Purple sunset on East West boulevard with traffic light trails belong Tau Hu canal, Ho Chi Minh city, Vietnam.

How to prepare your CDD and onboarding for the EU AML overhaul

Photographic portrait of Manuel Delgado
Manuel Delgado

EY Global FinCrime Solution Leader; EY EMEIA Financial Services FinCrime Solution Leader

5 minute read 13 Feb 2026

The new EU anti-money laundering (AML) rules and digital onboarding will transform compliance, KYC and customer due diligence (CDD) in 2026.

In brief
  • Key changes include less mandatory data collection, eIDAS-compliant digital identity for remote onboarding and dynamic triggers for enhanced due diligence (EDD).
  • The new EU AML package introduces a risk-based approach to CDD and onboarding, streamlining compliance for financial institutions.
  • These reforms promise efficiency and a better customer experience but require major system upgrades and compliance by 2027–28.

A Luxembourg perspective

The EU AML overhaul – an exciting moment for AML

The EU’s AML overhaul can be framed as a heavy regulatory lift, and there is no doubt that the upfront work is significant. But this reform is also an opportunity to rethink AML in a way that is more digital, more customer centric and ultimately more effective.

By moving to a single EU rulebook, embracing a truly risk based approach, and formally recognizing digital identity and remote onboarding, the new framework shifts AML away from blunt, one size fits all controls. Less unnecessary data collection for low risk customers, smarter use of technology, and dynamic triggers for enhanced due diligence should translate into faster onboarding, better customer experience, and stronger focus on real risk.

Yes, firms will need to invest in systems, data, governance and change management ahead of the 2027 deadlines. But done right, AML frameworks will be more efficient, more scalable and better aligned with how customers and digital markets actually operate today.

Photographic portrait of Frédéric Guilmin
Frédéric Guilmin
EY Luxembourg Partner, Financial Crime & Forensics

Never miss a Luxembourg perspective with our monthly newsletter, summarizing short expert commentaries with a local flavor, covering a range of sector-spanning themes. Subscribe now.

Europe’s financial sector is undergoing a quiet revolution. The new EU Anti-Money Laundering (AML) regulations, including the AML Regulation (AMLR), Anti-Money Laundering Authority (AMLA), and the 6th AML Directive (AMLD6), are transforming how financial institutions approach anti-money laundering, onboarding and compliance. Central to this transformation are the new Regulatory Technical Standards (RTS) on CDD, which set out detailed, standardized requirements for conducting CDD in a digital, risk-driven world. For financial institutions, this is more than a regulatory update; it’s a call to rethink, retool and reimagine onboarding and due diligence processes, with a strong emphasis on effectiveness, proportionality and digital enablement.

The shift from burden to balance

The new AML framework introduces a single EU-wide rulebook and a risk-based approach, aiming to harmonize requirements and reduce unnecessary administrative burdens. The focus now is on effectiveness and proportionality, rather than exhaustive data collection for every customer.

Key changes in CDD and onboarding

  • Occupation and employer details: collected as part of standard CDD depending on organizational policy
  • Source of funds and wealth: limited to EDD scenarios
  • Tax Identification Number (TIN): required only where relevant for risk assessment or legal reporting
  • Detailed employment history: removed entirely
  • Documentary proof for low-risk customers: replaced by digital/eIDAS-compliant verification

Mandatory requirements continue to include the customer’s and the beneficial owner’s full name, date of birth, address, nationality or nationalities, valid identification documents and complete beneficial ownership details, together with risk-based checks for politically exposed persons (PEPs) and sanctions screening. The intended purpose of the business relationship, as well as the customer’s expected activities and transaction behaviour, also remain mandatory elements of onboarding.

How EY can Help

The regulatory backbone: AMLR, AMLAR, AMLD6 and RTS

The new regime is underpinned by several interlocking instruments:

  • AMLR: the single rulebook for obliged entities, harmonizing CDD requirements across the EU

  • AMLAR: establishes the EU Anti-Money Laundering Authority, centralizing supervision and regulatory compliance

  • AMLD6: sets out supervisory and enforcement structures

  • RTS: provides granular, standardized requirements for CDD, risk assessment and digital onboarding
     

The RTS standardize CDD across eight sections, from identification and verification to PEP screening, simplified and enhanced due diligence and the explicit validation of electronic identification methods. 

Digital onboarding and the rise of eIDAS

A key innovation is the embrace of digital onboarding. The acceptance of eIDAS-compliant digital identity and remote verification means banks and FinTechs can now onboard customers fully digitally — no more physical documents for low-risk customers and no more video calls for basic verification.

What is eIDAS?

Electronic Identification, Authentication and Trust Services (eIDAS) is the EU regulation that sets standards for electronic identification, signatures and trust services. It provides the legal framework for using national electronic IDs for know your customer (KYC) and AML onboarding, mutually recognized across the EU. Under AMLR and RTS, eIDAS-compliant methods are considered equivalent to face-to-face verification, supporting secure, auditable and privacy-respecting onboarding. 

The status of eIDAS in Europe and the road ahead

Most EU countries are already “in production” with eIDAS nodes, though user experience and technical maturity vary. The upcoming eIDAS 2.0 regulation and the mandatory EU Digital Identity Wallet (EUDI Wallet) by 2026 will harmonize these differences, making digital identity truly pan-European. All systems must integrate with the EUDI Wallet and meet the “High” assurance level for AML onboarding by 2027. 

Implications for financial institutions and obliged entities

The implications of these changes are profound:

  • Operational efficiency: fewer manual checks, reduced document handling and easier integration with RegTech and AML technology solutions

  • Customer experience: faster onboarding, fewer intrusive questions and alignment with EU Digital Identity Wallet initiatives

  • Compliance automation: dynamic, risk-based triggers for EDD, rather than static, one-size-fits-all data collection

  • Legal trust and auditability: eIDAS transactions are legally recognized and easily auditable, supporting robust AML compliance and regulatory requirements

Institutions must conduct gap analysis, upgrade assurance levels, integrate with eIDAS nodes, prepare for EUDI Wallet acceptance and ensure GDPR-compliant data handling — all by the looming 2027 deadline. 

Challenges and opportunities: a critical perspective

Large, multinational institutions may adapt more easily, given their resources and cross-border experience. Smaller institutions may face steeper hurdles: legacy systems, limited budgets and less experience with digital identity frameworks.

However, the new framework levels the playing field, allowing smaller players to leverage standardized, interoperable digital identity solutions. For EU citizens, the benefits include greater privacy, faster access to financial services and reduced friction in cross-border transactions.

Still, the risk of non-compliance is real. The regulatory bar is higher and penalties for falling short are severe. Institutions must act now to ensure they are not left behind as the digital onboarding sweeps across Europe. 

Legal basis in a nutshell

The legal foundation for these changes is robust:

  • eIDAS 2.0 regulation (EU) 2024/1183: mandates at least one EUDI Wallet per member state by end of 2026, enabling secure, selective sharing of verified identity attributes for KYC and AML onboarding

  • AMLR (Regulation (EU) 2024/1624): recognizes Qualified Electronic Attestation of Attributes (QEAA) and EUDI Wallet as valid for CDD, requiring financial institutions to accept EUDI Wallet for onboarding by 2027

  • Regulatory Technical Standards (AMLA draft RTS (article 28(1)): explicitly validates electronic identification under eIDAS and future-proof solutions like EUDI Wallet for remote onboarding 

The new EU AML framework is not just a legal compliance exercise but a strategic opportunity to transform onboarding, enhance customer trust and future-proof institutions.

EY teams can guide obliged entities through every step, from gap analysis and technology integration to compliance certification and staff training. Our multidisciplinary teams bring deep regulatory insight, technical knowledge and practical experience to help you meet new requirements and turn them into a competitive advantage.

Summary

The EU AML package transforms CDD by shifting from exhaustive, one-size-fits-all data collection to targeted, risk-based checks. Digital onboarding and eIDAS-compliant identity verification are now central, making customer identification faster and more secure. With eIDAS 2.0 and the EU Digital Identity Wallet becoming mandatory by 2026–27, institutions must modernize their processes. While larger firms may adapt more easily, all organizations face the need to upgrade technology and ensure compliance. The benefits include streamlined onboarding, reduced friction for customers and greater trust, but early action is essential to avoid the high costs of non-compliance.

How EU leaders can stay ahead of AMLA and AMLR

AMLA and AMLR will reshape EU oversight and leaders must act now to compete in a data‑driven supervisory environment.

Read more
A bright rainbow spans across green valleys and a lake under a dramatic cloudy sky

Related articles

Why the EU Anti-Money Laundering Authority brings both promise and challenges

Discover the challenges and promise of the EU’s new Anti-Money Laundering Authority (AMLA), in unifying regulations and enhancing financial crime prevention.

Manuel Delgado + 1

How EU banking supervision is adapting to address geopolitical challenges

Discover how regulatory issues are increasingly politicized, pushing banks to enhance resilience to geopolitical risks amid fragmented policies.

Christopher Woolard CBE + 1

How EU Anti-Money Laundering laws can help spur strategic innovation

Learn how financial services firms can harness the new AML rules to shape the future of fighting financial crime and gain a competitive edge.

Manuel Delgado

    About this article

    Photographic portrait of Manuel Delgado
    Manuel Delgado
    EY Global FinCrime Solution Leader; EY EMEIA Financial Services FinCrime Solution Leader
    Passionate about the creation of sustainable value for customers, people, and society. Keen traveler.
    Related topics
    Financial services
    Anti-money laundering regulations

    EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.