Compromised data
A criminal can use copies of identity documents or leaked personal data to request online loans in someone else’s name.
Campaign to amend O.G. 85/2004
Not In My Name.
No verified identity, no enforceable remote loan.
In Romania, a remote loan can trigger account freezes, enforcement, and negative credit reporting even when the real person never gave consent. We are calling for clear rules: robust identity verification before funds are disbursed, real protection for victims of identity fraud, and no enforceability when those checks were ignored.
O.G. 85/2004O.U.G. 50/2010Law 129/2019RIL 23/2019
Stolen data is not consent.
Identity fraud should never become enforceable debt. Yet the victim often bears the consequences first: frozen accounts, enforcement, stress, lost time, and legal costs just to prove they never asked for the loan.
Remote contract logic
In its current form, the law links contract formation to the confirmation received by the consumer, not to a robust technical identity check.
Strong enforceability
RIL 23/2019 reinforced the idea that a remote financial-services contract may be enforceable even without handwritten or advanced electronic signatures, unless the parties required a signature for validity.
The victim fights after the damage
In practice, the burden of stopping enforcement and proving the lack of real consent lands on the very person who should have been protected from the start.
How the legal gap looks in practice
1. Personal data reaches a third party
Through theft, a security breach, phishing, or abusive reuse of identity documents.
2. A remote loan is requested
The digital flow continues without a robust, uniform and expressly mandatory identity-verification step.
3. The contract starts producing effects
Funds are disbursed, negative reporting appears, or enforcement begins.
4. The real person has to repair the damage
Only after the harm exists does the person begin fighting to prove that identity and intent were falsified.
Simple rules. Real protection.
This campaign is not asking to ban online lending. It is asking for online lending with verified identity, real consent, and effective protection for the victim.
Robust multi-factor verification
A legal obligation before contract formation and before any funds are made available.
Biometric liveness + independent factor
Identification should include liveness detection and at least one independent factor from another category.
No disbursement before verification
Funds should not be released until the mandatory checks have been completed successfully.
No enforceability without minimum checks
Contracts granted without the minimum safeguards should lose their enforceable effect.
Suspend enforcement and negative reporting
A substantiated identity-fraud complaint should stop the damage temporarily until the case is clarified.
Keep logs and recordings
Technical evidence of identification should be retained for at least 5 years and made available to authorities and courts.
Today vs. after reform
Today
- the speed of the digital flow can outweigh real verification of the person
- the victim quickly bears legal and financial consequences
- clarification happens only after the harm has appeared
- consumer protection is not tied strongly enough to the contract’s enforceable power
After reform
- identity is checked technically and evidentially before any disbursement
- a contract without minimum safeguards cannot be used as an enforcement tool
- a substantiated complaint suspends enforcement and negative reporting
- the market remains digital, but with clear and verifiable standards
The legal pieces already exist. They need to be connected.
O.G. 85/2004, O.U.G. 50/2010 and Law 129/2019 already contain elements on consumer protection, pre-contract information and customer due diligence. The reform makes the bridge explicit between verified identity and the practical validity and enforceability of a remote loan contract.
ANPC + consentO.G. 85/2004 - Articles 8, 23 and 24Remote contract formation is linked to confirmation, ANPC is the competent authority, and the burden of proof regarding consent and information duties falls on the provider.
O.G. 85/2004 - Articles 8, 23 and 24
Remote contract formation is linked to confirmation, ANPC is the competent authority, and the burden of proof regarding consent and information duties falls on the provider.enforceabilityRIL 23/2019Romania’s High Court held that a remote financial-services contract may be enforceable even without handwritten or advanced electronic signatures, unless the parties made a signature a validity requirement.
RIL 23/2019
Romania’s High Court held that a remote financial-services contract may be enforceable even without handwritten or advanced electronic signatures, unless the parties made a signature a validity requirement.informationO.U.G. 50/2010 - pre-contract informationCreditors must provide timely pre-contract information on a durable medium so that consumers can make an informed decision.
O.U.G. 50/2010 - pre-contract information
Creditors must provide timely pre-contract information on a durable medium so that consumers can make an informed decision.KYCLaw 129/2019 - KYC and retentionCustomer identity must be identified and verified through secure and independent sources, including remote identification processes accepted nationally, and records must be retained.
Law 129/2019 - KYC and retention
Customer identity must be identified and verified through secure and independent sources, including remote identification processes accepted nationally, and records must be retained.procedureO.G. 27/2002 - petition deadlinesPublic authorities must answer petitions within 30 days, with a possible extension of up to 15 days where further inquiry is needed.
O.G. 27/2002 - petition deadlines
Public authorities must answer petitions within 30 days, with a possible extension of up to 15 days where further inquiry is needed.EU frameworkEU context - AMLD and EBAAt EU level there is already a due-diligence, remote-onboarding and risk-control logic. The campaign asks for those standards to have clear effects in domestic consumer law as well.
EU context - AMLD and EBA
At EU level there is already a due-diligence, remote-onboarding and risk-control logic. The campaign asks for those standards to have clear effects in domestic consumer law as well.Personal complaint templates
Fill in your details and instantly generate a customized petition text that you can copy or send by email to Parliamentarians, Senators, the Chamber of Deputies, or Members of the European Parliament.
Frequently asked questions
Is this campaign against online lending?
No. The campaign supports safe online lending. The core idea is simple: no verified identity, no enforceable effect against the real person.
Are you demanding only qualified electronic signatures?
No. We are demanding robust multi-factor verification. A qualified signature can be one option, not the only one.
Why is ANPC central here?
Because Article 23(2) of O.G. 85/2004 expressly places complaints and reports concerning distance financial contracts within ANPC’s competence.
What changes for victims?
The goal is that victims are no longer enforced first and heard later. A substantiated complaint of identity theft or fraud should suspend enforcement and negative reporting until the case is checked.
Will you publish the signed document in full?
No. The full signed document contains personal data, so we do not publish it in full. The website shows only the public version, without sensitive details.
Three steps to turn the issue into real reform
Read the full petition
The dedicated page brings together the executive summary, the technical proposal and the requests addressed to ANPC.
Share the campaign
Use the share button or copy the page link and send the message further.
Check the sources
The resources page gathers the key laws, decisions and public articles about real-life cases.