For a few years it was possible, in much of Europe, to look up who really owns a company — the human beneficial owner behind the shell, in a public register anyone could search. Then, on 22 November 2022, the Court of Justice of the EU struck that access down, and within weeks registers across the continent went dark. DarkRegister records what happened next: which registers closed, which reopened to a narrow audience, and which stayed open — a running account of corporate-transparency rollback.
It tracks 62 jurisdictions — the EU-27, the UK, US, Ukraine, Canada, and the major offshore financial centres — and the finding is stark: 53 of the 62 are no longer fully public. It is part of Voidly, which documents the things power would rather keep dark; here the subject is ownership itself. This is how it is built, and why it documents a privacy ruling without ever republishing the data that ruling protected.
What the court actually held
The ruling (joined cases C-37/20 and C-601/20) did not say beneficial-ownership data was unlawful to collect or hold. It said that making it accessible to the general publicwas a disproportionate interference with the rights to privacy and data protection under the EU Charter. That distinction is the whole story: the data still exists in the registers; what changed is who may see it. The later AMLD6 directive restored access for a defined “legitimate-interest” audience — authorities, regulated businesses, journalists, civil society, academics — rather than for anyone.
The access taxonomy
DarkRegister sorts each register into one of five states, because “closed” is too blunt to be useful:
- Public — open: anyone can search it. Only 7 of the 46 — the UK, Poland, Latvia, Ukraine, Gibraltar, Canada, and (for legal entities) Bulgaria.
- Legitimate-interest gated: reopened under AMLD6 to journalists, CSOs, and others who can show a legitimate interest. The largest group — 23 jurisdictions, including France, Germany, Spain, the Netherlands, and (under legitimate-interest rules) the Cayman Islands and the BVI.
- Closed to the public: suspended after the ruling with no functioning legitimate-interest channel yet (Cyprus, Slovakia).
- Partial / restricted: access is restricted in a way that fits none of the other buckets — Croatia and Italy (national e-ID gating), plus Crown Dependencies and territories whose legitimate-interest channels are pledged but not yet in force (Jersey, Guernsey, Isle of Man, Bermuda, Australia, New Zealand).
- Never public: no public register ever existed — the United States, Switzerland, Singapore, Hong Kong, the UAE, and Panama, whose beneficial-ownership data was never open to the general public.
The hard part: documenting privacy without violating it
It would be self-defeating to protest a privacy ruling by republishing the very personal data the ruling protected. So DarkRegister holds no beneficial-owner names, no addresses, no dates of birth — no individual personal data of any kind.Every claim is a statement about what a government did to a register: it opened, it gated, it closed, on this date, under this legal basis, per this source. That is a matter of public accountability, not a re-publication of anyone's private details — the line between an accountability tracker and a re-identification corpus, and DarkRegister stays firmly on the accountability side.
The open ownership graph that survives
As the registers go dark, one open layer persists: the GLEIF Global LEI index, which records legal-entity-to-legal-entity ownership — which company owns which — under a CC0 licence. Because it concerns entities, not people, it carries none of the privacy exposure of the closing registers, and it can be preserved in full. DarkRegister captures GLEIF coverage (3.3 million legal entities, with per-jurisdiction counts) as the preservable counterweight to the closures: when a public register goes dark, the open corporate-ownership graph is what is left to build on.
Static, agent-first, CC BY
Like the rest of Voidly, DarkRegister ships as plain static JSON an agent can read in one request.
import requests
BASE = "https://ai-analytics.org/darkregister"
# Register-access status for 62 jurisdictions. Static JSON, no key, no rate limit.
status = requests.get(f"{BASE}/index.json", timeout=30).json()
gated = [j for j in status["jurisdictions"] if j["accessStatus"] != "public-open"]
print(len(gated), "of", status["meta"]["jurisdictionCount"], "registers no longer fully public")
# The open ownership graph that SURVIVES the closures: GLEIF (CC0, legal entities only).
gleif = requests.get(f"{BASE}/gleif-coverage.json", timeout=30).json()
print("Global legal entities in GLEIF:", gleif["meta"]["globalLeiTotal"])
# "Which registers are fully closed to the public?"
for j in status["jurisdictions"]:
if j["accessStatus"] == "closed-post-cjeu":
print(j["jurisdiction"], "—", j["legalBasis"])Where it stops — on purpose
The obvious next step — archiving the name-level ownership data before more registers close it — is exactly the move DarkRegister will not make without a lawful basis. Under GDPR, re-capturing and holding that personal data is itself a fresh processing act that needs its own justification; “it was public when I grabbed it” is not one. That layer waits behind a deliberate privacy-minimization design, not a scrape. DarkRegister preserves what is safe to preserve — the policy record and the open entity graph — and documents, precisely, where the line is.
Related writing: The Voidly Accountability Stack — how this fits with the other three Voidly lenses (censorship, banned books, the surveillance industry). And SpyLedger — the sister index applying the same source-cited, privacy-careful approach to surveillance vendors.
See also: Following the Money — the federal-data synthesis on tracing entities through US spending, contracts, and ownership records.