Adyen
Amsterdam-headquartered Dutch credit institution running its own multi-region payment platform across EU, US and APAC.
Profile last updated: · View sources
About Adyen
Adyen N.V. is an Amsterdam-headquartered global financial technology platform founded in 2006 by Pieter van der Does, Arnout Schuijff and Roelant Prins. The company has been listed on Euronext Amsterdam (ticker ADYEN, ISIN NL0012969182) since 13 June 2018 and holds a Dutch banking (credit-institution) license issued by De Nederlandsche Bank in 2017, which places it under DNB and ECB Single Supervisory Mechanism supervision.
As of FY 2025 the group reported EUR 2,364 million in net revenue (+18% YoY), EUR 1,394 billion in processed volume and a 53% EBITDA margin from 28 offices across 5 regions. Adyen runs its own multi-region payment platform spanning the EU, the United States, India, Singapore and Australia, and explicitly does not use public cloud services (AWS, GCP, Azure) for payment processing. Customers include Uber, Spotify, eBay, LinkedIn, Microsoft, Adobe, Meta, McDonald's, L'Oreal, Booking.com, KLM, EasyJet and Wise.
Integrations
Features
- Dutch credit institution under De Nederlandsche Bank (DNB WFTKF, F0001) since 2017; under ECB Single Supervisory Mechanism
- Multi-regulator: DNB + ECB (NL), FCA FRN 779800 (UK Branch), MAS Major PI (SG), FinCEN MSB + state MTLs (US), Fed Order 2021-06 (SF)
- Self-runs multi-region platform across EU / US / India / SG / AU on Adyen-owned RIPE space (AS200596); payment data in EU + isolated India env
- Stated principle: no outsourcing of administration; no public cloud for payment processing (adyen.com/infrastructure)
- Certifications: PCI DSS v4.0 Level 1, PCI PIN, PCI P2PE, PCI 3DS, SOC 1 (ISAE 3402), SOC 2 Type 2, ISO 27001 -- annual external audits
- Subprocessor list names only Adyen group entities (11 branches); third parties described categorically in the privacy statement
- Customers include Uber, Spotify, eBay, LinkedIn, Microsoft, Meta, Adobe, McDonald's, L'Oréal, Booking.com, KLM, EasyJet, Wise, Etsy
- Pricing: USD 0.13 fixed + payment-method fee (Visa/MC Interchange++ +0.60%, iDEAL +EUR 0.22, SEPA DD +EUR 0.27); no setup/monthly fees
- Products: Online + In-person Payments, Adyen for Platforms, Capital (financing), Card Issuing, Pay by Link, Uplift, Intelligent Money Movement
- Open-source: 64 repos at github.com/Adyen -- Web (TypeScript), iOS (Swift), Android (Kotlin) SDKs + server libraries (PHP / Java / Node / .NET)
Sovereignty Scorecard
Procurement-grade signals on data sovereignty, ownership, and EU residency.
We score every European vendor against six sovereignty dimensions captured in the SHIELD acronym. Each card below maps to one letter — read them as a checklist when comparing providers.
The third parties that touch customer data — payment processors, KYC vendors, support chatbots, analytics.
Where the legal entity sits, who controls it, and which subsidiaries operate under the same group.
Where customer data is physically stored, who runs the hosting stack, which CDN sits in front.
Whether the vendor or its subprocessors fall under the US CLOUD Act or other extraterritorial reach.
Public terms, privacy policy, DPA, subprocessor list, impressum, and security or trust pages.
Independent audits and certifications (ISO 27001, BSI C5, TISAX, SOC 2) plus open-source transparency.
Publicly traded
Adyen N.V. (KvK 34259528) is a Dutch public limited company listed on Euronext Amsterdam since 13 June 2018 (ticker ADYEN, ISIN NL0012969182). Single share class, one-share-one-vote, no super-voting structure and no government golden share. Major shareholder stakes commonly summarised across third-party trackers (approximate, to be cross-checked against the next Annual Report): Temasek Holdings (~6%), Baillie Gifford (~5%), BlackRock (~5%), Vanguard (~3%), Norges Bank Investment Management (~3%), T. Rowe Price (~3%) and co-founder Pieter van der Does (~3%). 'European control: majority' reflects the Dutch parent, Dutch banking license, founder/executive team headquartered in Amsterdam and the absence of a controlling shareholder; a meaningful share of the float sits with US and Asian institutional investors.
🇳🇱 Amsterdam, Netherlands
Adyen N.V.
- Adyen N.V. UK Branch — 🇬🇧 United KingdomUK branch of Adyen N.V., authorised and regulated by the Financial Conduct Authority under FRN 779800. Original UK entity Adyen UK Limited (Companies House 08051687) remains incorporated but the active payments-licensed presence is the N.V. branch.
- Adyen N.V. (San Francisco Branch) — 🇺🇸 United StatesUS branch of Adyen N.V. listed on the Adyen group subprocessor list; processes US merchant flows alongside Adyen Inc.
- Adyen Inc. — 🇺🇸 United StatesDelaware corporation; US operating subsidiary alongside the Adyen N.V. San Francisco Branch (historical address: 274 Brannan Street, San Francisco, CA 94107).
- Adyen Singapore Pte. Ltd. — SingaporeMajor Payment Institution licensed by the Monetary Authority of Singapore under the Payment Services Act 2019 (cross-border money transfer since 28 January 2020; merchant acquisition + domestic money transfer from 1 May 2021).
- Adyen Australia Pty Ltd — AustraliaAustralian operating entity; one of the APAC main-system data-centre locations per adyen.com/infrastructure.
- Adyen Japan K.K. — JapanJapanese operating entity.
- Adyen do Brasil Instituicao de Pagamento Ltda. — BrazilBrazilian operating entity; together with Adyen Mexico SA de CV serves Latin America.
Fixed region
Adyen's stated infrastructure principle (adyen.com/infrastructure): main payment-processing systems run from data centres in Europe, the United States, India, Singapore and Australia. Payment data (cardholder data and PCI-scope records) is stored in Europe and an isolated India environment per the same page. Cross-border data transfers within the Adyen group rely on Standard Contractual Clauses per the privacy statement (version 4 August 2025). Customers cannot select a specific region for cardholder data.
Website: Netlify Edge CDN (Netlify, Inc., US) -- adyen.netlifyglobalcdn.com / server: Netlify; documentation on Cloudflare (docs.adyen.com)
Application: Self-hosted on Adyen-owned RIPE address space (AS200596) across data centres in Europe, the United States, India, Singapore and Australia; no public cloud (AWS, GCP, Azure) in the payment-processing path per adyen.com/infrastructure
Email: Google Workspace (dig adyen.com MX -> aspmx.l.google.com + ALT1-4)
CDN: Cloudflare in front of the shopper-facing checkoutshopper-live.adyen.com endpoint and docs.adyen.com; origin in Adyen's own AS200596 prefix (147.12.16.0/24). Authoritative DNS is mixed (Adyen-owned ns01/ns02.adyen.com plus Akamai a1-169.akam.net etc.)
| Name | Country | Purpose |
|---|---|---|
| Cloudflare, Inc. | 🇺🇸 United States | Edge for the shopper-facing checkout endpoint (checkoutshopper-live.adyen.com) and documentation (docs.adyen.com); observed via HTTP server header and IP routing through AS13335 |
| Netlify, Inc. | 🇺🇸 United States | Hosts the marketing website www.adyen.com (CNAME adyen.netlifyglobalcdn.com; server: Netlify response header) |
| Akamai Technologies, Inc. | 🇺🇸 United States | Partial authoritative DNS for adyen.com (a1-169.akam.net, a4-65.akam.net and others alongside Adyen's own ns01/ns02.adyen.com) |
| Google LLC | 🇺🇸 United States | Google Workspace for corporate email (aspmx.l.google.com MX records) and site verification on adyen.com |
| Microsoft Corporation | 🇺🇸 United States | Microsoft 365 internal tooling (MS= TXT verification record on adyen.com) |
| Visa Inc. | 🇺🇸 United States | Card scheme partner named in the privacy statement (4 August 2025); Adyen is a principal scheme member |
| Mastercard Incorporated | 🇺🇸 United States | Card scheme partner named in the privacy statement (4 August 2025); Adyen is a principal scheme member |
| LinkedIn Corporation | 🇺🇸 United States | Social media provider named in the privacy statement (4 August 2025) |
PCI DSS v4.0 Level 1 -- annual external audit by a Qualified Security Assessor (QSA). Attestation of Compliance available to merchants via pcisupport@adyen.com or the Adyen account contact.
PCI PIN security standard for the secure management, processing and transmission of personal identification numbers.
PCI Point-to-Point Encryption -- covers Adyen's in-person card-present payment terminals.
PCI 3DS -- covers Adyen's role as an Access Control Server / Directory Server / 3DS Server in the 3D Secure 2 protocol stack.
SOC 2 Type 2 -- annual external audit covering the security, availability, processing integrity and confidentiality trust service criteria.
SOC 1 (also known as ISAE 3402) -- assurance report on controls relevant to user-entity financial reporting.
ISO/IEC 27001 information security management system certification. Certificate body and exact validity period not publicly stated on the certification overview page.
Pricing
EUR 0
- No setup fee, no monthly account fee, no integration fee, no closure fee
- Minimum invoice applies depending on industry and business model
- Single contract with Adyen N.V. (local affiliates co-sign where required by law)
USD 0.13
- Applied globally regardless of payment method
- Stacks on top of the payment-method-specific fee
- No setup or monthly minimums beyond the minimum invoice
Interchange++ + 0.60% + USD 0.13
- Acquirer markup of 0.60% on top of interchange and scheme fees
- Adyen is a principal member of Visa, Mastercard and American Express
- 3D Secure 2 included; Tokenization included
EUR 0.22 + USD 0.13
- Native iDEAL integration in the Netherlands
- Real-time settlement
- No interchange (account-to-account)
EUR 0.27 + USD 0.13
- Pan-European SEPA Direct Debit coverage
- Adyen handles mandate management and pre-notifications
- B2B SDD variant also supported
Official downloads
Annual Report 2025
Group consolidated IFRS financial statements + Pillar III Transparency and Disclosure Report; published 5 March 2026.
report
H2 2025 Shareholder Letter
Half-year financial review covering FY 2025 net revenue, processed volume, EBITDA margin and operational metrics.
report
Security and IT requirements for vendors (v2.2)
Adyen's vendor-facing security baseline; useful as a procurement reference for what Adyen expects from its own suppliers.
policy
Responsible disclosure policy
Vulnerability disclosure programme; 72h acknowledgement, 60d max remediation. Contact responsibledisclosure@adyen.com; PGP key at adyen.com/.well-known/security-pgp-key.asc.
policy
Questions & Answers
6 questions
Where is Adyen headquartered, and which entity will I contract with?
Adyen N.V. is a Dutch naamloze vennootschap registered at Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam, Kamer van Koophandel KvK 34259528. The same parent entity signs the merchant agreement worldwide, with local Adyen affiliates becoming co-parties where applicable local law requires it. Adyen N.V. is listed on Euronext Amsterdam (ticker ADYEN, ISIN NL0012969182) since 13 June 2018; an unsponsored Level 1 ADR (ADYEY) trades over-the-counter in the US but does not create an SEC reporting obligation.
Is Adyen a bank, and who supervises it?
Yes. Adyen N.V. holds a Dutch banking (credit-institution) license issued by De Nederlandsche Bank (DNB) in 2017 and appears on the DNB public register under WFTKF with relation number F0001. As a Dutch credit institution Adyen is also supervised by the ECB Single Supervisory Mechanism. The UK Branch is additionally authorised and regulated by the FCA (FRN 779800); Adyen Singapore Pte. Ltd. is licensed by MAS as a Major Payment Institution under the Payment Services Act 2019; Adyen Inc. (US) is registered with FinCEN as a Money Services Business and holds Money Transmitter Licenses across the US states that require them.
Is Adyen subject to US legal process?
Yes, indirectly, but the parent entity is not. Adyen N.V. is a Dutch credit institution and is not US-incorporated; the US ADR (ADYEY) is unsponsored Level 1 and does not trigger SEC reporting obligations. However, Adyen has substantive US operations through Adyen N.V. (San Francisco Branch) and Adyen Inc. (Delaware), which would be reachable by US legal process including CLOUD Act warrants for data they control. Adyen's stated mitigation is that payment data is stored in Europe and an isolated India environment, limiting what US-side entities have in custody.
Does Adyen use AWS, GCP or Azure to process my payments?
No. Adyen states explicitly at adyen.com/infrastructure: 'We do not outsource any administration to third parties, nor do we use any public cloud services for payment processing.' All development, system administration, networking, database administration and security activities are performed in-house. Adyen runs its own RIPE-allocated address space (AS200596) and operates main systems across separate data centres in Europe, the United States, India, Singapore and Australia. Public-facing edges (the marketing site on Netlify, documentation on Cloudflare, shopper-facing checkout fronted by Cloudflare) are operated by US-incorporated CDNs, but cardholder data processing happens on Adyen's own platform.
Where can I find Adyen's subprocessor list?
The official list lives at https://www.adyen.com/legal/list-of-adyen-subprocessors and currently names 11 Adyen group entities only (Adyen N.V. UK Branch, Adyen N.V. San Francisco Branch, Adyen do Brasil, Adyen Mexico, Adyen Australia, Adyen Singapore, Adyen Japan, Adyen Canada, Adyen MEA in the UAE, plus two Adyen India entities). Third-party processors are described categorically in the privacy statement (identity verification, credit reference agencies, CRM providers, cloud service providers, payment schemes, card-printing partners, social media providers and tax authorities) but not enumerated by name; data subjects can email the DPO for details. Subscribe to subprocessor updates at https://www.adyen.com/newsletter/legal-subprocessors.
What certifications and audit reports does Adyen maintain?
Adyen holds PCI DSS v4.0 Level 1 (annual external audit by a Qualified Security Assessor), PCI PIN, PCI P2PE, PCI 3DS, SOC 2 Type 2, SOC 1 (also called ISAE 3402) and ISO 27001. Merchants can request the PCI Attestation of Compliance (AoC) from their account contact or by emailing pcisupport@adyen.com. As a Dutch credit institution Adyen also publishes an annual Pillar III Transparency and Disclosure Report (CRR/Basel regulatory capital disclosure) alongside the Annual Report.
Alternatives
Other European companies in the same category as Adyen.
Quick facts
Sources & verification
Every fact on this page is backed by a primary or independent source. Most recent verification: May 13, 2026.
Found an error? Report it
Profile content
- primary · about-pagewww.adyen.com/infrastructureMulti-region platform across EU/US/IN/SG/AU; no public cloud for payment processing
- primary · press-releasewww.adyen.com/press-and-media/adyen-publishes-h2-2025-financial-results-3pgu2FY 2025 net revenue, processed volume, EBITDA margin
- primary · about-pagewww.adyen.com/aboutFounding history, office footprint, customer list
- primary · termswww.adyen.com/legal/adyen-terms-and-conditionsAdyen N.V. Amsterdam, KvK 34259528
- primary · about-pagewww.adyen.com/infrastructure'No public cloud services for payment processing' claim and multi-region platform (EU/US/IN/SG/AU) statement
- primary · otherwww.dnb.nl/en/public-register/information-detailDNB public register: Adyen N.V. as credit institution (WFTKF / F0001); supports the Dutch banking-license + DNB/ECB supervision claim
- primary · about-pagewww.adyen.comSite language selector and per-locale product pages
- primary · pricing-pagewww.adyen.com/pricingFixed USD 0.13 processing fee + payment-method-specific fees; no setup/monthly/closure fees
- primary · press-releasewww.adyen.com/press-and-media/adyen-publishes-h2-2025-financial-results-3pgu2FY 2025 metrics (net revenue, processed volume, EBITDA margin, office count)
- primary · about-pagewww.adyen.com/infrastructureMulti-region platform claim, no-public-cloud principle, RIPE AS200596, AWS comparison
- primary · cert-pagehelp.adyen.com/knowledge/security/security-principles/what-are-the-adyen-security-certificationsFull certification list (PCI DSS, PCI PIN, PCI P2PE, PCI 3DS, SOC 1, SOC 2, ISO 27001)
- primary · otherwww.dnb.nl/en/public-register/information-detailDNB public register confirmation: Adyen N.V. listed as credit institution WFTKF / F0001
- primary · subprocessor-listwww.adyen.com/legal/list-of-adyen-subprocessorsSubprocessor list naming the 11 Adyen group entities cited in the EU passporting feature
- primary · pricing-pagewww.adyen.com/pricingPricing-model claims: USD 0.13 fixed processing fee + payment-method-specific fees; no setup/monthly/closure fees
- primary · othergithub.com/AdyenOpen-source organisation: 64 public repositories with iOS/Android/Web SDKs and server-side libraries
- primary · press-releasewww.adyen.com/press-and-media/adyen-now-licensed-under-payment-services-act-as-a-major-payments-institution-in-singaporeMAS Major Payment Institution license for Adyen Singapore Pte. Ltd. (multi-regulator footprint feature)
- primary · termswww.adyen.com/legal/adyen-terms-and-conditionsContracting entity Adyen N.V.
- primary · about-pagewww.adyen.com/infrastructureNo public cloud principle; payment data stored in EU + isolated India
- primary · subprocessor-listwww.adyen.com/legal/list-of-adyen-subprocessorsAdyen group-entity-only subprocessor list
- primary · cert-pagehelp.adyen.com/knowledge/security/security-principles/what-are-the-adyen-security-certificationsCertification scopes and audit cadence
- primary · otherdocs.adyen.com/online-paymentsOnline Payments API + Web/iOS/Android Drop-in SDKs
- primary · otherwww.adyen.com/pluginsAdyen-built plugins (Adobe Commerce, Salesforce Commerce Cloud, NetSuite, Oracle Opera/Simphony/Xstore, Cegid) + partner-built plugins (Shopify, BigCommerce, Microsoft Dynamics, Commercetools, etc.)
- primary · press-releasewww.adyen.com/press-and-media/adyen-publishes-2025-annual-reportAnnual Report 2025 + Pillar III Transparency and Disclosure Report (5 March 2026 publication)
Sovereignty (SHIELD)
- primary · subprocessor-listwww.adyen.com/legal/list-of-adyen-subprocessors11 Adyen group entities; no third-party vendors named
- primary · privacy-policywww.adyen.com/policies-and-disclaimer/privacy-policyPrivacy statement v. 4 August 2025 names category processors (card schemes including Visa and Mastercard, social media providers including LinkedIn) without exhaustive listing
- primary · http-headerswww.adyen.comCloudflare via 'server: cloudflare' on docs.adyen.com and checkoutshopper-live.adyen.com edges; Netlify via 'server: Netlify' on www.adyen.com
- primary · dns-recordswww.adyen.comAkamai partial authoritative DNS for adyen.com (a1-169/a4-65/a6-66/a11-66/a13-67/a24-64.akam.net alongside Adyen-owned ns01/02.adyen.com); Google Workspace MX (aspmx.l.google.com + ALT1-4); Microsoft 365 site verification via TXT 'MS='
- primary · termswww.adyen.com/legal/adyen-terms-and-conditionsAdyen N.V., Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam, KvK 34259528
- primary · press-releasewww.adyen.com/press-and-media/2025-agm2025 AGM disclosures: supervisory board composition, single share class
- tertiary · wikipediaen.wikipedia.org/wiki/AdyenSummary of major shareholders (Temasek, Baillie Gifford, BlackRock, Vanguard, NBIM, T. Rowe Price, Pieter van der Does); to cross-check against the Annual Report 2025 chapter on major shareholders
- primary · subprocessor-listwww.adyen.com/legal/list-of-adyen-subprocessorsAdyen group-entity subprocessor list naming the UK Branch, San Francisco Branch, Brazil, Mexico, Australia, Singapore, Japan, Canada, UAE and two India entities
- primary · companies-housefind-and-update.company-information.service.gov.uk/company/08051687Adyen UK Limited registration (CH 08051687); active payments-licensed UK presence is the N.V. branch
- primary · press-releasewww.adyen.com/press-and-media/adyen-now-licensed-under-payment-services-act-as-a-major-payments-institution-in-singaporeMAS Major Payment Institution license for Adyen Singapore Pte. Ltd.
- primary · about-pagewww.adyen.com/infrastructureMain systems in EU/US/IN/SG/AU; payment data in EU + isolated India env
- primary · privacy-policywww.adyen.com/policies-and-disclaimer/privacy-policySCCs for intra-group and service-provider transfers outside the EEA (privacy statement v. 4 August 2025)
- primary · about-pagewww.adyen.com/infrastructureAdyen-owned platform; no public cloud for payment processing
- primary · dns-recordswww.adyen.comdig www.adyen.com -> adyen.netlifyglobalcdn.com (Netlify); MX -> aspmx.l.google.com (Google Workspace); NS -> mix of ns01/02.adyen.com + akam.net
- primary · http-headerswww.adyen.comserver: Netlify on www.adyen.com; server: cloudflare on docs.adyen.com and checkoutshopper-live.adyen.com edges
- primary · subprocessor-listwww.adyen.com/legal/list-of-adyen-subprocessorsAdyen N.V. UK Branch + Adyen N.V. San Francisco Branch + Adyen Inc. (US) are reachable by US legal process; Dutch parent is not US-incorporated
- primary · about-pagewww.adyen.com/infrastructureMitigation: payment data stored in EU + isolated India env; US-side group entities do not have custody of EU cardholder data
- primary · termswww.adyen.com/legal/adyen-terms-and-conditionsSame URL is set as both termsUrl and dpaUrl: Adyen's merchant terms-of-service is the GDPR Art. 28 contract between Adyen (processor) and the merchant (controller). No separate DPA document is published; the DPA provisions live inside the public terms.
- primary · privacy-policywww.adyen.com/policies-and-disclaimer/privacy-policyVersion 4 August 2025
- primary · subprocessor-listwww.adyen.com/legal/list-of-adyen-subprocessors
- primary · security-pagewww.adyen.com/policies-and-disclaimer/responsible-disclosure
- primary · cert-pagehelp.adyen.com/knowledge/security/security-principles/what-are-the-adyen-security-certificationsPCI DSS v4.0 Level 1, PCI PIN, PCI P2PE, PCI 3DS, SOC 2 Type 2, SOC 1 (ISAE 3402), ISO 27001
- primary · othergithub.com/Adyen64 public repositories (verified org badge, Amsterdam location)