Premise
At Namirial, we collaborate extensively with clients in financial services—from banks and payment providers to emerging fintechs and crypto-asset service providers. In these engagements, one recurring challenge has been to align customer onboarding and KYC processes with an increasingly complex regulatory framework. We have therefore considered it useful to clarify the current regulatory scenario, highlighting the coexistence of eIDAS 2.0, AMLR, AMLD6, PSD3, PSR, and MiCAR, and to outline why investing in scalable onboarding processes is now a strategic imperative, especially with the approaching rollout of the European Digital Identity Wallet (EUDIWallet).
Current State of KYC in Regulated Sectors
1. AMLR and AMLD6
The AntiMoneyLaundering Regulation (AMLR, EU 2024/1624) strengthens the risk-based approach for obliged entities across the Union. It will become fully applicable from July 2027, leaving a preparation window. Its objective is to harmonize customer due diligence requirements across Member States, ensuring that banks, payment providers, insurers, and cryptoasset firms can rely on a common baseline. Notably, AMLR explicitly recognizes the role of Qualified Trust Service Providers (QTSPs), creating an important first bridge to the eIDAS framework that we will address later. As a leading QTSP, we are continuously required to update our services to meet the needs of financial sector clients. In this context, it is also important to note the recent creation of the AntiMoneyLaundering Authority (AMLA), which is in the process of establishing its staff and will supervise compliance at the European level, in line with the supervisory mandate defined under the AMLR and AMLAR.
The Sixth AntiMoneyLaundering Directive (AMLD6) complements AMLR by expanding criminal liability and closing loopholes in national implementations. Together, these frameworks elevate the bar for KYC processes, requiring robust identification, monitoring, and reporting infrastructures.
2. PSD3 and PSR
The Payment Services Directive 3 (PSD3) and the Payment Services Regulation (PSR) aim to modernize payments oversight and bring stronger harmonization. Both are expected to apply from 2026 onward, reshaping how Payment Service Providers (PSPs) structure KYC and fraud-prevention controls. These instruments will reinforce obligations to verify identities, prevent account takeovers, and align with AMLR requirements.
3. MiCAR
The Markets in CryptoAssets Regulation (MiCAR) entered into force in June 2023, with a phased application. As of December 2024, rules for stablecoins (EMTs and ARTs) became fully operational, while the broader obligations for cryptoasset service providers apply from June 2026. MiCAR requires KYC processes equivalent to those under AMLR and PSD3/PSR, establishing an integrated framework for digital assets.
The Role of eIDAS 2.0 and the European Digital Identity Wallet
From eIDAS to eIDAS 2.0
The eIDAS Regulation (2014) laid the foundation for cross-border trust in electronic identification. The updated eIDAS 2.0 (Regulation EU 2024/1183) entered into force in May 2024, introducing the European Digital Identity Wallet (EUDIWallet) as the central enabler of secure, interoperable digital identity across the EU.
Key Deadlines and Article 5f
Under Article 5f, Member States and large private relying parties in regulated sectors will be obliged to accept the European Digital Identity Wallet for strong authentication no later than the 24.12.2027 (thank you Santa Claus!). This provision covers areas such as banking, financial services, energy, transport, and telecommunications, among others. In addition, Member States must ensure that at least one wallet per country is made available to all citizens by ** December 2026**. These deadlines mark the critical milestones for universal rollout, alongside intermediate steps such as the adoption of implementing acts (already underway since November 2024) and national preparations for certification and supervisory frameworks.
Privacy and User Control
The wallet is designed with privacy-by-design principles, ensuring data minimization, transparency, and user control. By leveraging Qualified Electronic Attestations of Attributes (QEAA), the EUDIWallet promises to simplify onboarding while remaining aligned with GDPR and other privacy mandates.
Interplay Between Regulations
Understanding the Complexity
It is useful to attempt to understand the interrelations between these different regulations and their implementing or delegated acts. The number of rules and standards being layered is considerable: for example, the eIDAS Regulation alone foresees 36 implementing acts that reference around +70 technical standards, while the AMLR will be accompanied by its own delegated acts. This growing regulatory ecosystem makes it even more important to design integrated approaches to KYC and onboarding. What follows is a highlevel reading, where we have tried to outline some of the main correlations that we observed.
1. eIDAS 2.0 + AMLR/AMLD6
A useful comparison emerges between Article 24 of eIDAS and Article 22 of AMLR. Article 24 of eIDAS defines requirements for electronic identification and trust service providers, setting a framework for identity proofing processes and with the latest Implementing Act is direclt referring to the new ETSI 119 461 standard that define in details the requirements and use cases for the different scenarios. In parallel, Article 22 of AMLR sets out the customer due diligence obligations for obliged entities, specifying the conditions under which identification and verification must be carried out. Together, these provisions illustrate the complementary nature of trust services (focused on the integrity and reliability of identities and signatures) and AML obligations (focused on the prevention of money laundering and terrorist financing).
The integration of trusted digital identity with AML frameworks creates opportunities to streamline onboarding while strengthening compliance. By using EUDIWallet credentials, institutions can reduce friction in customer due diligence while ensuring uniform standards across jurisdictions.
2. PSD3/PSR + AMLR/AMLD6
Payment institutions must embed KYC that is both risk-based (as per AMLR) and technically interoperable (as per PSD3/PSR). The convergence requires scalable and flexible onboarding platforms that can adapt to regulatory overlap, with processes that may differ depending on the assessed level of risk.
3. MiCAR + PSD3/PSR
As crypto and payments converge, unified onboarding will be essential. MiCAR’s requirements for customer identification mirror those in PSD3/PSR, signaling a move toward cross-sector harmonization.
4. eIDAS 2.0 + PSD3/MiCAR
The EUDIWallet can act as a single trust anchor across financial services, enabling compliance in both fiat and crypto ecosystems.
Architecting Scalable Onboarding
Why Scalable Architectures Matter
Institutions face heterogeneous regulatory requirements and customer risk profiles. This makes it essential to deploy KYC architectures that are both scalable and flexible. Such platforms allow for differentiated onboarding flows depending on the level of risk assessed, while maintaining consistency with AMLR’s proportionality principle and eIDAS assurance levels. By scaling processes according to transaction volume and customer category, organizations can achieve compliance without compromising efficiency or customer experience.
Key Principles
- Standardization: leverage EUDIWallet and qualified trust services.
- Risk–based flexibility: align with AMLR’s proportional approach.
- Crosss–ector interoperability: ensure compatibility across countries and wallets.
- User-centricity: minimize friction while ensuring compliance.
Strategic Advantages
- Efficiency: automated, scalable processes lower costs.
- Compliance resilience: agile platforms adapt to evolving rules.
- Cross-border scalability: interoperability fosters expansion.
- Customer trust: secure and seamless experiences boost adoption.
Conclusion
The regulatory landscape is converging toward a harmonized framework for KYC. With AMLR entering into force in July 2027, eIDAS 2.0 mandating universal wallet deployment by December 2026 and forced adoption by financial services by December 2027, and PSD3, PSR, and MiCAR applying from 2026 onward, institutions face both compliance challenges and opportunities for transformation.
At Namirial, we believe the European Digital Identity Wallet—combined with scalable onboarding solutions—will be the cornerstone of compliant, efficient, and usercentric financial services in the coming decade. This is precisely why we have built our own KYC and onboarding platform, which has enabled us to be recognized by industry analysts as a Leader in KYC platforms for financial services.