

Criminal: candidate-driven, regionally variable

Cazier Judiciar is the only document accepted as proof of criminal status for employment purposes.
e-cazier digital portal provides centralized access, but some regional courts respond slowly.
Older records (pre-2010) or records from smaller counties may require archival search, adding 5-10 days.
Name variations and transliteration issues are common across Romanian court systems.

turnaround time by check

Realistic TAT range per check type (days)

Observed ranges across Romania programmes. Gold marker = typical median.

IdentityCNP + document

0d3d7d10d14d

0-1 days

EmploymentREVISAL + HR confirm x 2

0d3d7d10d14d

2-8 days

EducationARACIS or registrar

0d3d7d10d14d

2-14 days

Criminale-cazier or regional court

0d3d7d10d14d

1-10 days

AddressBucharest vs tier-2

0d3d7d10d14d

1-8 days

CreditBiroul de Credit

0d3d7d10d14d

2-4 days

Source: OutsourceVerify Romania operating data, 2024-2026 rolling window.

What companies assume

EU market means fast, digitized verification

REVISAL covers all employment history

Criminal records are centrally accessible

Romanian TAT matches Poland or Czechia

English-language requests work fine

One process fits Bucharest and tier-2 cities

What actually happens

Institutional response times are 2-3 days slower than EU-8 peers. Mixed digitization across registrars and courts.

REVISAL captures formal contracts only. Freelance (PFA), civil contracts, and gig work are invisible.

Candidates must self-obtain the Cazier Judiciar. Regional courts have variable response times.

Romania is 2-4 days slower on average. Older records and rural jurisdictions extend this further.

Non-Romanian requests face 2-4 week delays. Native-language capability is essential.

Tier-2/3 candidates with non-digitized records add 4-8 days. Field-agent networks are thinner outside major cities.

Decision trigger

When your vendor reports "completed" on a Romanian employment check, does that mean REVISAL confirmation, or HR email only? Do you know the difference?

05 / Decision Impact

Three scenarios. Three different risk exposures.

Your operating context determines your verification risk. Each scenario below maps to a distinct failure mode.

Nearshore Scale-Up

Growing Romanian IT or BPO operations with 50+ hires/month across Bucharest, Cluj, and Timisoara. Tier-2 candidates create TAT outliers that break SLA reporting.

Risk: Vendor applies one-size-fits-all process that masks tier-2 verification depth gaps.

Medium exposure

EU Market Entry via Romania

First nearshore engagement in Romania. No baseline for institutional response times. Vendor selection based on price and SLA promises calibrated for Western Europe.

Risk: Verification programme designed without understanding Romanian institutional constraints.

Medium exposure

GDPR Audit Exposure

SOC 2, ISO 27001, or client audit requires evidence of GDPR-compliant screening. ANSPDCP enforcement on criminal data processing is active.

Risk: Vendor cannot produce DPIA, consent trails, sub-processor lists, or check-level closure evidence under GDPR Article 10.

Medium exposure

Decision trigger

The right question is not "which vendor covers Romania." It is: does the vendor have REVISAL access, native Romanian-language capability, and ANSPDCP-compliant data handling?

Executive Intelligence Summary

Romania: 7 conclusions for decision-makers

REVISAL is the strongest employment verification asset in Central and Eastern Europe. It provides government-authenticated employment traces that do not rely on employer cooperation. No other CEE country has an equivalent system.
REVISAL has blind spots. Freelance (PFA) work, civil contracts, and undeclared employment are not captured. For IT contractors and gig-economy workers, REVISAL alone will not reflect the full picture.
Romanian institutional response times are 2-3 days slower than Poland or Czechia. Programmes calibrated for EU-8 timelines will experience TAT overruns. Education verification (60% manual registrar) is the primary bottleneck.
Candidates must self-obtain the Cazier Judiciar. Vendors cannot submit criminal record applications on behalf of candidates. This adds a process dependency that vendor SLAs cannot control.
Native Romanian-language capability is not optional. Non-Romanian-language requests to registrars and courts face 2-4 week delays. Vendors without in-country Romanian speakers will consistently underperform.
Schengen cross-border employment creates invisible gaps. Romanian candidates frequently work in Austria, Hungary, and Germany without formal notification. Flag 6+ month unexplained gaps for cross-border trace.
ANSPDCP actively enforces GDPR on screening vendors. Fines from RON 5,000 to RON 100,000. Criminal data processing requires Article 10 compliance. Vendor evaluation should include DPIA, consent audit trail, and data residency documentation.

Country benchmark

Romania Verification Benchmark Pack

Market-specific constraints, institutional access data, typical timelines, and source verification pathways. PDF format, designed for internal circulation.

Request benchmark

Delivery in this market

Verification in this jurisdiction is executed by a regional cell with direct institutional access, operating under our central programme office. Cases run in parallel with other active markets. Evidence standards, quality gates, and escalation protocols are identical regardless of geography. Surge capacity is pre-built, not assembled on demand.

If this reflects your operating environment, we can outline a structure based on your hiring volumes and regions.

Validate Your Programme See the Romania programme

About this brief. Reflects the regulatory and operational landscape as of May 2026. GDPR, Law 190/2018, and all cited URLs are current as of publication. TAT ranges and red flag detection rates are first-party operating data from OutsourceVerify Romania programmes, presented as observed ranges.

References

GDPR (Regulation 2016/679). Full text, EUR-Lex. eur-lex.europa.eu
Law 190/2018 on Personal Data Protection. Romanian implementation of GDPR. dataprotection.ro
ANSPDCP (Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal). Romanian Data Protection Authority. dataprotection.ro
CNP (Codul Numeric Personal). National identification number. cnp.ro
REVISAL Electronic Employee Register. Ministry of Labor. revisal.gov.ro
CNPP (Casa Nationala de Pensii Publice). National Pension House. cnpp.ro
ARACIS (Agentia Romana de Asigurare a Calitatii in Invatamantul Superior). Accreditation Agency. aracis.ro
Ministry of Education and Research (MEC). edu.ro
IGPR (Inspectoratul General al Politiei Romane). General Police Inspectorate. politiaromana.ro
e-cazier Digital Criminal Extract Portal. Romanian regional courts. politiaromana.ro
Biroul de Credit (Romanian Credit Bureau). birouldecredit.ro
EU Cross-border Employment Verification Framework. GDPR reciprocity guidelines. EUR-Lex GDPR
Cazier Judiciar (Certificate of Criminal Records). National Criminal Records Office, Ministry of Justice Romania. just.ro
Ministry of Justice Romania. Criminal certificate issuance procedures. just.ro
ANSPDCP Enforcement Actions. Romanian Data Protection Authority sanctions register. dataprotection.ro
ITM (Inspectoratul Teritorial de Munca). Territorial Labour Inspectorate, REVISAL administration. inspectiamuncii.ro
PFA (Persoana Fizica Autorizata). Romanian freelance registration framework, ANAF. anaf.ro
Romania IT and BPO Market Overview. ANIS (Asociatia Patronala a Industriei de Software si Servicii). anis.ro
Major Tech Employers in Romania. Romania IT sector overview. investromania.gov.ro

Romania.Decision Intelligence Report

Romania is the EU's fastest-growing nearshore verification corridor

Red flags in Romania are structural, not dramatic

GDPR applies directly. Law 190/2018 implements it. ANSPDCP enforces it.

Cazier Judiciar: the criminal clearance process

Every check type has its own dependency chain, timeline, and failure mode

Identity: CNP-anchored system

Employment: REVISAL is the independent layer

Education: ARACIS vs. manual registrar

Criminal: candidate-driven, regionally variable

Three scenarios. Three different risk exposures.

Nearshore Scale-Up

EU Market Entry via Romania

GDPR Audit Exposure

Romania: 7 conclusions for decision-makers

Delivery in this market

References

Romania.
Decision Intelligence Report