NIE

Detects NIE patterns. This pattern is based on a Microsoft Purview built-in sensitive information type. Users already running Purview may prefer to enable the built-in SIT directly, or use this version as a starting point for customisation.

Type

regex

Engine

universal

Confidence

medium

Confidence justification

Medium confidence: pattern has structural constraints but corroborative keywords are recommended to reduce false positive rates.

Detection quality

Verified

Jurisdictions

eu, es

Regulations

BDSG, CNIL / LIL, GDPR

Frameworks

ISO 27001, ISO 27701

Data categories

pii, government-id

Scope

narrow

Risk rating

8

Platform compatibility

Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Compatible, Netskope: Compatible

Pattern

\b[XYZ]\d{7}[A-Z]\b

Corroborative evidence keywords

identifier, number, ID, ID number, identification, ID card, license, permit, registration, certificate

Proximity: 300 characters

Should match

• X1234567A — NIE with X prefix
• Y7654321B — NIE with Y prefix
• Z0000001C — NIE with Z prefix

Should not match

• A1234567A — Invalid prefix letter (A instead of X/Y/Z)
• X123456A — Only 6 digits instead of 7
• X12345678A — 8 digits instead of 7

Known false positives

• Common words and phrases related to nie appearing in policy documents, training materials, HR templates, or compliance guidelines without actual personal data. Mitigation: Require corroborative evidence keywords within the proximity window to confirm sensitive data context rather than general discussion.
• In multiple EU languages, similar terminology used in formal or administrative contexts (education, professional documentation) that does not constitute sensitive data collection. Mitigation: Layer with additional contextual signals such as structured identifiers, form fields, or database column headers to distinguish sensitive records from general references.

References

• Spain DNI entity definition - Microsoft Learn

Collections

• European National IDs
• GDPR Personal Data Kit