REGON
Detects REGON patterns. This pattern is based on a Microsoft Purview built-in sensitive information type. Users already running Purview may prefer to enable the built-in SIT directly, or use this version as a starting point for customisation.
- Type
- regex
- Engine
- universal
- Confidence
- medium
- Confidence justification
- Medium confidence: pattern has structural constraints but corroborative keywords are recommended to reduce false positive rates.
- Detection quality
- Verified
- Jurisdictions
- eu, pl
- Regulations
- BDSG, CNIL / LIL, GDPR
- Frameworks
- ISO 27001, ISO 27701
- Data categories
- pii, government-id
- Scope
- narrow
- Risk rating
- 9
- Platform compatibility
- Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Compatible, Netskope: Compatible
Pattern
\b\d{9}(\d{5})?\bCorroborative evidence keywords
REGON, statistical number, register of national economy, ID number, identification, ID card, license, permit, registration, certificate
Proximity: 300 characters
Should match
123456789— Nine-digit REGON (small entity)12345678901234— Fourteen-digit REGON (local unit)987654321— Another nine-digit REGON
Should not match
12345678— Too few digits (8)1234567890— Invalid length (10 digits)
Known false positives
- Nine-digit or fourteen-digit numeric sequences may match phone numbers or other administrative references. Mitigation: Require corroborative evidence keywords such as "REGON" within the proximity window.
- In multiple languages, similar terminology used in formal or administrative contexts (education, professional documentation) that does not constitute sensitive data collection. Mitigation: Layer with additional contextual signals such as structured identifiers, form fields, or database column headers to distinguish sensitive records from general references.