Procedures applicable to the use of the Positive credit register’s certificate

The customer is accountable for the use of the certificate and for keeping the certificate safe. If the certificate’s private key is lost or falls into the wrong hands, the Tax Administration must be informed immediately.


Customer here means
• a credit reference agency according to section 15, subsection 4 of the Act on the Positive Credit Register
• an obliged entity (party with the reporting obligation) according to section 16
• a creditor (lender) or other trader (business operator) entitled to receive information according to section 21
• an authority according to section 24.

Certificate key pair refers to a pair of keys used in public key methods. The key pair consists of a public key and a private key. The private key is created by the user, and it is known only to the user. The private key may never be handed over to anyone, not even to the Tax Administration.

Customer's responsibilities regarding the use of the certificate

In order to access the Positive credit register’s APIs, the customer needs a certificate granted by the Tax Administration. The customer is identified by the certificate when they use the APIs.

The customer agrees to keep the certificate safe, so that it is available only to individuals who are entitled to use it. The customer identified by the certificate is responsible for all the operations performed through the API, such as submitting, requesting and retrieving data, until the certificate is revoked. In addition, the customer is responsible for the use of the checking loan data API, and for ensuring that the user can check only data that they are entitled to.

The customer is responsible for ensuring that the certificate holder has the right to use the certificate in the APIs. Authorisation documents must be presented upon request.

If the customer knows or suspects that the certificate’s private key has been lost or fallen into the wrong hands, they must inform the Tax Administration immediately. In this way, unauthorised use of the API service can be prevented. Further, if the certificate is not needed, it must be revoked.

You can request revocation of the certificate by phone:

During office hours (9 am–4 pm on business days)
The Positive credit register’s customer service: 029 497 570

Outside office hours
Only urgent revocation of certificates:+358 9 427 34 834

Page last updated 9/21/2023