The DNI 4.0 and the MiDNI app change how identity documents are scanned at check-in. Here is what each one is, how to read them, what GDPR says about storing the image, and how they fit with the traveller report.
Three "DNIs" circulating today at a front desk
In 2026, three forms of the Spanish national ID coexist, all valid for check-in. Confusing them costs time, and storing the wrong image can cost you a fine from the Spanish Data Protection Agency.
The first is the DNI 3.0 — the contact + NFC chip card in force since 2015. The second is the DNI 4.0 (rolling out), physically similar but with a European eIDAS chip and improved contactless reading. The third is MiDNI, the official app of the Spanish National Police that lets the holder prove identity from their phone, without carrying the physical card.
For the traveller report under RD 933/2021, all three prove identity. What changes is HOW you read them and what information you get.
What MiDNI is — and what it is not
MiDNI is a Ministry of the Interior app that loads a digital representation of the DNI on the holder’s phone. The holder proves identity by showing a dynamic QR code that the other party verifies against the official Police service.
MiDNI does NOT replace the physical DNI for every use, but it works for many administrative procedures and, by extension, for check-in at a tourist accommodation.
Most important for an accommodation: MiDNI does not hand the host an image of the DNI or a downloadable PDF. The holder shows a QR; the verifier checks the data validity. That maps well to the AEPD doctrine: no system should force the guest to hand over a copy of the document.
How to read the DNI 3.0 / 4.0 technically
A modern DNI can be read in three ways. The right choice depends on the check-in flow you have built.
- ✓Visible-side OCR: the guest’s phone camera photographs the front and an AI engine extracts name, surnames, document number and date of birth. Standard for remote self check-in.
- ✓MRZ reading (front for passport, back for DNI 3.0/4.0): the two or three lines of ICAO 9303 characters are designed for automatic reading and are the most reliable — > 99 % accuracy under normal conditions.
- ✓NFC chip reading (contactless): the phone is held near the DNI to read the eIDAS chip. It returns data cryptographically signed by the Police, with instant tamper-detection. This is what MiDNI uses under the hood.
What the traveller report requires — and what you must NOT store
RD 933/2021 spells out the 21 fields per guest that must be sent to SES Hospedajes. They include name, surnames, document type and number, issue date, date of birth, nationality, sex, address, phone and email.
The Spanish Data Protection Agency (AEPD) has made clear in several rulings that keeping a photocopy or photograph of the DNI is excessive data collection under the GDPR principle of minimisation. The accommodation may only extract the fields the law requires.
Practical conclusion: if you read the document with OCR or NFC, the captured image must be processed transiently and discarded immediately. You keep only the 21 legal fields signed by the guest — not the JPG of the DNI.
When to choose OCR, MRZ or NFC
- ✓Visible-side OCR: the guest only has an older DNI or their partner’s document on the table. Universal but least reliable on creased or low-light documents.
- ✓MRZ: the guest is foreign with a passport, or has a newer DNI 3.0/4.0. Accuracy jumps above 99 %. Works on any modern phone camera.
- ✓NFC chip: the guest has a DNI 4.0 or a phone with MiDNI active. Data arrives signed by the Police — most resistant to document fraud. Requires NFC on the phone and explicit holder authorisation.
And the foreign guest: passport, NIE and TIE
The electronic DNI only applies to Spanish citizens. Foreign guests still use passports, the NIE (foreigner ID number) and the TIE (the physical card backing the NIE).
Passport: front-side MRZ reading — reliable and universal, excellent for tourism. The NIE as an administrative number does not always have a chip; the new TIE does.
For the traveller report, the soporteDocumento XML field at SES Hospedajes carries a code for the type (DNI, NIE, passport, others) — and must match the document actually read.
How BookCheckin handles it
BookCheckin combines visible-side OCR, back-of-DNI / front-of-passport MRZ reading and cross-validation of the data. The guest scans the document from their phone, reviews the extracted fields and signs digitally — the document image is never kept on our servers.
The flow is designed up front to respect AEPD doctrine: data minimisation, image discard after processing, and encrypted storage of only the 21 fields required by RD 933/2021 during the three-year retention set by the regulation.
And when the guest arrives with MiDNI active on their phone, they just scan the QR. The system verifies the data without anyone having to transcribe anything.