TL;DR: AMLA must submit 23 technical standards and guidelines to the European Commission by July 10, 2026, and its draft rules already validate eIDAS-compliant digital identity and the EUDI Wallet for remote onboarding, according to AU10TIX. The practical shift is from locally interpreted KYC to a harmonized EU verification model that compliance teams must prepare for now, not after the AMLR becomes applicable in 2027.
NHIMG editorial — based on content published by AU10TIX: AMLA must submit 23 technical standards by July 10, 2026 and the EU is moving toward harmonised KYC rules
By the numbers:
- AMLA must submit 23 regulatory technical standards, implementing technical standards, and guidelines to the European Commission by July 10, 2026.
- The AMLR becomes fully applicable on July 10, 2027.
- The European Union AML package introduces nearly 100 due dates over the next eight years.
Questions worth separating out
Q: What should identity verification teams do when AML rules move to a harmonised EU model?
A: They should standardise onboarding, due diligence, and review workflows against the new EU baseline rather than relying on local policy variants.
Q: Why do eIDAS and the EUDI Wallet matter for KYC programmes?
A: They matter because they create a recognised path for remote verification with defined assurance, which reduces dependence on fragmented local document checks.
Q: How can firms tell whether their customer due diligence is actually working?
A: They should look for three signals: verification decisions are repeatable, enhanced due diligence triggers are documented and defensible, and periodic reviews happen when risk changes.
Practitioner guidance
- Run a gap analysis against the draft RTS and AMLR articles Compare current onboarding, beneficial ownership, and enhanced due diligence workflows against Articles 16 to 46 of Regulation (EU) 2024/1624, then document where local practice diverges from the harmonised model.
- Validate digital identity acceptance criteria Check that your platform can consume eIDAS-compliant electronic identification, qualified electronic attestations of attributes, and EUDI Wallet credentials at the assurance level required for regulated onboarding.
- Build lifecycle monitoring into KYC operations Tie periodic review schedules and dynamic EDD triggers to customer records so identity verification remains active after onboarding rather than ending at account creation.
What's in the full article
AU10TIX's full article covers the operational detail this post intentionally leaves for the source:
- A line-by-line explanation of the draft AMLA RTS and how each article changes onboarding obligations.
- The specific July 2026 and July 2027 sequencing that compliance teams need for programme planning.
- Examples of which identity verification methods the standards accept for remote and in-person checks.
- The article's practical guidance on aligning current KYC processes with the new EU rulebook.
👉 Read AU10TIX's analysis of AMLA's new KYC and identity verification standards →
AMLA’s KYC reset: what it means for IDV teams and compliance?
Explore further
AMLA is effectively imposing a governance model for identity evidence, not just a compliance checklist. The draft RTS makes verification sources, assurance levels, and due diligence thresholds explicit, which reduces room for local interpretation. That is a control maturity shift, because the weakest programmes are usually the ones where process memory replaces policy. For identity verification leaders, the implication is straightforward: if evidence quality is inconsistent, the control is not harmonised enough to survive EU-wide scrutiny.
A question worth separating out:
Q: Who is accountable when harmonised AML identity controls fail?
A: Accountability sits with the regulated entity that owns the onboarding and due diligence decision, even when external providers supply identity evidence or verification technology. Supervisors will expect clear ownership, documented evidence, and a remediated control path before the 2027 application date. Shared tooling does not mean shared regulatory responsibility.
👉 Read our full editorial: AMLA’s harmonized KYC standards are reshaping EU identity verification