Table of contents ​

How to navigate European KYC and onboarding regulations, and why financial services need to act now to stay competitive and compliant.

Series: The future of the EU is digital. How can we start building it today?

Convergence between PSD (Payment Services Directive), EUDI Wallet, and AMLR: When KYC meets payments

The new Payment Services Directive (PSD3) and Payment Services Regulation (PSR), combined with the AML Regulation (AMLR), are converging towards a common infrastructure for identity, authentication, and monitoring of digital transactions.

In this model, KYC integration is no longer a separate silo from payments, but a secure gateway to them.

The EUDI Wallet, under eIDAS 2.0, will be a recognized tool for both strong customer authentication (SCA) in payments and Know-Your-Customer (KYC), enabling cross-border financial services without redundant identity checks.

This integration will enable banks, fintechs, and payment service providers to become more efficient and will offer Qualified Trust Service Providers the opportunity to become the reliable backbone of pan-European financial transactions.

The European regulatory landscape for financial services is undergoing its most significant transformation in over a decade.

Among the changes, two converging pillars, anti-money laundering regulations (AMLR) and eIDAS 2.0 are redefining how institutions must conduct Know Your Customer (KYC) processes and regulatory checks, implement digital onboarding, and manage identity verification and customer profile verification throughout the business relationship.

The coming years will see stricter compliance requirements, higher expectations for digital identity reliability, and a clear shift toward harmonized, technology-driven standards.

This article explores the implications of AMLR and eIDAS 2.0 for financial institutions, highlighting the risks, opportunities, and reasons why it is essential for them to act now to be compliant, competitive, and ready for the new era of digital identity!

What is AMLR: the regulation on combating money laundering and terrorist financing?

Towards unified regulations for a more financially secure Europe

For years, the European Union’s anti-money laundering (AML) framework consisted of a disparate set of directives (AMLD), national transpositions, and local supervisory practices.

While these directives established a common basis, they inevitably led to inconsistent implementation across Member States, fragmented enforcement, and uneven exposure to risk.

The gap between European countries has widened, and it is now essential to harmonize everything to ensure a reliable and secure foundation.

AMLR: the new cornerstone

The Anti-Money Laundering Regulation (AMLR), approved by the European Parliament and the Council in June 2024 as part of the new single EU regulatory framework, aims to resolve this issue by introducing a single, directly applicable regulation at EU level.

Unlike directives, a regulation does not require national transposition: it becomes law in all Member States simultaneously and uniformly. The text approved in June 2024 consolidates harmonized obligations for regulated entities and strengthens the direct supervisory powers of the new Anti-Money Laundering Authority (AMLA). This marks a major leap forward towards:

  • Stricter and harmonized rules for regulated entities,
  • centralized supervision, particularly for high-risk entities,
  • Unified risk management requirements,
  • Consistent customer due diligence expectations across the EU.

The AMLR is part of the EU’s broader AML package, which also includes a new AML Directive (AMLD6) and the creation of the Anti-Money Laundering Authority (AMLA) in Frankfurt. Together, they constitute a coordinated effort to reduce financial crime, increase transparency, and modernize compliance operations.

Focus on digital identity

One of the key aspects of the AMLR is the special attention given to digital onboarding and remote customer identification. Technology-assisted verification is no longer considered a peripheral or optional feature, but is becoming a central element of compliance. AMLR advocates for standardized, reliable digital identity processes based on risk levels, with a preference for solutions aligned with EU-approved systems, i.e., those compliant with the eIDAS regulation.

AMLR timeline and strategic importance of December 2027

While the AMLR is currently in the final stages of legislative adoption by the EU, its timeline calls for phased implementation over several years. Alongside the AMLR, another major regulatory milestone is approaching: mandatory acceptance of the European Digital Identity Wallet (EUDI Wallet).

What are the key dates to be aware of?

  • 2024-2027: Official entry into force and gradual implementation of the AMLR (the legislation entered into force on July 9, 2024, and will apply from July 10, 2027)
  • Q1 2026: planned publication of regulatory technical standards (RTS) providing detailed guidance on integration, KYC checks, and digital identity assurance
  • 2025-2027: Harmonization of supervision, establishment of the AMLA (Anti-Money Laundering Authority), and strengthening of enforcement mechanisms
  • Between July and December 2027: the AMLR will apply from July 10, 2027, and under Article 5f of eIDAS 2.0, all regulated entities, including financial institutions, will be required to accept the EUDI wallet as a means of identification and authentication.

This December 2027 deadline is not symbolic; it is a binding obligation that will reshape the processes of integration, authentication, and identity verification.

Article 22 AMLR vs. Article 24 eIDAS

Although AMLR and eIDAS 2.0 are separate regulatory frameworks, they converge on one key point: identity verification.

Article 22 of the AMLR

Article 22 focuses on customer due diligence (CDD) in the context of remote onboarding, introducing expectations regarding:

  • Reliability of remote identity verification
  • Level of reliability of digital identity sources
  • Security and auditability of onboarding technologies
  • Mitigation of identity theft and fraud risks
  • A risk-based approach that can be adapted to customer profiles

Article 24 of the eIDAS Regulation

Article 24 defines the supervision of trust service providers and the assurance levels of electronic identification systems. It is now supplemented by Implementing Regulation (EU) 1566/2025 on identity verification, which guarantees:

  • Identity verification processes with a high level of assurance or trust
  • Certification and standardization, with reference to the ETSI TS 119 461 v2.1.1 standard (Certification held by Namirial, of which Signaturit Group is a part)
  • Supervision of identification system providers

How they complement each other ?

  • The AMLR defines the objectives to be achieved, with a risk-based and supervisory approach.
  • eIDAS defines how this can be achieved through a specific technical standard and a conformity assessment framework.
  • eIDs and EUDI wallets bridge the gap between the two.

Risk-based approach of the AMLR: why is modular KYC essential?

The fundamental principle of AMLR is a risk-based approach. This requires verification measures that are adaptable and tailored to different parameters:

  • The customer’s risk profile
  • The complexity of the products/journey
  • The distribution channels
  • The levels of security required for identity verification
  • Behavioral monitoring, i.e., elements to combat deepfakes, for example.

Legacy systems with rigid KYC flows will not meet AMLR requirements. Institutions now need modular, orchestratable solutions capable of adjusting the level of verification to the risks of the processes.

Why does Signaturit have the right solutions for this new paradigm?

Signaturit Group is designed for the new regulatory era.

A modular solution

  • Flexible workflow orchestration
  • Portfolio of identity verification solutions from standard to substantial:
    • biometrics,
    • ID verification,
    • Easy recognition and passive detection of living persons,
    • Digital identity wallet.
  • Solutions tailored to different levels of risk in business processes and workflows

Compliant with European trust frameworks

  • eIDAS compliance: Signaturit (and group entities: Universign, Vialink, Validated ID) is recognized as a trusted service provider, compliant with European regulations for electronic transactions.
  • ISO certifications (international standards) covering several areas: quality, information security, IT services, business continuity, environmental management, etc.
  • National information system security certifications: compliance with national requirements to guarantee access, confidentiality, integrity, traceability, authenticity, availability, and preservation of electronic service data.
  • Compliance with the GDPR (General Data Protection Regulation).

A sustainable investment

  • Reduction in operating costs
  • Improved operational and financial performance
  • Reduced risk of fraud
  • Higher conversion rates
  • Issuance of audit reports in the event of an audit

Conclusion

AMLR and eIDAS 2.0 are redefining digital identity and integration in Europe. Financial institutions that act now, adopting compliant, European, modular, and future-proof solutions, will be ready for the mandatory acceptance of the EUDI wallet by December 2027 and will enjoy a competitive advantage in a rapidly changing environment.

Signaturit Group is ready to support this transition !

Discover our guide to the next era of digital trust

LinkedInFacebookTwitterTelegram

Subscribe to our newsletter

Register now