A candidate has passed the final interview round. The hiring team is enthusiastic. Then comes the question: how long will the screening take? In many companies, the answer is two to four weeks. By then, the candidate has accepted an offer elsewhere. This is not an edge case. It is the everyday reality for HR teams across the DACH region – particularly in a market where skilled professionals make decisions within days. The problem is not a lack of willingness. It is infrastructure.

This article explains why background checks in Europe have historically taken so long, what has changed technically and legally – and how modern platforms solve the problem.

Why background checks in Europe take so long

Most HR teams screening candidates today work with a mix of manual processes: emails to former employers, PDF applications for criminal record extracts, external vendors for credit checks. No central system, no automated workflow, no clear SLA. There is also a structural peculiarity of the European market: many of the best-known screening providers are US or UK-based. Their data infrastructure is designed for Anglo-American legal frameworks – broad database access that is partially or wholly incompatible with GDPR. The result: companies either forgo a large portion of available screening options, or they work with providers whose data protection compliance is incompletely documented.


„The biggest mistake companies make is not screening too much, it’s screening too little, too late, and without documentation.“ Reto Marti, Managing Partner, Validato AG

What GDPR, nDSG, and new regulations mean in practice

The General Data Protection Regulation does not only govern which data may be processed, but also where, for how long, and on what legal basis. For background checks, this means:

  1. A legal basis is always required (Art. 6 GDPR) – typically legitimate interest or contract performance.
  2. Data processing outside the EU or EEA is only permitted under strict conditions.
  3. Candidates have comprehensive rights of access and erasure that must be documented.
  4. Incidents are subject to reporting obligations and can result in significant fines.

In parallel, NIS2 and DORA are tightening requirements for companies in critical sectors: they must be able to demonstrate that they systematically screen personnel and suppliers. BSI C5:2026 explicitly anchors personnel screening as a control measure for cloud service providers. KRITIS-DachG expects comparable evidence from operators of critical infrastructure.

Background screening is therefore no longer an optional HR feature. It is a regulatory obligation.

What a modern screening system must deliver

The requirements for a professional screening platform are clear: it must be fast, legally documented, run on EU infrastructure, and flexible enough to support different levels of scrutiny depending on role or risk profile.

Configurable modules instead of one-size-fits-all

Not every position requires the same depth of screening. An intern needs a different level of scrutiny than a CFO or an IT administrator with access to critical systems. A good platform allows screening profiles to be defined by risk category and applied consistently.

Automation as a prerequisite for speed

Manual processes are the single biggest drag on turnaround time. Direct database connections, automated candidate workflows, and digital consent management reduce processing time from weeks to hours. Validato’s platform is API-ready and integrates with common ATS systems.

Compliance by design, not by add-on

EU hosting, AES-256 encryption, four-eyes principle, complete audit trails: these should not be expensive extras. They should be the baseline – for every customer, not just enterprise tiers.

The pay-per-use model: why flexibility matters

Many companies hesitate to adopt screening platforms because they anticipate minimum volumes or annual licences. The reality for most HR teams looks different: hiring volumes fluctuate, and screening needs are project-dependent.

A pay-per-use model adapts to this pattern. Individual checks are just as straightforward as large-scale programmes – with identical quality, documentation, and legal compliance. No lock-in, no hidden base fees.

Further reading and internal links

  1. Platform overview
  2. Module: Identity verification
  3. NIS2 and HR: what companies need to do now
  4. BSI C5:2026 and personnel screening


Book a demo – background checks in hours, not weeks