eIDAS 2.0, EUDI Wallet & AMLR 2027

Trust services that must be certified under eIDAS 2.0, as well as the EUDI-Wallet, which will be available in Germany in early 2027, and above all the requirements of the EU Anti-Money Laundering Regulation (EU-AMLR), which will become mandatory in July 2027, pose major challenges for many companies.

This first part of our blog series aims to help you understand how eIDAS 2.0, the EUDI-Wallet, and the EU-AMLR are connected, before we delve deeper into the details of this regulatory trilogy in subsequent blog posts.

How are eIDAS 2.0, EUDI Wallet, and AMLR Connected?

The AMLR will largely replace existing national anti-money laundering laws starting in July 2027. Instead of varying requirements and laws in each EU member state, the goal is to establish a uniform set of rules that applies directly in all countries.

1. The EU-AMLR defines the specific due diligence obligations, data points, and risk analyses that obligated companies must fulfill to protect their systems against money laundering, terrorist financing, and other forms of financial fraud.
2. eIDAS 2.0, on the other hand, specifies which technically verified trust services can be used to implement these obligations with regard to identification solutions.
3. The EUDI-wallet plays a central role in this context in terms of each EU member state being required to offer its citizens the option of identification via a wallet. This must be interoperable so that it can be used throughout Europe – and it must be made available by obligated entities starting in January 2028 as an additional tool for identity verification.

EU Anti-Money Laundering Regulation (EU-AMLR)

The European anti-money laundering directives, first introduced in 1991 and continuously updated (most recently in 2020 with the EU-AMLD6), have been transposed into national compliance frameworks by all EU countries; in Germany, for example, the Money Laundering Act (GwG) has been binding to date.

Starting in July 2027, national anti-money laundering laws in all EU member states must be substituted by the EU-AMLR. Many companies in the financial sector are already preparing to implement the necessary measures on time, fully aware that the EU-AMLR marks a paradigm shift that will have repercussions across all areas of business, for example:

• For identification procedures, additional data must be collected and managed as part of Know-Your-Customer processes – leading to increased effort, particularly when identifying businesses
• In transaction monitoring, stricter requirements and deadlines apply for reporting suspicious transactions
• There are also tighter deadlines and requirements regarding risk analyses to be conducted, which, like personal data collection and transaction monitoring, must be significantly more data driven.

These examples demonstrate that timely and comprehensive implementation of the EU-AMLR requirements can only succeed if there is a unified understanding across the board – from management through legal departments and compliance officers to IT personnel – and if the expertise of relevant service providers is incorporated as needed.

In the Future, Additional Industries Will Fall Under the EU-AMLR

In addition to the companies already subject to the requirements, such as those in the banking sector, the AMLR expands the scope of obligated entities to include new industries. For example, (professional) soccer clubs, player agents, loan brokers, crowdfunding providers, crypto service providers, and luxury goods retailers have been added. Unlike the other obligated parties, however, soccer clubs and player agents will not be required to comply with the regulation’s obligations until 2029.

eIDAS 2.0: Technical Framework for Trusted Identity

Electronic Identification, Authentication and Trust Services (eIDAS 2.0) is a revised European Union regulation that has been in force since May 2024 and aims to make digital identities and trust services within the EU more secure, uniform, and user-friendly.

Identification procedures approved under eIDAS 2.0 must meet verified security standards and compliance assessments to be eligible for identification purposes under the EU-AML-Regulation.

Identification Methods Approved Under eIDAS 2.0

The following identification methods approved under eIDAS 2.0 are eligible as identification methods under the EU AML Regulation:

1. Nationally notified identification procedures, such as eID
2. The EUDI-Wallet
3. Identification solutions that use Qualified Electronic Trust Services, such as a Qualified Electronic Signature (QES), for verification.

VideoID and other Solutions from WebID are eIDAS 2.0 Certified and EU AML-compliant

Recently, various publications have frequently suggested that the Video-Ident procedure will no longer be permitted in the future. However, this is not accurate in such general terms. WebID’s human-based remote identification solution VideoID, for example, has been assessed for compliance with eIDAS 2.0 by the conformity assessment body TÜV NORD CERT and is therefore still permissible for identification in the context of issuing a Qualified Electronic Signature. Other identification procedures, such as TrueID, AccountID, eID, and CorporateID – the efficient and cost-effective solution for verifying companies and their beneficial owners (UBOs) – also meet the upcoming requirements and are therefore still applicable.

EUDI-Wallet

The EUDI Wallet, an EU-wide digital wallet for secure identification, document management, and signatures, is based on eIDAS 2.0. Such a wallet must be made available in every EU member state by the end of 2026; in Germany, the government-issued version is scheduled for early 2027. With the launch of the AMLR in July 2027, it must be mandatorily accepted as a high-security procedure in Know-Your-Customer processes, which entails integration efforts for the obligated companies.

At the functional level, the EUDI wallet enables the selective sharing of attributes and cross-border use for administrative and onboarding processes. It should be noted, however, that the EUDI wallet does not include image verification, which is why an increased risk of fraud cannot be ruled out.

We have provided in-depth information in the WebID glossary entry on the EUDI wallet.

As an Identity Navigator, WebID has been supporting more than 300 customers in Europe since 2012 and has already laid the groundwork to ensure that obligated companies can successfully orchestrate their identification solutions in accordance with the highest security standards.