AMLA RTS Deadline 10 July 2026: What's Actually Going to Be Published

On 10 July 2026, the EU's new Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA) — headquartered in Frankfurt and operationally stood up under Regulation (EU) 2024/1620 — must submit its first statutory package of Regulatory Technical Standards (RTS) to the European Commission for adoption. This is the moment when the headline obligations of the Anti-Money Laundering Regulation (AMLR) — Regulation (EU) 2024/1624 — stop being aspirational principles in a Level-1 text and start hardening into binding, directly-applicable Level-2 standards.

For CASPs, EMIs, PIs, credit institutions, and the wider population of obliged entities under AMLR, this is not a procedural milestone in Frankfurt — it is the deadline that fixes what your AML programme will be measured against once AMLR fully applies on 10 July 2027. The 12-month window between RTS submission and full application is short. The 4–6 week period immediately before 10 July 2026 — what we call the AMLA RTS readiness window — is the practical window in which obliged entities should pre-position their programme uplift so they are not racing the standard during the year of application.

This article walks through what is actually expected to be in the first RTS package, the four high-stakes topic areas (CDD methodology, beneficial-ownership thresholds, sanctions-screening expectations, Travel Rule integration), what each one will mean for the affected obliged-entity classes, and a checklist of pre-deadline actions that buys the maximum optionality for the year-of-application sprint.

AMLA was established under Regulation (EU) 2024/1620¹^[1] with three statutory functions: direct supervision of selected high-risk obliged entities (the "selected obliged entities" cohort, phased in from 2028), indirect supervision of national competent authorities (NCAs) across the EEA, and rule-making — drafting the RTS, ITS and Guidelines that put operational meat on the AMLR's bones. The 10 July 2026 deadline is a rule-making milestone.

The Level-1 text — the AMLR²^[2] — already exists and was published in the OJ in mid-2024. It establishes the EU's single rulebook for AML/CFT: directly-applicable obligations on CDD, EDD, beneficial ownership, PEP screening, sanctions-list screening, reliance on third parties, group-wide policies, and the special regime for the crypto sector that absorbs and extends the FATF Travel Rule. AMLR replaces the directive-based regime and ends the divergent national transposition of 6AMLD.

The Level-2 text is the RTS package. The Level-1 obligations are written at a level of generality that gives obliged entities very little to act on operationally. The RTS specify how — what data must be collected, what the screening cadence is, what the beneficial-ownership thresholds reduce to in practice, what the Travel Rule integration with sanctions screening looks like in operational terms. 10 July 2026 is the deadline for AMLA to deliver this package to the Commission for adoption. Adoption itself follows over the following months and the standards then apply alongside AMLR from 10 July 2027.

The Commission issued a Call for Advice to the European Banking Authority (EBA) in March 2024, asking the EBA to do the foundational drafting on the new AMLA mandates while the new authority was being stood up. The EBA ran its public consultation on four draft RTS³^[3] through to 6 June 2025 and submitted its response on 31 October 2025. AMLA took the work over from there, and is now consulting in its own name on the refined drafts.

AMLA's draft RTS on Customer Due Diligence⁴^[4] under Article 28(1) AMLR was published as a consultation paper on 9 February 2026 and the consultation period closed 8 May 2026. Three further drafts — on the criteria for identifying business relationships, occasional and linked transactions; on pecuniary sanctions, administrative measures and periodic penalty payments; and on the operations of AMLA itself — are at parallel stages. These are the texts whose final form will be locked into the package submitted to the Commission on 10 July 2026.

The practical implication: the shape of the binding standard is already visible in the consultation drafts. Final-form changes are typically calibration — thresholds, scope carve-outs, transitional periods — rather than wholesale redesign. An obliged entity that reads the consultation drafts and maps its current state today is not making a speculative bet; it is reading the operational standard with a few months of risk.

The CDD methodology RTS is the most operationally consequential of the four. It sits under Article 28(1) of the AMLR and specifies — in directly-applicable detail — the data and documents an obliged entity must collect, the verification methods that satisfy the standard, the rules for remote onboarding, and the trigger-events for re-verification across the customer lifecycle.

For CASPs, the standard imports concepts already familiar from MiCA — strong customer authentication, secure remote onboarding — and bolts them onto a CDD framework. The on-chain identity layer (wallet attribution, source of crypto-assets) is not a separate workstream under the RTS; it is folded into the CDD evidence file. Expect explicit data-quality requirements on wallet provenance and on the documentation behind source of crypto-funds — the crypto analogue of source-of-funds for fiat customers.

For EMIs and PIs, the changes are most acute on remote onboarding and on the data fields collected for corporate customers. The RTS specifies what "identification data" actually means at the field level — going beyond the directive's "reliable and independent source" formulation that left member states wide latitude. Onboarding flows that pass under PSD2 / EMD2 today on a thin data set will need to expand the corporate questionnaire and the documentary attestation set.

Programme uplift cost is concentrated in three places: vendor reconfiguration (KYC platforms updated to capture new mandatory fields), document-template overhaul (corporate onboarding packs, individual ID-verification flows), and back-book remediation (existing customer files re-verified to the new standard during the year of application). Our AMLR Readiness 12-Month Roadmap sequences this work explicitly.

AMLR retains the 25% control or ownership headline threshold for beneficial-ownership identification but explicitly empowers a reduced threshold for higher-risk obliged-entity categories — specifically, sectors whose risk profile justifies tighter UBO transparency. The RTS will set the categories and the reduced figure. The market expectation is a step down toward 15% or 10% for crypto-asset, gambling-adjacent, and certain corporate-services sectors.

The operationally hard part is not the headline number, it is the aggregation rules the RTS will codify: how multiple stakes through nominee structures, trusts, and intermediate holding companies are summed up to identify the natural person at the top. AMLR is explicit that nominee arrangements are no longer an acceptable shield; the RTS will specify the documentary cascade an obliged entity is expected to walk before declaring "no UBO identifiable" — and the SAR-trigger consequences of that declaration.

The CASP-specific question — whether a token holder's economic interest in a DAO or token-issuer entity counts toward UBO threshold calculation — is one of the genuine uncertainties remaining in the consultation. Watch for how the final RTS treats it; for many crypto-native obliged entities this single question is the difference between a manageable UBO file and a substantial back-book remediation programme.

Article 20(1)(d) of AMLR makes targeted financial sanctions screening of customers and beneficial owners a CDD obligation rather than a separate sanctions-control workstream. Article 29 of the draft CDD RTS makes this operational: automated screening tools and/or manual checks, carried out at customer onboarding and on a defined regular cadence thereafter, against the EU consolidated sanctions list and the relevant UN designations.

The structural change is not the obligation — most obliged entities already screen — but the evidencing requirement. The RTS will require a documented screening policy: list sources, screening cadence, fuzzy-match tolerance, alert-disposition workflow, escalation criteria, and the audit trail for each cleared alert. "We use a vendor" will not satisfy the standard. Expect inspectors during the year of application to ask not whether you screen, but whether your screening configuration is documented to AMLA-RTS specification.

For obliged entities with material PEP-adjacent or geo-risk customer bases, the screening configuration is also where the "effectiveness test" lives — supervisors increasingly look for evidence that the screening is calibrated to the entity's actual risk profile, not run on default vendor settings. An AML audit before the year of application begins is the cleanest way to surface the gap.

The Travel Rule — the FATF Recommendation 16 requirement that originator and beneficiary information accompany value transfers — is implemented in the EU through Regulation (EU) 2023/1113 (the Transfer of Funds Regulation, TFR) and applies to crypto-asset transfers from 30 December 2024. AMLR does not duplicate the TFR; it integrates the Travel-Rule data flow into the CDD perimeter for CASPs. The RTS will specify how originator/beneficiary data should be captured, retained, screened, and exchanged with counter-party VASPs.

The substantive expectations are: data-quality thresholds (what counts as "sufficient and accurate" originator information), counter-party VASP diligence (the documentation file the CASP keeps on each VASP it transmits to or receives from), unhosted-wallet treatment (the Travel-Rule treatment of self-hosted wallets above the €1,000 threshold), and sanctions-screening integration (the originator/beneficiary screened against the same sanctions configuration used for the customer base).

For CASPs operating cross-border within the EEA, the integration RTS is what unifies the divergent national interpretations of the TFR that have appeared in the 18 months since its application. For CASPs handling non-EEA correspondent flows, the RTS will codify the diligence file expected on third-country counter-party VASPs — converging on the FATF "sunrise" expectations that the EU is operationalising ahead of the FATF mutual-evaluation cycle.

The checklist is deliberately framed around evidence: what an inspector or an NCA review would expect to see during the year of application. The pre-deadline window is for producing the evidence now, while there is still calibration room with vendors and within the firm's own change cycle, rather than under inspection pressure in 2027.

AMLR fully applies on 10 July 2027 — exactly one year after the first RTS-package deadline. That year is the operational runway for obliged entities and for NCAs to align on the binding standards. Direct AMLA supervision of selected obliged entities phases in from 2028. Between 10 July 2026 (RTS submission) and 10 July 2027 (application), the package goes through Commission adoption and Council/Parliament scrutiny in parallel with the obliged-entity uplift programme.

The realistic 12-month sequence inside the firm: Q3 2026 — final-RTS gap analysis against the version submitted to the Commission. Q4 2026 — vendor reconfiguration scoped, contracted, and underway; back-book remediation plan signed off. Q1 2027 — new onboarding flows live; EDD trigger list refreshed; group policy v2 in force. Q2 2027 — back-book remediation in flight; pre-application internal audit; NCA-readiness pack assembled.

For firms that already meet a credible 6AMLD baseline, the AMLR uplift is meaningful but not transformative. Our AML compliance under 6AMLD guide stays the foundational reference. For firms that have been operating to the lower-bound interpretation of national 6AMLD transpositions, AMLR is a step change — and the readiness window is where that change starts.

No. 10 July 2026 is the AMLA RTS submission deadline — the date by which AMLA must deliver the first package of RTS to the European Commission for adoption. The standards become binding alongside AMLR's full application on 10 July 2027. Treat the 12 months between as your implementation runway, not as optional time.

The 4–6 week period immediately before 10 July 2026 in which obliged entities should pre-position their AML programme uplift against the near-final RTS drafts. The final-form drafts are visible in the AMLA consultations that closed in May 2026; the readiness window is the practitioner moment to translate those drafts into a costed, owned, sequenced internal programme before the standard is locked in.

Functionally, yes. AMLR is a regulation (directly applicable) replacing the directive-based regime that culminated in 6AMLD. The companion AMLD6 (the new directive accompanying AMLR) deals with member-state-level institutional architecture; the substantive obligations on obliged entities live in AMLR and the RTS. The fragmented national transpositions of 5/6AMLD will give way to a single EU-wide rulebook from 10 July 2027.

Only if you fall into the "selected obliged entities" cohort that AMLA will directly supervise from 2028 — a population of approximately 40 institutions selected on risk-based criteria (cross-border footprint, customer-base risk profile, sector). All other obliged entities remain under NCA supervision, but the NCAs themselves operate under AMLA's coordination and the same RTS. Direct supervision changes the supervisor; it does not change the standard.

For most obliged entities: a documented gap analysis between the firm's current CDD field set and the data set specified in the AMLA draft CDD RTS Article 28(1). That document scopes the vendor reconfiguration, the document-template overhaul, and the back-book remediation programme — the three workstreams that dominate the year of application. Without it, the year-of-application sprint is reactive.

• AMLR Readiness — 12-Month Roadmap — the operational sequencing of the year-of-application uplift programme.

• AML Compliance for Crypto Firms under 6AMLD — the existing baseline AMLR builds on.

• AML Audit for a Crypto Firm — pre-application internal audit framework that surfaces RTS gaps.

• AML Compliance Retainer for CASPs — ongoing programme support across the year of application.

• Compliance Advisory — our service: gap analysis, RTS-readiness programme design, NCA-readiness pack.

The 10 July 2026 deadline does not change the AML/CFT regime overnight; it locks in the standard against which the regime will be measured for the rest of the decade. Obliged entities that treat the readiness window as a calibration moment — finalising vendor configuration, evidencing screening policy, mapping UBO files at the lowered threshold, auditing Travel-Rule diligence — start the year of application with optionality. Those that wait for the standard to apply start it under inspection pressure. The window is open now. Use it.