Europe’s anti-money laundering landscape is about to change, permanently. The Anti-Money Laundering Regulation (AMLR) and its companion directive AMLD6, adopted by the EU in May 2024, will apply from July 10, 2027. For any organization operating in financial services, insurance, real estate, or regulated professions, the clock is already ticking.
The shift is significant: AML compliance is moving from a patchwork of national transpositions to a single, directly applicable regulationl across all 27 EU Member States: backed by a new supranational enforcement authority, AMLA. And at the heart of this transformation is a fundamental redefinition of how customer identity must be verified in the digital age.
This article breaks down what AMLR and AMLD6 mean in practice for digital identity verification, what Article 22 changes for remote onboarding, what to expect from the forthcoming CDD RTS, and how Signaturit Group’s solutions are built for this new compliance environment.
1. Why New AML Regulations? From Fragmented Directives to a Single EU Framework
For over two decades, the EU’s fight against money laundering and terrorist financing relied on a series of directives: AML4, AML5, AML6; that each Member State transposed into national law in its own way. The result was a compliance landscape that was uneven, inconsistent, and increasingly inadequate in the face of cross-border financial crime.
The AMLR replaces this fragmented architecture with a single EU regulation, directly applicable without national transposition, creating unified obligations for all regulated entities, from banks and insurers to crypto-asset service providers and real estate agents. Alongside it, AMLD6 harmonizes national supervisory structures and introduces the Anti-Money Laundering Authority (AMLA), a new EU body based in Frankfurt that will directly supervise the highest-risk entities across the Single Market.
The key drivers of reform:
- Persistent gaps between national implementations creating arbitrage opportunities for criminals
- The explosion of digital financial services and remote onboarding that legacy frameworks were not designed for
- Rising identity fraud, deepfake-assisted document forgery, and synthetic identity attacks
- The need to align AML standards with the EU’s broader digital identity infrastructure (eIDAS 2.0, EUDI Wallet)
📅 Key dates
AMLR adopted: May 31, 2024 | Applies from: July 10, 2027 | AMLD6 transposition deadline: 2026 | CDD RTS publication: Q1 2026 (expected)
2. What Article 22 Changes in Practice for Remote Onboarding
Article 22 of the AMLR is the most operationally impactful provision for any organization that onboards customers remotely. It defines the requirements for Customer Due Diligence (CDD) — the process of identifying and verifying customers before and during a business relationship.
What must be verified (Article 22, paragraph 1)
For natural persons, regulated entities must collect and verify:
- Full name and surnames
- Date and place of birth
- Nationality (or statelessness/refugee status where applicable)
- National identification number
- Usual place of residence or postal address
- Tax identification number (where available)
For legal entities, the requirements extend to legal form, registered office address, names of legal representatives, and beneficial ownership information.
How verification can be conducted (Article 22, paragraph 6)
This is where AMLR explicitly recognizes digital identity tools. Verification may be conducted through:
- (a) Document-based remote onboarding: submission of an identity document (ID card, passport or equivalent) and acquisition of information from reliable independent sources — i.e., standard remote ID verification.
- (b) Electronic identification means: use of eIDs meeting eIDAS requirements at “substantial” or “high” assurance levels, or qualified trust services as defined under eIDAS — explicitly including the EUDI Wallet and Qualified Electronic Signatures.
⚖️ What this means in practice
Regulated entities can no longer rely solely on fragile, unverified form submissions or inconsistent document checks. Article 22 creates a clear compliance hierarchy: eIDs and EUDI Wallets at “substantial” or “high” assurance levels, and QES-backed identity, are explicitly recognized as valid, and will increasingly become the preferred standard. Organizations with modular, risk-based identity verification infrastructure will be ready. Those relying on legacy, rigid KYC flows will face significant remediation work before July 2027.
3. The Role of the CDD RTS: What to Expect from Q1 2026
Article 22 sets the legal framework, but the technical detail of how identity verification must be implemented will be defined by the Regulatory Technical Standards on Customer Due Diligence (CDD RTS), expected to be published by the European Banking Authority (EBA) in Q1 2026.
A first draft of the CDD RTS was published in October 2025, providing an early view of the EBA’s technical expectations. Based on this draft, the RTS will address:
| Topic | Expected CDD RTS Guidance |
| Non-face-to-face verification | Specific requirements for biometric identification, eIDs, wallets, and QES |
| Identity proofing requirements | Technical standards for liveness detection, document authenticity, biometric matching |
| Risk-based calibration | How to adjust verification intensity based on customer risk profile and channel |
| Audit and traceability | Documentation requirements for onboarding decisions and identity verification records |
The CDD RTS will be binding once finalized and will set the detailed technical benchmark against which compliance teams, and supervisory authorities, will assess onboarding processes. Organizations should begin mapping their current KYC infrastructure against these forthcoming standards now, rather than waiting for final publication.
4. eID, EUDI Wallet, and QES: The Three Accepted Compliance Pathways
Article 22(6) of the AMLR explicitly recognizes three technology pathways for compliant remote identity verification. Understanding the differences, and their respective levels of assurance, is essential for selecting the right approach for each customer journey.
| Electronic ID (eID) | EUDI Wallet | Qualified Electronic Signature (QES) |
| National electronic identity schemes notified under eIDAS, at substantial or high assurance level. Examples: French FranceConnect+, Spanish Cl@ve, German eID. Best for: onboarding in regulated sectors with national eID adoption. | The European Digital Identity Wallet, mandated under eIDAS 2.0 (Article 5f). Wallets must be issued by all EU Member States by 2026; financial institutions must accept them by December 2027. Best for: cross-border onboarding, frictionless re-use of identity attributes across services. | The highest level of electronic signature under eIDAS, backed by a qualified certificate issued after rigorous identity verification (face-to-face or certified remote video). Best for: high-risk onboarding, regulated contracts, situations requiring legal presumption of authenticity. |
| Assurance: Substantial or High | Assurance: High (eIDAS 2.0) | Assurance: High — legal presumption of validity |
The right pathway, or combination of pathways, depends on the customer’s risk profile, the channel, and the product. A risk-based, modular identity verification stack is therefore not optional under AMLR: it is a compliance requirement.
5. How Signaturit Group Covers These Requirements
As a Qualified Trust Service Provider (QTSP) recognized under eIDAS, and operating across five group entities (Universign, Vialink, Validated ID, Ivnosys, and Signaturit), Signaturit Group is uniquely positioned to support organizations across all three AMLR-recognized identity verification pathways.
ID Verification — Compliant remote onboarding from day one
Signaturit’s AI-powered ID Verification solution performs automated authenticity checks on identity documents from over 200 countries, with more than 50 control points, biometric facial matching, and active liveness detection to counter deepfakes and injection attacks. It is designed to meet both the current requirements of AMLR Article 22(6)(a) and the forthcoming CDD RTS standards for non-face-to-face verification.
EUDI Wallet — Ready for the 2027 mandatory acceptance deadline
Through Validated ID and VIDwallet, Signaturit Group is an active participant in the European Digital Identity Wallet ecosystem. Our solutions support the issuance, management, and verification of Verifiable Credentials (VCs) in line with eIDAS 2.0 and the W3C VC framework — enabling organizations to prepare for mandatory EUDI Wallet acceptance well before the December 2027 deadline.
QES — The highest level of identity assurance
Our Qualified Electronic Signature solutions (via Universign, Ivnosys, and Vialink) include certified remote identity verification (PVID in France; equivalent standards across other markets), enabling the issuance of qualified certificates after rigorous video-based identity checks. QES provides the legal presumption of authenticity required for high-risk onboarding and regulated transactions.
KYC Data Collection & Document Verification
Our Document Check solution integrates real-time verification against public and private databases for additional KYC screening. Combined with our data collection workflows, it enables continuous monitoring, not just one-time onboarding, as required by AMLR’s ongoing due diligence obligations.
| AMLR Requirement | Signaturit Group Solution |
| Remote identity verification (Art. 22.6a) | ✅ AI-powered ID Verification (biometrics + document check) |
| eID / eIDAS-compliant identification (Art. 22.6b) | ✅ QES + qualified certificate issuance (Universign, Ivnosys, Vialink) |
| EUDI Wallet acceptance (mandatory by Dec. 2027) | ✅ VIDwallet + Verifiable Credentials (Validated ID) |
| Continuous monitoring & KYC screening | ✅ Document Verification + KYC data collection & analysis |
| Audit trail & compliance documentation | ✅ Tamper-proof audit trails + qualified digital preservation |
Conclusion: The Compliance Window Is Open: Don’t Wait to Act
July 2027 may feel distant. It isn’t. The CDD RTS will add further technical obligations in 2026, the EUDI Wallet becomes mandatory in 2027, and organizations that start their compliance assessment now will have the time to adapt their onboarding workflows, select the right technology partners, and avoid the last-minute scramble.
AMLR and AMLD6 are not just a compliance exercise: they are an opportunity to modernize identity verification, reduce fraud, improve customer experience, and gain a competitive advantage in a market where trust is the ultimate differentiator.
Signaturit Group is ready to support this transition: as a QTSP, as a technology partner, and as a trusted backbone of digital identity infrastructure across Europe.
📥 DOWNLOAD OUR WHITEPAPER ON CURRENT REGULATIONS
The new era of digital trust in Europe: eIDAS 2.0 and the new identity standard
📎 Related articles on signaturit.com
