AMLR: What changes in 2027?

AMLR: the new EU Anti-Money Laundering Regulation explained

Anti-Money Laundering (AML) directives may be European in origin, but in practice they have been implemented twenty-seven different ways across twenty-seven Member States. This ‘regulatory patchwork’ has resulted in; increased compliance costs, complicated operational designs, and avoidable friction to customer journeys. 

The Anti-Money Laundering Regulation (AMLR) is a new, directly applicable EU law that takes effect on 10 July 2027 across all EU Member States. Its main goal is to replace divergent national implementations of  AML directives with a single, harmonised rulebook.  

For UK businesses, AMLR applies when you operate branches or subsidiaries in the EU, provide regulated services into the EU, or otherwise conduct activities within the EU that fall under the scope of EU AML rules. 

This guide walks you through the key changes, gives you practical readiness checks to start today, and details how Docusign can support your new compliance obligations. 

5 key changes under the EU AMLR (Effective July 2027)

The EU’s new AMLR introduces five headline shifts that will reshape how businesses operating in the EU handle anti-money laundering. From July 2027, obliged entities across the EU will operate under a single, directly applicable rulebook, replacing the fragmented directive-based system. Here are the five changes that matter most.

1. From directive to directly applicable regulation

The new AMLR replaces patchwork national directives with a single regulation imposed across all Member States from 10 July 2027. As opposed to having country specific interpretations of the EU’s existing AML regulations, now every obliged entity will need to follow the exact same rulebook, reducing cross-border friction and supervisory inconsistency. Some risk-based discretion remains, but the era of 27 divergent AML regimes is effectively over.

2. Enhanced customer due diligence and AML monitoring

Customer due diligence now applies to occasional transactions of €10,000 or more (whether single or linked). Cash-intensive activities face tighter identity-verification rules, with lower thresholds for certain traders and goods. 

Simplified due diligence is restricted  to genuinely low-risk scenarios. AMLR emphasises ongoing, risk-based monitoring. It does not impose fixed refresh cycles (e.g., “every five years”), but supervisors are expected to require more frequent  updates for higher-risk clients.

3. Beneficial owner transparency and Article 75 limits

Beneficial ownership threshold shifts from "more than 25%" to "25% or more," widening the net of reportable ‘Ultimate Beneficial Owners’ (UBOs). Article 75 introduces an EU-wide €10,000 cash payment , with targeted exemptions. Obliged entities must verify whether customers are subject to EU targeted financial sanctions, embedding sanctions screening into the core AML framework.

4. Expanded scope to include crypto and high-value goods

Crypto-asset service providers, crowdfunding platforms, and certain digital investment services join the obliged-entity list, aligning AMLR with the Markets in Crypto-Assets (MiCA) regulatory framework. High-value goods traders – including  jewellery, luxury items, art, vehicles, and certain sports organisations – are brought into scope due to their exposure to cash-based laundering risks. This expansion reflects the EU’s focus on non-financial sectors as key AML vulnerabilities.

5. Stronger enforcement, RTS timeline and EU-Level oversight

The new EU Anti-Money Laundering Authority (AMLA) will coordinate supervision, directly oversee selected high-risk cross-border institutions, and issue Regulatory Technical Standards (RTS) by 10 July 2026. Maximum administrative penalties increase significantly  – up to €10 million or 10% of annual turnover (whichever is higher) for serious breaches (depending on entity type). Financial Intelligence Units (FIUs) gain stronger powers, including faster access to information. AMLR requires obliged entities to respond to FIU requests promptly, with specific deadlines for certain types of information. Under the new AMLR regulation, a FIU is a central national agency that’s responsible for receiving, analysing, and disseminating information, notably Suspicious Activity Reports (SARs). 

Whilst AMLR is technology-neutral, it aligns with the EU’s digital identity framework under eIDAS 2.0, paving the way for  trusted digital  identity solutions and reducing reliance on manual, document-heavy onboarding.

What AML means and why the AMLR matters to organisations based outside the EU 

AML stands for anti-money laundering, the  set of laws and controls designed to prevent criminals from hiding or legitimising illicit funds. The AMLR is the EU's new Anti-Money Laundering Regulation, a directly applicable  rulebook that will replace the fragmented  directive-based framework from 10 July 2027 onwards.

This new rulebook harmonises  how customers and businesses are identified, how beneficial owners are verified, and how ongoing risk is monitored. It also supports Europe’s move towards strong electronic identification, aligned with  eIDAS 2.0, notified electronic IDs, Qualified Trust Services, and the European Digital Identity (EUDI) Wallet.

Why should businesses outside of the EU care? Organisations outside the EU should care because the AMLR applies to non-EU companies operating EU branches or subsidiaries, forming business relationships with EU-obliged entities, or otherwise conducting regulated activities within the EU. The shift from directives to a directly applicable regulation means one unified set of customer due diligence standards across all Member States, eliminating national variations.

How can Docusign help you prepare for AMLR checks?

As a registered EU Qualified Trust Service Provider (QTSP), Docusign offers an extensive portfolio of high-assurance identity verification and digital signature solutions that align with the AMLR’s strengthened requirements for customer identification and electronic trust services. As organisations begin preparing for the regulation’s implementation, many can start today by integrating Docusign’s capabilities into their onboarding and agreement processes, helping ensure they are well-positioned ahead of the AMLR’s full application .

Robust remote identity verification capabilities (including automatic ID verification, biometric checks, and integrations with local third-party Trust Service Providers) can be  embedded directly into a digital agreement workflow or used independently. This flexibility allows organisations to conduct different types of AMLR-aligned  identity checks at the appropriate  stages of the customer journey. Docusign leverages its experience in digital identity and trust services to guide customers through these changes, focusing on integrated workflows that reduce complexity while  strengthening trust and security.

For agreements that require higher levels of assurance, our digital signature solutions support UK and EU eIDAS-compliant Advanced (AES) and Qualified Electronic Signatures (QES). These types of digital signatures help organisations meet stringent verification and regulatory expectations for high-value or regulated transactions, while maintaining a streamlined experience for recipients. By providing strong identity binding, clear evidence of, intent, and tamper-evident audit trails, they support organisations in fulfilling  Customer Due Diligence (CDD) requirements under Anti-Money Laundering (AML) regulations.

All recipient identity information and agreement evidence are  securely captured, stored, and centrally accessible within a unified platform. This supports consistent record keeping and provides efficient support for audits, regulatory reviews, and ongoing compliance needs, creating a secure, end-to-end identity and agreement experience.

Finally, drawing on our extensive experience supporting organisations across the EU, Docusign is well  positioned to help customers  navigate the complexities of the new EU AMLR. By relying on Docusign’s integrated platform, organisations can begin preparing for AMLR now without rebuilding onboarding processes from scratch. Flexible and customisable workflows adapt to each organisation’s compliance requirements while maintaining a seamless customer experience.

AMLR FAQ

What does AMLR stand for?

AMLR stands for Anti-Money Laundering Regulation, formally Regulation (EU) 2024/1624. Its purpose is to establish a single, harmonised rulebook to prevent the misuse of the EU’s financial system for money laundering or terrorist financing.

What is the AMLR and when does it apply?

The AMLR is an EU regulation that will apply directly in all Member States from 10 July 2027. It replaces fragmented national implementations with a single, harmonised rulebook covering customer due diligence, beneficial ownership verification, ongoing monitoring and reporting obligations for financial institutions and other obliged entities.

What are AML red flags?

Red flags include transactions involving high-risk jurisdictions, unexplained or inconsistent sources of funds, and discrepancies in  beneficial ownership information. Other warning signs usually include;  large cash payments, structuring activity designed to avoid reporting thresholds, and customers who are reluctant or unwilling to provide required due diligence documentation.

I am based outside the EU but have subsidiaries within the region. Does the new AMLR regulation apply to me? 

Yes, potentially. The AMLR applies to entities operating within the EU, including EU-based subsidiaries of non-EU parent companies. If your EU-based subsidiaries qualify as ‘obliged entities’ (such as financial and credit institutions, investment firms, real estate agents, or other regulated professions) under the regulation, they must comply with the AMLR’s requirements. While the parent company itself may not be directly subject to the regulation, group-level policies, oversight and risk-management are likely to  be impacted.

Keen to learn more? Contact our team today.

DISCLAIMER: The information in this article is for general information purposes only and is not intended to serve as legal advice. Laws governing the subject matter may change quickly, so Docusign cannot guarantee that all the information on this site is current or correct. Should you have specific legal questions about any of the information on this site, you should consult with a licensed attorney in your area.