Key Takeaways
- AMLA must submit 23 regulatory technical standards, implementing technical standards, and guidelines to the European Commission by July 10, 2026, making this year the critical preparation window before obligations take effect.
- For the first time, a central EU authority is playing a leading role in setting harmonized rules on what information to collect, how to verify customer identities, and when to apply simplified or enhanced checks.
- AMLA’s draft RTS explicitly validates electronic identification under eIDAS and future-proof solutions like the EUDI Wallet for remote onboarding.
- The AMLR becomes fully applicable on July 10, 2027. Organizations that delay readiness efforts risk compressed implementation timelines ahead of that date.
- Identity verification providers operating in Europe must align their onboarding and CDD workflows with the new harmonized standards now, not after final rules are published.
What Is AMLA and Why Does It Matter?
Congratulations! A new authority is born, and it is feisty. The Anti-Money Laundering Authority was created to control money laundering across Europe. Needless to say, lots of work is coming your way in aligning with its regulations.
The EU’s approach to anti-money laundering has historically faced a fundamental challenge: rules were issued at the European level, but national authorities interpreted and enforced them differently. The result was inconsistent customer due-diligence standards, uneven enforcement, and gaps that financial criminals could exploit by routing activity through the most permissive jurisdictions. In short, a mess.
AMLA, the Authority for Anti-Money Laundering and Countering the Financing of Terrorism, was established to fix that. Regulation (EU) 2024/620 was adopted in June 2024, formally establishing AMLA as the EU’s central AML authority. AMLA commenced operations in July 2025.
The ambition behind AMLA regulation is significant. The AMLR, which will apply from July 10, 2027, has the potential to be transformative because it replaces the traditional directive-based approach with a Regulation, meaning obligations would apply uniformly across the EU without national interpretation.
Book a Demo
Give your business the boost of a fully automated, KYC process. No geographical limits and fast, frictionless onboarding verification processes enhance customer’s experience.
For compliance and identity verification teams, this is not a distant regulatory exercise. 2026 is a pivotal preparation period, during which technical standards covering CDD, risk classification, transaction monitoring, and governance structures will be finalized. Like we said, lots of work heading your way.
If you want to better understand how AML obligations fit into the broader compliance picture, check out our article on what AML is and why it matters for useful foundational context.
What the AMLA RTS Cover
AMLA published its draft RTS on February 9, 2026, and opened a public consultation which ran until May 8, 2026. The standards cover three core areas that every obliged entity needs to understand.
Customer identification and verification
The draft RTS specifies the minimum information and documents that firms must collect when onboarding customers and verifying the identity of beneficial owners. The goal is a proportionate, risk-based approach that avoids burdening low-risk customers with excessive documentation demands.
Verification sources and acceptable identification methods
The draft RTS under Article 28 AMLR further specifies CDD requirements, verification sources, and acceptable identification methods, while preserving the risk-based and proportionate approach. One significant development for identity verification providers is the explicit recognition of eIDAS-compliant digital identity for remote onboarding, which the standards treat as equivalent to face-to-face verification when applied at the appropriate assurance level.
Simplified and enhanced due diligence
Enhanced due diligence is now mandatory not only for politically exposed persons but for any customer linked to a high-risk third country identified by the European Commission under Article 29 of Regulation (EU) 2024/1624. The standards also specify when simplified due diligence is permissible, giving compliance teams clearer criteria than national frameworks have historically provided.
Other key thresholds
The AMLR introduces a harmonized EU-wide cash payment limit of €10,000, a beneficial ownership threshold lowered to 25% plus one share or any equivalent control indicator, and an explicit prohibition on banks holding correspondent relationships with shell institutions or with crypto-asset service providers operating without authorization.
Book a Demo
Give your business the boost of a fully automated, KYC process. No geographical limits and fast, frictionless onboarding verification processes enhance customer’s experience.
The July 10, 2026 Submission Deadline: What Happens Next
The July 10, 2026 date is not when the rules take effect. It’s the deadline by which AMLA must submit its finalized technical standards to the European Commission. Understanding the sequencing matters for planning.
The EU AML package introduces a wave of upcoming milestones, with nearly 100 due dates over the next eight years, concentrated particularly in July 2026, 2027, and 2029.
The practical timeline for compliance teams looks like this:
- July 10, 2026: AMLA submits final RTS to the European Commission. This is when the detailed technical requirements become settled.
- Late 2026: The EUDI Wallet becomes available to EU citizens across Member States, opening a new channel for digital identity verification in AML onboarding flows.
- July 10, 2027: The new EU AML rulebook becomes directly applicable across all Member States. Unlike previous directives, these rules will not require national transposition.
- 2028: AMLA is expected to select approximately 40 high-risk cross-border institutions for direct supervision, operating with full supervisory authority.
Entry into application in July 2027 requires immediate alignment for new business relationships. Existing client portfolios must be brought into compliance within a maximum period of five years, following a risk-based approach.
How AMLA RTS Will Change Identity Verification in Practice
The most significant shift for identity verification teams is the move from locally adjusted CDD to a European standard. Customer due diligence is no longer a locally adjusted mechanism. Under the AML package, it becomes a European standard that institutions will need to demonstrate they follow.
For digital onboarding specifically, the RTS creates clearer pathways and clearer obligations:
- Remote verification is formally recognized. eIDAS-compliant electronic identification is treated as equivalent to in-person verification, removing ambiguity that has historically complicated cross-border onboarding.
- The EUDI Wallet becomes a valid CDD tool. The AMLR recognizes Qualified Electronic Attestation of Attributes and the EUDI Wallet as valid for CDD, requiring financial institutions to accept EUDI Wallet for onboarding by 2027.
- Ongoing monitoring becomes an explicit obligation, not just a best practice. The RTS addresses review periodicities and dynamic triggers for enhanced due diligence, meaning a single onboarding check is no longer sufficient.
- Crypto-asset service providers face steep remediation. Crypto-asset service providers, which in many cases have only been subject to AML supervision since 2020, face the steepest CDD remediation curve.
If you’d like a deeper understanding of how these requirements connect to KYC obligations more broadly, we got you covered. Our articles on what KYC regulations require and the key components of KYC provide useful context on the compliance environment these standards operate within.
What Compliance and IDV Teams Should Do Now
The public consultation closed in May 2026, and AMLA is now preparing final submissions. The window to influence the standards has closed. The window to prepare for them is open but narrowing.
Here are the practical steps compliance and identity verification teams should prioritize:
- Read the draft RTS directly. They are publicly available on AMLA’s website. Third-party summaries are useful for orientation, but the primary text is the authoritative reference.
- Run a gap analysis against Articles 16 to 46 of Regulation (EU) 2024/1624. Firms should run a gap analysis during 2026, prioritizing the categories where divergence between current practice and the new text is largest.
- Assess your verification technology. If your onboarding platform cannot support eIDAS-compliant electronic identity verification, risk-based trigger mechanisms, or EUDI Wallet credentials, begin evaluating solutions now rather than after the July 2027 deadline.
- Review your ongoing monitoring capabilities. The RTS makes clear that customer due diligence regulation under AMLA is not a one-time onboarding exercise. Dynamic EDD triggers and periodic review obligations require systems that monitor continuously, not just at point of entry.
- Document your preparation. Regulators expect to see evidence that your firm has assessed the new standards, identified gaps, and taken steps to address them. An audit trail of your readiness process will be valuable during future supervisory reviews.
- Plan for existing customer portfolios. New business relationships must comply from July 2027. Existing portfolios have a longer runway but require a structured remediation plan.
AML compliance readiness in the AMLA era is not a legal team problem alone. It requires coordination across compliance, product, technology, and operations teams to update verification workflows, integrate new identity sources, and ensure audit-ready documentation at every stage.
Book a Demo
Give your business the boost of a fully automated, KYC process. No geographical limits and fast, frictionless onboarding verification processes enhance customer’s experience.
FAQ
What is the difference between AMLA and FATF?
FATF, the Financial Action Task Force, is an intergovernmental body that sets global AML standards and conducts mutual evaluations of member countries. AMLA is the EU's own enforcement authority, established to apply and supervise a harmonized AML rulebook directly across all 27 Member States. FATF sets the international baseline; AMLA EU enforces a binding European standard above it.
When does the AMLA Regulation become fully applicable?
The AMLR becomes directly applicable across all EU Member States on July 10, 2027. Unlike previous directives, it does not require national transposition, meaning the same rules apply in every Member State simultaneously. The July 10, 2026 deadline is for AMLA to submit its technical standards to the European Commission, not for obligations to take effect.
What are reliable independent sources for identity verification under AMLA?
The draft RTS under Article 28 of the AMLR specifies which reliable and independent sources of information obliged entities may use to verify the identity of natural and legal persons. These include eIDAS-compliant electronic identification, EUDI Wallet credentials, government-issued documents, and qualified electronic attestations of attributes. The draft standards explicitly recognize remote verification methods at appropriate assurance levels as equivalent to face-to-face checks.
Does AMLA apply to non-EU entities?
AMLA's direct supervisory authority covers entities operating within the EU. However, any organization serving EU customers, processing EU transactions, or operating through EU-based entities is subject to the AMLR's requirements. Non-EU identity verification providers that support EU-regulated firms must ensure their platforms meet the AMLR's technical and assurance standards to remain viable partners for their EU clients.
How does AMLA relate to the 6th Anti-Money Laundering Directive?
AMLD6 works alongside the AMLR rather than replacing it. The AMLR covers substantive AML obligations including CDD, beneficial ownership, and reporting. AMLD6 covers institutional arrangements, including national supervisory authority structures, access to financial intelligence units, and cooperation frameworks. Both instruments form part of the same EU AML package adopted in 2024 and are designed to be read and applied together.



