AMLR Explained: What Changes in 2027 and How Organisations Can Prepare

This shift affects how customers and businesses are identified, how beneficial owners are verified, and how risk is monitored over time. It also supports Europe’s move towards stronger electronic identification, linked to eIDAS 2, notified electronic IDs, Qualified Trust Services, and the European Digital Identity (EUDI) Wallet.

This article provides a practical overview of AMLR, explains what will change, and outlines how organisations can prepare.

Why AMLR is being introduced

Until now, the EU relied on AML directives. While the objectives were shared, each Member State transposed them into national law differently. Over time, this led to a fragmented compliance landscape.

In practice, this meant that onboarding rules varied by country, expectations around evidence and documentation differed, the use of digital identity was inconsistent, and cross-border onboarding was often slow and complex. Supervision was also fragmented across national authorities.

AMLR replaces this approach with one regulation that applies uniformly across the EU. The aim is to reduce uncertainty, strengthen consistency, and improve cooperation between supervisors. It also forms part of a wider EU AML package, which includes the creation of a new EU-level supervisory authority, AMLA.

AMLR in simple terms

AMLR defines harmonised rules for how obliged entities must manage customer due diligence across Europe. It sets common expectations for:

• customer identification and verification (KYC)
• business verification and beneficial ownership checks (KYB and UBO)
• politically exposed person (PEP) checks
• ongoing monitoring and risk assessment
• documentation, audit trails and record-keeping

From 10 July 2027, these requirements will apply directly across all Member States, with far fewer national variations than under previous AML directives.

Today vs tomorrow under AMLR

A straightforward way to understand the impact of AMLR is to compare today’s environment with what organisations can expect from 2027.

Today, customer due diligence standards still differ between Member States. Onboarding journeys are often adapted per market, manual document checks remain common, and identity verification methods vary in quality and assurance. Beneficial ownership information can be inconsistent, and supervisory expectations are not fully aligned.

From 2027, organisations will operate under one harmonised EU AML framework. Due diligence expectations will be clearer and more consistent. There will be a stronger emphasis on secure electronic identification, better transparency around ownership and UBO checks, clearer evidence and audit trails, and supervision coordinated through AMLA.

For organisations operating across borders, this reduces operational friction. For customers, it enables more consistent onboarding experiences across the EU.

Why electronic identification plays a bigger role

AMLR does not mandate specific technologies. However, it aligns closely with the EU’s digital identity framework under eIDAS 2, which supports a shift away from manual, document-heavy checks towards trusted electronic identification.

Three elements are particularly relevant:

• Notified electronic IDs (eIDs)
  Government-backed digital identities that meet “substantial” or “high” assurance levels and can be used for secure, cross-border KYC.
• Qualified Trust Services
  Including Qualified Electronic Signatures (QES), which provide legally recognised proof of identity, and Qualified Electronic Attestations of Attributes (QEAA), which offer certified proof of specific attributes such as name, age, address or authority.
• The European Digital Identity (EUDI) Wallet
  A digital wallet that enables individuals to share pre-verified identity attributes securely, helping reduce document handling and repeated checks.

Together, these methods support faster, more reliable and more consistent onboarding journeys across Europe.

Who AMLR applies to

AMLR affects a wide range of obliged entities.

This includes financial services organisations such as banks, payment and e-money institutions, insurers, investment and wealth firms, and regulated fintechs. It also applies to crypto-asset service providers, digital investment and trading platforms, and crowdfunding services.

Beyond financial services, AMLR brings selected high-value sectors into scope, including traders of jewellery, luxury goods, vehicles and art, as well as certain sports organisations such as professional football clubs and agents.

Non-EU organisations are also affected where they operate in or with the EU, including companies with EU branches or subsidiaries, those entering business relationships with EU obliged entities, or groups acquiring property in the EU.

How onboarding and AML operations will change

AMLR affects everyday operations, not just policy documents.

Organisations will need clearer and more traceable evidence of how customers, businesses and beneficial owners are identified and verified. Manual document checks will still exist in some cases, but electronic identification is often faster, easier to audit, and more consistent across markets.

Beneficial ownership checks will require stronger validation of ownership structures. At the same time, harmonisation reduces the need to design and maintain separate onboarding processes for each country.

There is also an operational impact. Reusing verified identity attributes — for example through wallets or trust services — can help reduce manual exceptions and lower onboarding and KYC costs over time.

Preparing for AMLR: practical steps

Although AMLR applies from 2027, organisations can start preparing now.

This includes reviewing onboarding flows to identify manual steps or country-specific variations, assessing whether existing identity verification methods will meet future expectations, and reviewing KYB and UBO processes to ensure ownership information can be verified consistently and supported by clear evidence.

It is also important to ensure that systems are flexible enough to adapt as AMLA publishes further guidance and regulatory technical standards.

How Signicat supports AMLR-aligned onboarding

Signicat supports organisations in building AMLR-aligned KYC, KYB and AML journeys.

Signicat supports a wide range of identity verification methods, including national eID schemes, eIDAS-notified eIDs at substantial and high assurance levels, biometric and document verification, video identification, and EUDI Wallet-ready flows as wallets become available. This allows organisations to match identification methods to different risk levels.

With access to more than 200 data and registry sources, Signicat also supports verification of personal identity, business data, roles and authorisations, ownership and UBO structures, address details, and PEP and sanctions status. These checks can be combined into a single onboarding flow.

Qualified Trust Services, including Qualified Electronic Signatures (QES), provide high-assurance identity verification for regulated onboarding. Signicat is also preparing to support Qualified Electronic Attestations of Attributes (QEAA) as the certification frameworks and supervisory requirements become available under eIDAS 2.

Trust orchestration capabilities make it possible to design and update onboarding journeys without rebuilding systems, helping organisations adapt as AMLR requirements evolve

Looking ahead to 2027

AMLR marks a significant shift in how organisations across Europe approach customer due diligence. While expectations increase, the regulation also creates a clearer and more consistent foundation for digital onboarding.

Organisations that begin preparing early will be better positioned by 2027, with smoother onboarding processes, fewer exceptions, and clearer evidence of compliance.