Context
Companion to #22, which covers the Time Machine (SOAP history) side of the same change. This issue covers the live lookup side.
From 10 July 2026 (the AMLD6 transposition deadline) an unknown future date, Estonia's e-äriregister stops showing beneficial ownership data to unauthenticated users. Enquiries will require e-ID login (ID-card, Smart-ID, Mobile-ID or EU eID), access becomes purpose-based (competent authorities, obliged entities, legitimate interest), BO data stops being published as open-data files, and BO data is removed from the Detailed Data API in favour of a dedicated, entitlement-gated Beneficial Owners API. Background: Silva Hunt summary of the new access rules; register at ariregister.rik.ee.
Estonia has never had domestic trusts (no Estonian trust law — foundations/sihtasutus fill that niche and remain covered as legal persons), so the loss is specifically the company BO table.
How this hits OpenCheck's live lookup
The ariregister adapter's lookup path is a no-credential public scraper: it reads the company print page (GET /eng/company/{reg}/company_print_json) and parses three tables — officers, shareholders, and beneficial owners (_parse_beneficial_owners in backend/opencheck/sources/ariregister.py). map_ariregister() in backend/opencheck/bods/mapper.py turns each BO row into a BODS person statement + ownership-or-control relationship, which render as nodes/edges in the graph view.
Once the BO table is no longer served to anonymous visitors, the expected behaviour is graceful degradation: _find_table finds no matching table → beneficial_owners: [] → no BO statements → no BO nodes in the graph. Officers and shareholders are registry-card data and are unaffected.
What to do
Notes for whoever picks this up
- Existing tests use offline HTML fixtures captured before the change, so they will keep passing regardless — only a live check shows the real post-change behaviour. Consider capturing a fresh post-change fixture for the anonymous view and adding a test pinning the graceful-degradation path.
- The adapter's stub-detection rule is: if the response URL no longer contains
/eng/company/, the server redirected away (company not found). Verify the new access regime doesn't trip this for valid companies.
- No frontend changes expected: the graph simply renders whatever statements arrive.
Context
Companion to #22, which covers the Time Machine (SOAP history) side of the same change. This issue covers the live lookup side.
From
10 July 2026 (the AMLD6 transposition deadline)an unknown future date, Estonia's e-äriregister stops showing beneficial ownership data to unauthenticated users. Enquiries will require e-ID login (ID-card, Smart-ID, Mobile-ID or EU eID), access becomes purpose-based (competent authorities, obliged entities, legitimate interest), BO data stops being published as open-data files, and BO data is removed from the Detailed Data API in favour of a dedicated, entitlement-gated Beneficial Owners API. Background: Silva Hunt summary of the new access rules; register at ariregister.rik.ee.Estonia has never had domestic trusts (no Estonian trust law — foundations/sihtasutus fill that niche and remain covered as legal persons), so the loss is specifically the company BO table.
How this hits OpenCheck's live lookup
The
ariregisteradapter's lookup path is a no-credential public scraper: it reads the company print page (GET /eng/company/{reg}/company_print_json) and parses three tables — officers, shareholders, and beneficial owners (_parse_beneficial_ownersinbackend/opencheck/sources/ariregister.py).map_ariregister()inbackend/opencheck/bods/mapper.pyturns each BO row into a BODS person statement + ownership-or-control relationship, which render as nodes/edges in the graph view.Once the BO table is no longer served to anonymous visitors, the expected behaviour is graceful degradation:
_find_tablefinds no matching table →beneficial_owners: []→ no BO statements → no BO nodes in the graph. Officers and shareholders are registry-card data and are unaffected.What to do
_find_tableor the not-found redirect check. If the print page now errors or redirects for anonymous users entirely, the adapter needs a guard so officers/shareholders parsing still succeeds._parse_beneficial_ownersis harmless when the table is absent and documents what the register used to expose. Do not wire in the new Beneficial Owners API — it requires an entitlement Estonia does not grant anonymous foreign tools, and OpenCheck's model is open data only.docs/sources.md: the Estonian adapter now yields officers and shareholders but no beneficial owners. Without this note, missing Estonian BO nodes will look like a bug to future readers.map_ariregister()'s docstring and the adapter module docstring should note the reality after access revoked (they currently say the parser extracts "officers, shareholders, and BOs").Notes for whoever picks this up
/eng/company/, the server redirected away (company not found). Verify the new access regime doesn't trip this for valid companies.