From AMLR to eIDAS 2.0: the compliance in KYC and onboarding. Why financial services should act now

Matteo Panfilo Avatar
Matteo Panfilo
Product Strategy Director
Table of contents

In the e-book “Scaling Trust: a new era for effortless, secure Digital Transactions” , Namirial CEO Max Pellegrini outlines the upcoming challenges and opportunities facing the EU, between technological innovation and regulatory adjustments, and explains why the pan-European QTSP born from the merger of Namirial and Signaturit is strategic for the European Digital Single Market.

Among the various topics addressed, Pellegrini also highlights the convergence of PSD, EUDIW, and AMLR.

The new Payment Services Directive (PSD3) and Payment Services Regulation (PSR), combined with the AML Regulation (AMLR) – writes Max Pellegrini in his e-book – are converging around a shared infrastructure for identity, authentication, and transaction monitoring. In this model, onboarding is no longer a separate silo from payments—it is the secure gateway to them. The EUDIW, under eIDAS 2.0, will be a recognized tool for both Strong Customer Authentication (SCA) in payments and for Know-Your-Customer (KYC) verification, enabling cross-border financial services without redundant identity checks. This integration will create efficiencies for banks, fintechs, and payment service providers, and open opportunities for QTSPs to become the trusted backbone of pan-European financial transactions.

The European regulatory landscape for financial services is undergoing its most profound transformation in more than a decade. Two converging pillars — the Anti-Money Laundering Regulation (AMLR) and eIDAS 2.0 — are redefining how institutions must perform Know Your Customer (KYC) checks, execute digital onboarding, and manage identity throughout the customer lifecycle. The coming years will see a tightening of compliance obligations, stronger expectations for digital identity assurance, and a clear shift toward harmonized, technology-driven standards.

This article explores the implications of AMLR and eIDAS 2.0 for financial institutions, highlighting risks, opportunities, and why acting now will be essential to remain compliant, competitive, and ready for the era of trusted digital identity.

1. What AMLR is: a unified regulation for a safer financial Europe

For years, the European Union’s anti-money laundering (AML) framework has consisted of a patchwork of directives (AMLDs), national transpositions, and local supervisory practices. While these directives established a common foundation, they inevitably led to inconsistent implementation across Member States, fragmented enforcement, and uneven risk exposure.

AMLR: the new cornerstone

The Anti-Money Laundering Regulation (AMLR), as approved by the European Parliament and Council in June 2024 as part of the new EU Single Rulebook, seeks to solve this challenge by introducing a single, directly applicable EU‑wide regulation. Unlike directives, a regulation does not require national transposition — it becomes law in all Member States simultaneously and uniformly. The June 2024 approved text consolidates harmonized obligations for obliged entities and reinforces direct supervisory powers of the new Anti‑Money Laundering Authority (AMLA).

This marks a major leap toward:

  • Stricter, harmonized rules for obliged entities
  • Centralized supervision, especially for high-risk entities
  • Unified risk management requirements
  • Consistent customer due diligence expectations across the EU

AMLR is part of the broader EU AML Package, which also includes a new AML Directive (AMLD6) and the creation of the Anti-Money Laundering Authority (AMLA) in Frankfurt. Together, they form a coordinated effort to reduce financial crime, increase transparency, and modernize compliance operations.

A new digital identity focus

A key aspect of AMLR is its explicit attention to digital onboarding and remote customer identification. Technology-enabled verification is no longer treated as a peripheral or optional capability — it becomes a core element of compliance. AMLR calls for standardized, reliable, and risk-based digital identity processes, with strong preference for solutions aligned with EU-trusted schemes such as those regulated under eIDAS.

2. AMLR timeline and the strategic importance of Christmas 2027

While AMLR is currently moving through the final stages of EU legislative adoption, its timeline anticipates gradual implementation across several years. Parallel to AMLR, another major regulatory milestone is approaching: the mandatory acceptance of the European Digital Identity Wallet (EUDI Wallet).

Key milestones to watch

  • 2024–2027: Formal entry into force and phased implementation of AMLR (the legislation came into effect on 9 July 2024 and will apply from 10 July 2027)
  • 1Q2026: Expected publication of technical Regulatory Technical Standards (RTS) offering granular guidance for onboarding, KYC controls, and digital identity assurance
  • 2025–2027: Supervisory alignment, AMLA setup, and strengthened enforcement mechanisms
  • By July and Christmas 2027: AMLR will apply from 10 July 2027 and under Article 5f of eIDAS 2.0, all regulated entities — including financial institutions — must accept the EUDI Wallet as a means of identification and authentication.

This “Christmas 2027 deadline” is not symbolic; it is a binding obligation that will reshape onboarding journeys, authentication processes, and identity assurance practices.

3. Article 22 AMLR vs Article 24 eIDAS

Although AMLR and eIDAS 2.0 are separate regulatory frameworks, they intersect in a critical way: identity proofing.

Article 22 AMLR

Article 22 focuses on Customer Due Diligence (CDD) in the context of remote onboarding, introducing expectations for:

  • Reliability of remote identity proofing
  • Assurance level of digital identity sources
  • Security and auditability of onboarding technologies
  • Mitigation of impersonation risks
  • A risk-based approach scalable to customer profiles

Article 24 eIDAS

Article 24 defines the supervision of trust service providers and the assurance levels of electronic identification schemes, and is now complemented by Implementing Regulation (EU) 1566/2025 on identity proofing, ensuring:

  • Identity proofing processes with high level of assurance or confidence
  • Certification and standardization, referencing to ETSI TS 119 461 v2.1.1
  • Supervision of identity scheme providers

How they complement each other

  • AMLR defines what must be achieved, with a risk-based and supervisory approach.
  • eIDAS defines how it can be achieved with a specific tecnical standard and conformity assessment framework.
  • The eIDs and EUDI Wallets become the bridge between the two.

4. Why ETSI TS 119 461 matters

A major development in European digital identity regulation is the rise of ETSI TS 119 461, the technical specification for remote identity proofing.

Referenced in EBA Guidelines

The European Banking Authority explicitly referenced this standard in its Guidelines on Remote Customer Onboarding, recognizing it as a:

  • Reliable baseline for identity proofing
  • Strong framework for impersonation risk mitigation
  • Harmonized technical standard

Expected Role in AMLR RTS

Experts expect ETSI TS 119 461 to be referenced in the upcoming AMLR Regulatory Technical Standards, making alignment with this specification essential for compliance.

5. AMLR’s risk-based approach: why modular KYC is essential

AMLR’s core principle is a risk-based approach. This requires adaptable verification measures tailored to:

  • Customer risk
  • Product complexity
  • Delivery channels
  • Identity assurance levels
  • Behavioral monitoring

Legacy systems with rigid KYC flows will not meet AMLR requirements. Institutions instead need modular, orchestrable solutions capable of adjusting verification depth dynamically.

6. Why Namirial Onboarding is the ideal solution

Namirial Onboarding is built for the new regulatory era.

Modular architecture

  • Flexible workflow orchestration
  • Modular identity verification components
  • Risk‑based routing
  • Multi-assurance verification levels

Aligned with European trust frameworks

  • Qualified trust service provider under eIDAS
  • Alignment with ETSI TS 119 461 methodologies
  • Built for future EUDI Wallet support

A future-proof investment

  • Reduced operational costs
  • Lower fraud rates
  • Higher conversion rates
  • Audit‑ready reporting

Conclusion

AMLR and eIDAS 2.0 are reshaping digital identity and onboarding in Europe. Financial institutions that act now — adopting compliant, modular, and future‑proof solutions — will be ready for the mandatory EUDI Wallet acceptance by Christmas 2027 and gain competitive advantage in a rapidly shifting landscape.

Namirial Onboarding stands ready to support this transition.

Last modified:

January 15, 2026

Read the Content Integrity Policy

Share Post

Matteo Panfilo Avatar
Matteo Panfilo
Product Strategy Director

With many years of experience in B2B software and venture capital, Matteo Panfilo is currently the Product Strategy Director at Namirial. In his previous roles, he spearheaded product development strategies, guided investment decisions, established technology partnerships, and managed pre-sales activities and service P&L. He collaborated closely with sales and delivery teams to drive digital transformation initiatives and deliver software-as-a-service solutions to enterprise customers. Earlier in his career, Matteo built and led a digital sales team focused on providing ERP and accounting SaaS solutions to a diverse customer base. He also spent six years in venture capital, where he invested over €30 million in 20 European tech companies, with a primary focus on SaaS, Fintech, and B2B sectors.

Other articles