Indicium vs. Sterling, Checkr and HireRight: The DACH Comparison
Anyone looking for background-check software in the DACH market quickly comes across the US heavyweights Sterling, Checkr and HireRight. This comparison shows which solution fits when — and why GDPR is central to the decision.
The providers at a glance
Sterling
Founded: 1975, USA (New York)
Focus: Enterprise customers worldwide
Strength: Largest database, broad feature set
Weakness: US-centric, GDPR compliance retrofitted
Checkr
Founded: 2014, USA (San Francisco)
Focus: Tech companies, gig economy (Uber, Airbnb)
Strength: Modern API, fast integrations
Weakness: Strongly US-focused, little DACH presence
HireRight
Founded: 1995, USA (Irvine, CA)
Focus: Global Enterprise, over 100 countries
Strength: Global reach, broad compliance portfolio
Weakness: Complex implementation, little DACH-specific functionality
Indicium
Founded: 2020 in Zug (CH)
Focus: DACH market, EU regulation
Strength: GDPR-native architecture, BaFin fit-and-proper capable, German language/support
Weakness: Younger company, smaller global data set than the US incumbents
The GDPR difference
This is the key differentiator for the DACH market.
US providers: GDPR retrofitted
Sterling, Checkr and HireRight were built for the US market. US data protection (FCRA, state laws) differs fundamentally from GDPR:
Opt-out is the standard, not opt-in
Data retention periods are longer
Transfers to third countries such as the US are problematic under Schrems II
Many US providers process data on US servers (CLOUD Act risk)
GDPR compliance was implemented later — often via sub-processing agreements and EU entities. This works, but is legally more fragile than GDPR-native solutions.
Indicium: GDPR by Design
Indicium was developed from the outset for EU data protection:
Servers exclusively in the EU
Opt-in as standard (documented consent for each check)
Data processing under Art. 6 GDPR and Section 26 BDSG
Data processing agreement under Art. 28 GDPR
Automatic deletion after 90 days (configurable)
No US data transfers
For data protection officers and legal counsel, this is a decisive difference.
Feature comparison
Feature | Sterling | Checkr | HireRight | Indicium |
|---|---|---|---|---|
Identity verification | Yes | Yes | Yes | Yes |
Sanctions list screening (EU/UN/OFAC) | Yes | Yes | Yes | Yes |
PEP check under the German Anti-Money Laundering Act (GwG) | Partially | No | Yes | Yes |
BaFin fit-and-proper | No | No | Partially | Yes |
German adverse media | Limited | Limited | Partially | Yes (DACH focus) |
GDPR by Design | No (retrofitted) | No | Partially | Yes |
Servers in EU | Partially | Partially | Yes | Yes (exclusively) |
German user interface | Partially | No | Yes | Yes |
German support | Partially | No | Yes | Yes (primary language) |
API integration (Personio) | No | No | No | Yes |
API integration (SAP SuccessFactors) | Yes | Partially | Yes | Yes |
API integration (Workday) | Yes | Yes | Yes | Yes |
Price comparison
Provider | Starting price | Price per check | Comment |
|---|---|---|---|
Sterling | Enterprise deals, not public | 40–120 USD (estimated) | Enterprise only, minimum volume |
Checkr | 29 USD for Basic | 29–249 USD | Pay-per-check model |
HireRight | Enterprise deals | 50–200 USD (estimated) | Enterprise contracts only |
Indicium | €1,990 / month | from €119 (for enterprise) | Transparent package pricing, free trial |
When each provider fits
Sterling or HireRight fit if:
You are a global corporation with 1,000+ hires per year
You have offices in 20+ countries
You need checks in exotic regions (sub-Saharan Africa, Southeast Asia)
GDPR risk is accounted for in risk management
Budget for enterprise contracts is available
Checkr fits if:
You are a tech startup with high hiring volume in the US
API-first mentality and fast integration matter
You prefer pay-per-use instead of fixed packages
DACH regulation is not a focus
Indicium fits if:
Main market is DACH + EU
GDPR compliance is mandatory (compliance function, legal)
Regulated industry: banks, insurance, fintech, BaFin-licensed
Personio, SAP, Workday are used as HR systems
German support and German contract drafting are desired
Mid-sized company (20–500 hires per year)
The Switzerland and EU regulatory advantage
European regulation goes significantly beyond GDPR — and that is exactly where Indicium's structural advantage over US providers lies.
Switzerland: revFADP + FINMA compliance
The revised Swiss Data Protection Act (revFADP, since September 2023) is close to GDPR, but not identical law. Differences exist, among other things, in notification obligations (72 hours vs. "as soon as possible") and fines (personal liability instead of corporate fines). Sterling, Checkr and HireRight do not have specific revFADP documentation publicly available. Indicium explicitly documents both GDPR and revFADP in parallel — crucial for Swiss banks under FINMA supervision and their fitness person checks under Art. 3 BankG.
EU regulation: CRD VI, EBA-ESMA, AMLR
The EBA-ESMA Joint Guidelines on Suitability 2024 and CRD VI tighten fit-and-proper requirements across the EU. The new AMLR (from 2027) and AMLA (Frankfurt) significantly expand the monitoring regime. US providers must map these requirements through European subsidiaries — structurally retrofitted. Indicium is designed in Europe and therefore adapts more quickly to new EU regulations.
Austria: EU law + national specifics
Austria applies EU law directly. Additional local requirements come via the FMA (financial sector), Section 10 AVRAG (employee data protection) and Section 1151 ABGB. Indicium supports Austrian customers with a German-language interface and can provide contract drafting under Austrian law on request.
Typical combinations
Many DACH companies use combinations:
Indicium as the primary tool for DACH hiring + Sterling/HireRight for international executive search
Indicium as a compliance layer (BaFin fit-and-proper) + existing HR screening for standard roles
Migration from a US provider to Indicium after a Schrems II ruling and a GDPR audit
Summary
Sterling, Checkr and HireRight are strong tools for global enterprise use — but GDPR-retrofitted and US-centric. Indicium is the GDPR-native alternative for the DACH market with a clear BaFin focus.
For DACH companies with regulated roles or a priority on data protection, Indicium is the lower-risk choice. For global corporations with a US headquarters, Sterling or HireRight may still be the right decision.
Book a demo and compare Indicium directly with your current tool. Or take a look at the Trust Center for the compliance documents.
Nabil El Berr
