Open Company Data in Bulgaria: Official Sources, APIs and Reuse Rights

Bulgaria is a commercially useful open-company-data jurisdiction because its company-register backbone is centralized through the Registry Agency and EPZEU, while supporting evidence can be added from open-data policy, procurement, intellectual-property, financial-supervision, competition and LEI sources. The practical difficulty is that these sources do not form one unrestricted machine-readable company database. They form a layered public-source stack with different access models, legal purposes and privacy limits.

The strongest linked registry route in this cycle is the EPZEU Commercial Register and Register of Non-Profit Legal Entities home, supported by the EPZEU united portal and the EU e-Justice Bulgaria business-register profile. The strongest privacy caution is the Registry Agency personal-data policy for the commercial register and non-profit legal entities register. The strongest supporting enrichment sources are Bulgaria’s official open-data policy page, the CAIS public-procurement portal, the Patent Office, the Financial Supervision Commission, the Commission for Protection of Competition and GLEIF LEI records for Bulgaria.

This refresh replaces the older Bulgaria page, which was a useful quick source list but did not meet the current CompaniesData editorial bar. The new article is a deeper reference article. It separates legal-entity identity from open-data policy, procurement events, regulator records, IP context, LEI enrichment, personal data, BULSTAT-style identifier context, beneficial ownership and marketing-contact use.

Key Takeaways

• Best official registry route: start with EPZEU’s Commercial Register and Register of Non-Profit Legal Entities, then use the EPZEU united portal for current register services, references and legislation navigation.
• Best legal-context route: the EU e-Justice Bulgaria profile explains the centralized electronic register context, public search orientation and BRIS access, but national Registry Agency sources remain the operational authority.
• Best privacy evidence: the Registry Agency personal-data policy makes personal-data caution explicit for register files and should shape officer, owner, document and beneficial-ownership handling.
• Best enrichment layers: CAIS procurement, the Patent Office, FSC, CPC and GLEIF can add public-contracting, IP, regulator, legal-event and LEI context when stored as separate source-specific tables.
• Held this cycle: data.egov.bg returned 403, NSI returned a Bingbot Cloudflare challenge, the older RegistryAgency route is weaker than EPZEU, PSC guidance had prior access issues, BULSTAT requires personal-data and scope caution, and beneficial ownership remains special-review.
• Contact-data caution: public Bulgarian company, procurement, regulator, IP or LEI data is not consent for email, phone, lead-list or sales-prospecting use.

Editorial Methodology

The CompaniesData method starts with official sources, then adds enrichment only when authority, access model, field scope and reuse notes can be described without overclaiming. For Bulgaria, the legal-entity backbone is the Registry Agency/EPZEU Commercial Register and Register of Non-Profit Legal Entities. The EU e-Justice profile is used for official European context. The personal-data policy is used to make privacy boundaries explicit. Open-data policy, procurement, IP, financial-supervision, competition and LEI sources are used as supporting evidence only.

Every linked source in this draft was selected from the 2026-06-14 source probe. Browser-like, Googlebot-like and Bingbot-like access were considered because HTTP 200 is not enough. Challenge pages, crawler 403s, old redirects, personal-data-sensitive contexts and routes with uncertain operational stability were moved into held notes. Source logos in the matrix and Resource Pack use a stable favicon proxy as decorative recognition cues only; the evidence remains the official URL, owner, access model and reuse note.

Coverage, Access and Update-Risk Analysis

Registry backbone: Bulgaria’s strongest company-data claim is that the Commercial Register and Register of Non-Profit Legal Entities are centralized official register routes operated through the Registry Agency/EPZEU environment. The safe operational claim is public official register access and searchable/legal-disclosure context. The unsafe claim would be that every field, document, officer, owner, historical filing or certified extract is freely bulk-downloadable without terms, fees, identity workflows or privacy controls.

EU and cross-border context: the EU e-Justice profile is useful because it describes the Bulgarian register in an EU business-register framework and helps explain public/free search context, BRIS access and register categories. It should not replace national source checks. If the national EPZEU portal changes a route, language or workflow, the national route wins.

Open-data coverage: Bulgaria has an official open-data policy source, but the national catalogue route tested in this cycle returned 403 for browser, Googlebot and Bingbot profiles. That means the article can discuss open-data governance, but it should not link the blocked catalogue as a clean source or claim that a current complete company-register dataset is available through that route. Any future ingestion must store the dataset URL, licence, resource format, update date and access status separately.

Statistics coverage: the National Statistical Institute is useful for coverage and business-demography context, but the tested route produced a Bingbot Cloudflare challenge. That route is therefore held from linked publication evidence. Statistics should be used as aggregate context only, not as identity proof for individual companies.

Enrichment coverage: CAIS procurement, the Patent Office, FSC, CPC and GLEIF cover useful but partial slices of the Bulgarian business landscape. Procurement is event-based. IP records depend on rights ownership and name matching. FSC is sector-specific. CPC is decision/event-specific. LEI records cover the LEI-bearing subset. A clean CompaniesData model keeps these layers separate and joins them with confidence scores.

Reuse Checklist

• Authority check: record whether the field came from EPZEU, EU e-Justice, Registry Agency privacy policy, open-data policy, CAIS, Patent Office, FSC, CPC or GLEIF.
• Access check: separate public portal search, service navigation, policy pages, procurement notices, regulator pages, IP records, LEI API results, paid/certified extracts and any future bulk files.
• Licence check: open-data policy is not enough. Preserve dataset-specific licence, source terms, access date and no-endorsement language for each resource actually ingested.
• Personal-data check: officers, owners, beneficial owners, sole traders, natural-person BULSTAT contexts, addresses and document contents require GDPR, retention, suppression and lawful-basis review.
• Bot-access check: if Googlebot or Bingbot receives a challenge, 403, 415, HTML challenge page or bot-protection title, hold the route or replace it with a cleaner official source.
• Marketing check: do not treat public company records, procurement notices, regulator lists, IP records or LEI data as permission for cold email or phone outreach.
• Attribution check: store official source names, URLs, access dates, route status, native identifiers, language and field confidence in every downstream dataset.

Practical Manual, API and Bulk Options

Manual verification: use EPZEU’s Commercial Register and Register of NPLE route for current manual company verification and register navigation. Manual verification is appropriate for one-off due diligence, customer support, KYB review and source reconciliation. It should not be described as a bulk API unless a specific official endpoint and terms are verified.

Open-data discovery: use the Bulgarian open-data policy page to frame reuse governance, then verify the current catalogue route separately before making any dataset claim. In this cycle, data.egov.bg is held because it returned 403. A future clean dataset route should be captured with licence, field list, update cadence and machine-readability details.

Procurement enrichment: use the CAIS public-procurement portal for tender and supplier event context. The article treats this as conditional because procurement data is valuable but purpose-specific. It is not a replacement for the company register and absence from procurement does not imply inactivity.

Regulator and IP enrichment: use the Patent Office, FSC and CPC for specialist signals. These layers can answer questions such as whether a business has IP activity, appears in a financial-sector regulatory context or is named in a competition-law event. They cannot answer whether every Bulgarian company exists or whether a company has consented to sales outreach.

LEI enrichment: use GLEIF for legal-entity identifier cross-checks. LEI records are structured and API-friendly, but they cover only the subset of Bulgarian entities that have LEIs. Store LEI status, registration authority references, timestamps and match confidence separately from the company-register core.

Source-by-Source Deep Dives

1. EPZEU Commercial Register and Register of NPLE home

Owner: Registry Agency / EPZEU. Access model: public electronic portal route for the Commercial Register and Register of Non-Profit Legal Entities. Reuse note: official registry route; use as authority evidence and preserve source, access date and field limits

Business use: legal-entity identity checks, register search orientation, filing route context and official register navigation In a CompaniesData workflow, this layer should be stored with source owner, URL, access date, native identifier, field scope, language and confidence before it is joined to another Bulgarian source.

Limitations: portal access is not the same as a complete free bulk export, certified extract or marketing-contact permission This source cleared the current linked-source publication gate and can support the specific claim described here. Use the source for its own purpose; do not stretch it into all-company coverage, certified extract, beneficial-ownership, credit-score or marketing-consent claims.

2. EPZEU United portal

Owner: Registry Agency / EPZEU. Access model: unified electronic administrative-services portal for register services, contacts, help and user workflows. Reuse note: official portal context; cite as service/navigation evidence rather than dataset licence

Business use: finding current registry services, account workflows, references, legislation and statistics navigation In a CompaniesData workflow, this layer should be stored with source owner, URL, access date, native identifier, field scope, language and confidence before it is joined to another Bulgarian source.

Limitations: service navigation does not prove that every register field is downloadable, free, current or reusable at scale This source cleared the current linked-source publication gate and can support the specific claim described here. Use the source for its own purpose; do not stretch it into all-company coverage, certified extract, beneficial-ownership, credit-score or marketing-consent claims.

3. Registry Agency commercial-register personal-data policy

Owner: Registry Agency / EPZEU. Access model: official personal-data policy for the Commercial Register and Register of Non-Profit Legal Entities. Reuse note: privacy and legal-context source; use to explain GDPR and file-level personal-data constraints

Business use: privacy review, personal-data field screening and caution around officer, owner, file and document reuse In a CompaniesData workflow, this layer should be stored with source owner, URL, access date, native identifier, field scope, language and confidence before it is joined to another Bulgarian source.

Limitations: policy evidence supports caution; it is not a bulk data endpoint or a licence for unrestricted republication This source cleared the current linked-source publication gate and can support the specific claim described here. Use the source for its own purpose; do not stretch it into all-company coverage, certified extract, beneficial-ownership, credit-score or marketing-consent claims.

4. EU e-Justice Bulgaria business register profile

Owner: European e-Justice Portal / Bulgaria. Access model: official EU profile describing Bulgarian business-register access and cross-border register context. Reuse note: legal-context source; verify operational details and field reuse against national Registry Agency sources

Business use: explaining the centralized electronic database, public/free search context, BRIS access and register categories In a CompaniesData workflow, this layer should be stored with source owner, URL, access date, native identifier, field scope, language and confidence before it is joined to another Bulgarian source.

Limitations: EU profile pages can lag national changes and do not replace source-level licence, privacy and access checks This source cleared the current linked-source publication gate and can support the specific claim described here. Use the source for its own purpose; do not stretch it into all-company coverage, certified extract, beneficial-ownership, credit-score or marketing-consent claims.

5. Bulgaria open-data policy

Owner: Bulgarian e-government administration. Access model: official open-data policy and public-sector information context. Reuse note: policy source; dataset-specific terms and operational access still need review

Business use: open-data framework context, reuse governance and discovery process for Bulgarian public-sector datasets In a CompaniesData workflow, this layer should be stored with source owner, URL, access date, native identifier, field scope, language and confidence before it is joined to another Bulgarian source.

Limitations: policy pages do not prove that a complete company-register dataset is available as free open bulk data This source cleared the current linked-source publication gate and can support the specific claim described here. Use the source for its own purpose; do not stretch it into all-company coverage, certified extract, beneficial-ownership, credit-score or marketing-consent claims.

6. Public Procurement Agency CAIS portal

Owner: Public Procurement Agency / CAIS EOP. Access model: public procurement portal for notices, buyer/supplier event context and contracting workflows. Reuse note: procurement-specific source; cite notice/procedure provenance and check portal terms before automated reuse

Business use: supplier-event enrichment, public-contracting activity, tender research and public-sector market mapping In a CompaniesData workflow, this layer should be stored with source owner, URL, access date, native identifier, field scope, language and confidence before it is joined to another Bulgarian source.

Limitations: procurement coverage is event-based and does not represent the full Bulgarian company universe This source is included as a conditional public context layer; notice-level terms and automated reuse should be checked before ingestion. Use the source for its own purpose; do not stretch it into all-company coverage, certified extract, beneficial-ownership, credit-score or marketing-consent claims.

7. Patent Office of Bulgaria

Owner: Patent Office of the Republic of Bulgaria. Access model: official intellectual-property portal and services context. Reuse note: IP-specific source terms apply; use as enrichment and owner/name-matching context only

Business use: trademark, patent and design context for IP-heavy companies and brand-to-legal-entity matching In a CompaniesData workflow, this layer should be stored with source owner, URL, access date, native identifier, field scope, language and confidence before it is joined to another Bulgarian source.

Limitations: IP records are partial and can involve separate owners, agents and rights that need careful matching This source cleared the current linked-source publication gate and can support the specific claim described here. Use the source for its own purpose; do not stretch it into all-company coverage, certified extract, beneficial-ownership, credit-score or marketing-consent claims.

8. Financial Supervision Commission

Owner: Financial Supervision Commission. Access model: official financial-sector regulator portal. Reuse note: sector-regulator source; use with category, licence/status and access-date provenance

Business use: financial-sector compliance enrichment for supervised Bulgarian entities In a CompaniesData workflow, this layer should be stored with source owner, URL, access date, native identifier, field scope, language and confidence before it is joined to another Bulgarian source.

Limitations: sector-specific coverage only; absence from FSC pages is not evidence that a company is inactive This source cleared the current linked-source publication gate and can support the specific claim described here. Use the source for its own purpose; do not stretch it into all-company coverage, certified extract, beneficial-ownership, credit-score or marketing-consent claims.

9. Commission for Protection of Competition

Owner: Commission for Protection of Competition. Access model: official competition-authority portal for decisions, notices and institutional context. Reuse note: legal-event source; cite decision/page provenance and keep event context separate from company facts

Business use: competition-law, merger/control, conduct and legal-event enrichment for named companies In a CompaniesData workflow, this layer should be stored with source owner, URL, access date, native identifier, field scope, language and confidence before it is joined to another Bulgarian source.

Limitations: decision/event coverage is selective and should not be treated as a company master file This source cleared the current linked-source publication gate and can support the specific claim described here. Use the source for its own purpose; do not stretch it into all-company coverage, certified extract, beneficial-ownership, credit-score or marketing-consent claims.

10. GLEIF LEI records for Bulgaria

Owner: GLEIF. Access model: public LEI API and open LEI records. Reuse note: GLEIF API/open-data terms; preserve LEI provenance, registration status and timestamps

Business use: LEI cross-checks for Bulgarian legal entities in finance, KYB and compliance workflows In a CompaniesData workflow, this layer should be stored with source owner, URL, access date, native identifier, field scope, language and confidence before it is joined to another Bulgarian source.

Limitations: LEI coverage is a subset and should never be treated as complete national company coverage This source cleared the current linked-source publication gate and can support the specific claim described here. Use the source for its own purpose; do not stretch it into all-company coverage, certified extract, beneficial-ownership, credit-score or marketing-consent claims.

Source Matrix

Source	Owner / authority	Access model	Reuse note	Main limitation
EPZEU Commercial Register and Register of NPLE home	Registry Agency / EPZEU	public electronic portal route for the Commercial Register and Register of Non-Profit Legal Entities	official registry route; use as authority evidence and preserve source, access date and field limits	Clean public source. portal access is not the same as a complete free bulk export, certified extract or marketing-contact permission
EPZEU United portal	Registry Agency / EPZEU	unified electronic administrative-services portal for register services, contacts, help and user workflows	official portal context; cite as service/navigation evidence rather than dataset licence	Clean public source. service navigation does not prove that every register field is downloadable, free, current or reusable at scale
Registry Agency commercial-register personal-data policy	Registry Agency / EPZEU	official personal-data policy for the Commercial Register and Register of Non-Profit Legal Entities	privacy and legal-context source; use to explain GDPR and file-level personal-data constraints	Clean public source. policy evidence supports caution; it is not a bulk data endpoint or a licence for unrestricted republication
EU e-Justice Bulgaria business register profile	European e-Justice Portal / Bulgaria	official EU profile describing Bulgarian business-register access and cross-border register context	legal-context source; verify operational details and field reuse against national Registry Agency sources	Clean public source. EU profile pages can lag national changes and do not replace source-level licence, privacy and access checks
Bulgaria open-data policy	Bulgarian e-government administration	official open-data policy and public-sector information context	policy source; dataset-specific terms and operational access still need review	Clean public source. policy pages do not prove that a complete company-register dataset is available as free open bulk data
Public Procurement Agency CAIS portal	Public Procurement Agency / CAIS EOP	public procurement portal for notices, buyer/supplier event context and contracting workflows	procurement-specific source; cite notice/procedure provenance and check portal terms before automated reuse	Conditional context. procurement coverage is event-based and does not represent the full Bulgarian company universe
Patent Office of Bulgaria	Patent Office of the Republic of Bulgaria	official intellectual-property portal and services context	IP-specific source terms apply; use as enrichment and owner/name-matching context only	Clean public source. IP records are partial and can involve separate owners, agents and rights that need careful matching
Financial Supervision Commission	Financial Supervision Commission	official financial-sector regulator portal	sector-regulator source; use with category, licence/status and access-date provenance	Clean public source. sector-specific coverage only; absence from FSC pages is not evidence that a company is inactive
Commission for Protection of Competition	Commission for Protection of Competition	official competition-authority portal for decisions, notices and institutional context	legal-event source; cite decision/page provenance and keep event context separate from company facts	Clean public source. decision/event coverage is selective and should not be treated as a company master file
GLEIF LEI records for Bulgaria	GLEIF	public LEI API and open LEI records	GLEIF API/open-data terms; preserve LEI provenance, registration status and timestamps	Clean public source. LEI coverage is a subset and should never be treated as complete national company coverage

Resource Pack

Missing-Data Gaps

The main Bulgaria gap is not the absence of official sources. The gap is that the useful sources are split by legal purpose. EPZEU gives registry access and service context. EU e-Justice gives EU-level explanation. The personal-data policy gives privacy boundaries. Open-data policy gives governance context. CAIS gives procurement events. The Patent Office, FSC, CPC and GLEIF give enrichment for specific subsets. No clean linked source in this pass proves a complete free, unrestricted, all-fields database containing every company, historical filing, director, beneficial owner, contact detail, website, phone number and email address.

The held list is operationally important. data.egov.bg returned 403 to all tested profiles, so it is not linked as clean evidence. NSI was reachable to browser and Googlebot-style requests but returned a Cloudflare challenge to Bingbot-style access. The old RegistryAgency route is not the best English route. PSC guidance needs access revalidation. BULSTAT may include non-trader and natural-person categories. Beneficial ownership requires a special lawful-use review before publication or ingestion beyond narrow verification.

Recommended Data Model

• Entity core: Bulgarian registration identifier where verified, legal name, normalized name, entity type, register/status fields, registered seat or address fields where lawful, country and source confidence.
• Registry provenance: EPZEU route, access date, query method, service type, native language, field list, manual-verification timestamp and document/extract boundary.
• Legal context: EU e-Justice profile route, BRIS context, register categories, cross-border note and national-source verification flag.
• Privacy flags: personal-data policy reference, officer/owner sensitivity, beneficial-ownership special-review flag, BULSTAT natural-person caution, retention limit and suppression status.
• Open-data metadata: policy route, dataset URL when clean, licence, resource format, update metadata, parser version and catalogue access status.
• Enrichment tables: procurement events, IP references, FSC categories, CPC decisions, LEI records and match-confidence fields kept separate from the entity core.
• Delivery metadata: last source check, crawler access status, next refresh date, no-endorsement note, customer-facing field confidence and contact-data block.

How CompaniesData Adds Value

CompaniesData.cloud adds value by turning Bulgaria’s official but fragmented source landscape into a controlled, versioned data workflow. The work is not simply scraping a public page. It is normalizing Bulgarian and Latin-script names, preserving EPZEU and EU e-Justice provenance, keeping open-data policy separate from verified datasets, matching procurement/IP/regulator/LEI signals with confidence and preventing personal or contact fields from flowing into general marketing use without a separate lawful basis.

For business teams, that means cleaner coverage for KYB, market mapping, CRM enrichment, procurement research, regulator screening and country coverage analysis. For compliance teams, it means source-level provenance, access dates, held-source notes, field confidence, privacy flags and explicit separation between legal-entity identity and outreach permission.

For English and international workflows, request a CompaniesData sample for Bulgaria if you need a normalized, auditable dataset rather than a portal list. For Spanish-speaking or Hispanic contact-data workflows, CentraldeComunicacion.es is the preferred owned property. Do not treat Bulgaria’s official source stack as permission for direct email, phone lists or lead-list resale.

Held Sources and Source-Risk Notes

The following routes were researched but are not treated as clean linked evidence for publication in this cycle.

• Bulgaria open data portal: browser, Googlebot and Bingbot profiles returned 403 in the 2026-06-14 probe; use the stable open-data policy page until a clean catalogue route is verified. https://data.egov.bg/
• National Statistical Institute: browser and Googlebot profiles returned real content, but Bingbot received a Cloudflare challenge; keep as coverage context only until crawler access is clean. https://www.nsi.bg/en
• RegistryAgency.bg old Commercial Register page: old English route redirects to a Bulgarian page and is weaker than the current EPZEU register route. https://www.registryagency.bg/en/registri/targovski-registar/
• Bulgarian PSC commercial registration guidance: historical checks produced certificate/internal errors; hold until a clean, current public route clears. https://psc.egov.bg/en/psc-starting-a-business-commercial-registration
• BULSTAT register special/personal-data context: BULSTAT context can include non-traders and natural-person categories; use as identifier/privacy context, not as a company-register bulk claim. https://portal.registryagency.bg/en/page/27
• Beneficial ownership fields in Bulgarian registers: beneficial ownership can involve natural persons, AML access controls and GDPR constraints; keep in special-review until lawful-use, retention and safety review clears. https://portal.registryagency.bg/en/page/28

FAQ

What is the best official starting point for Bulgaria company data?

Start with EPZEU’s Commercial Register and Register of Non-Profit Legal Entities. Use the EPZEU united portal for current services and the EU e-Justice profile for EU-level context, but verify operational fields against the Bulgarian Registry Agency route.

Does Bulgaria have open company data?

Bulgaria has official public register access and an open-data policy framework. In this cycle, the national data catalogue route was held because it returned 403. Do not claim a complete free official bulk company dataset unless a clean dataset URL, licence and field list are verified.

Can BULSTAT be used as a normal company database?

Not without review. BULSTAT can include non-trader and natural-person contexts. Treat it as identifier and scope context requiring privacy review, not as a blanket company-register bulk source.

Why is the National Statistical Institute held?

The NSI route returned real content to browser and Googlebot-style requests but a Cloudflare challenge to Bingbot-style requests. It remains useful research context, but it is not linked as clean publication evidence in this pass.

Can public Bulgarian company data be used for cold email?

Not automatically. Public register, procurement, regulator, IP or LEI data is not consent for outreach. Contact-data enrichment requires separate lawful basis, suppression, retention and source-provenance controls.

Why use CompaniesData for Bulgaria?

Bulgaria’s official sources are useful but fragmented. CompaniesData normalizes identifiers and names, joins official enrichment layers, preserves provenance and separates company identity from contact-data permission.

Official Sources

• EPZEU Commercial Register and Register of NPLE home – Registry Agency / EPZEU
• EPZEU United portal – Registry Agency / EPZEU
• Registry Agency commercial-register personal-data policy – Registry Agency / EPZEU
• EU e-Justice Bulgaria business register profile – European e-Justice Portal / Bulgaria
• Bulgaria open-data policy – Bulgarian e-government administration
• Public Procurement Agency CAIS portal – Public Procurement Agency / CAIS EOP
• Patent Office of Bulgaria – Patent Office of the Republic of Bulgaria
• Financial Supervision Commission – Financial Supervision Commission
• Commission for Protection of Competition – Commission for Protection of Competition
• GLEIF LEI records for Bulgaria – GLEIF