New Minimum Corresponding Attributes under Draft RTS CDD

New Minimum Corresponding Attributes under Draft RTS CDD

With the adoption of Regulation (EU) 2024/1624 (AMLR), Customer Due Diligence (CDD) in the EU is no longer a primarily procedural obligation. It is transformed into a data-driven, auditable and technically enforceable framework.

The Draft RTS CDD specifies:

  • which data must exist,
  • when it must be collected,
  • how it must be verified, and
  • how digital identification may be used without reducing AML scope.

The Draft RTS CDD does not merely refine existing AML practice. It re-engineers CDD as a structured dataset, designed to be inspected, reproduced and validated by supervisors.

The Draft RTS CDD

A fully structured CDD architecture

Across Sections 1–9, the Draft RTS CDD establishes a complete CDD operating model:

  • Identification and verification of customers, beneficial owners, representatives and beneficiaries (Sections 2–3).
  • Explicit handling of special constellations, including trusts, discretionary trusts, complex ownership structures and collective investment undertakings.
  • Risk-calibrated regimes for simplified and enhanced due diligence (Sections 5 and 6).
  • Continuous obligations for PEP identification and targeted financial sanctions screening (Sections 4 and 7).
  • Strict rules for digital onboarding, electronic identification and qualified trust services (Section 9).

CDD under the Draft RTS CDD is no longer a static onboarding snapshot. It is a time-stamped, versioned and trigger-based control system.

Electronic Identification

The most consequential provision for digital onboarding is Article 32 Draft RTS CDD.

It clarifies that:

  • Electronic identification means and qualified trust services are permitted under Article 22(6)(b) AMLR.
  • But they are acceptable only if they expose the attributes required to comply with:
    • Article 20 (1)(a)–(b) AMLR (identify and verify customer and beneficial owner), and
    • Article 22 (1) AMLR (mandatory identity data points).

To operationalise this, Article 32 (1) Draft RTS CDD introduces Annex I – the list of “minimum corresponding attributes”.

This is the pivotal shift:
eID is no longer assessed by assurance level alone, but by attribute completeness.

What are “minimum corresponding attributes”?

A bridge, not a new identity system

Annex I of the Draft RTS CDD does not invent new identity data. Instead, it:

  • Takes the mandatory identification requirements of Article 22 (1) AMLR, and
  • Maps them to the technical attributes that electronic identification solutions must expose.

For natural persons, this includes, inter alia:

  • all names and surnames,
  • place and date of birth,
  • nationality,
  • address (where applicable),
  • national identification number and tax ID (where available).

For legal persons and other entities, it covers:

  • legal name and form,
  • registered office and country of creation,
  • identifiers (registration number, tax ID, LEI),
  • representatives and nominee constellations.

Crucially, Annex I of the Draft RTS CDD is normative. If an attribute required by the AMLR is missing from the electronic identity, the CDD is incomplete by definition.

Draft RTS CDD vs. Commission Implementing Regulation (EU) 2024/2977

What is the Commission Implementing Regulation (EU) 2024/2977?

Commission Implementing Regulation (EU) 2024/2977 of 28 November 2024 lays down the technical specifications for Person Identification Data (PID) and electronic attestations of attributes used in European Digital Identity Wallets (EUDI Wallets).

It defines:

  • the attribute universe for digital identity,
  • which attributes are mandatory and which are optional, and
  • how identity data must be encoded, issued and validated.

PID mandatory is not equal to AMLR sufficient

Under Commission Implementing Regulation 2024/2977:

  • Mandatory natural-person PID attributes are limited to:
    • family name,
    • given name,
    • date of birth,
    • place of birth,
    • nationality.
  • Mandatory legal-person PID attributes are even more limited:
    • current legal name,
    • a Member-State identifier.
  • Address data, national IDs, tax IDs, LEI and many AML-relevant elements are optional.

This creates an unavoidable tension:

What is technically optional under eIDAS can be legally mandatory under AMLR.

Annex I of the Draft RTS CDD resolves this tension by acting as a selection and elevation layer:

  • It selects the relevant attributes from the PID universe.
  • It treats them as mandatory for CDD purposes, regardless of their optional status in the eIDAS framework.

Why this changes AML/CFT fundamentally?

The combined effect of:

  • Article 22 AMLR,
  • Article 32 and Annex I of the Draft RTS CDD, and
  • Commission Implementing Regulation (EU) 2024/2977

is profound:

  • Assurance level (“substantial” or “high”) is necessary but not sufficient.
  • Supervisors will assess attribute-level completeness, not onboarding convenience.
  • Obliged entities must be able to demonstrate:
    • which AMLR attributes were obtained via eID,
    • which were missing,
    • and how gaps were closed.

Digital onboarding is therefore no longer an IT question. It is a regulatory data-architecture question.

Downloads

ANNEX I – List of attributes referred to in Section 9Herunterladen
ANNEX – TECHNICAL SPECIFICATIONS FOR PERSON IDENTIFICATION DATAHerunterladen

Sources:

EBA response to EC CfA on six AMLA mandates 2025 10 30Herunterladen
OJ_L_202402977_EN_TXTHerunterladen

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert