Get access

Regulatory

Five EU regulations. One verification layer.

The EU's payment compliance landscape is being rebuilt from the ground up. VoP is live. AMLR is coming. PSR doubles the scope. sikker.me is architected for the full wave sequence — not patched for each new requirement as it arrives.

EU regulatory compliance verification

Timeline

Where we are. Where we're going.

Oct 2025 — Live

Verification of Payee (IPR 2024/886)

Mandatory for all Eurozone PSPs. 34% of transactions return grey-zone results — no automated resolution path exists. Every decision must be documented.

What VoP does

Before a SEPA credit transfer, the payer's bank sends a name-IBAN consistency check to the payee's bank. Four results: Match / Close match / No match / Unable to verify.

What VoP cannot do

  • Check government registries (only the bank's own record)
  • Detect company dissolution, director changes, ownership transfers
  • Resolve its own grey-zone results (close match / unable to verify)
  • Monitor changes after the payment check runs
  • Cover non-SEPA or non-euro payments (until PSR/PSD3, ~2028)

Compliance consequence

A PSP that executes on a no-match result without documenting it loses the PSD2 liability shield under Article 5c(9) of the IPR. For B2B payments the liability framework is different — corporate payers bear more responsibility, but the PSP's documentation burden remains: every grey-zone decision must be recorded and defensible in a regulatory examination.

Jul 2026 — 9 weeks

AMLA submits CDD RTS to European Commission

The RTS will define which sources qualify as "reliable and independent" for identity verification under Article 22(6)(a). Requirements apply July 2027. Procurement clock: 6–9 months.

Article 22(6)(a) is already in force: identity verification must use "reliable and independent sources." Government registries — Firmenbuch, Handelsregister, KvK, and equivalents — are the authoritative record at source. Aggregators are downstream of the same data with added latency. That distinction matters to a regulator reviewing your methodology today, not just after the RTS enters into force.

From July 10, 2027: the RTS codifies this standard precisely. sikker.me is registry-primary from day one.

Jul 2027

AMLR Regulation 2024/1624

Factoring and invoice financing become obliged entities. Explicitly named under CRD IV Annex I, Point 2. No size threshold. No exemption for dedicated businesses.

Key obligations

  • Art. 22(6)(a): verify against reliable, independent sources — official government registries
  • Art. 26: continuous monitoring, mandatory 12-month or 5-year update cycles, event-triggered refresh
  • Art. 20(1)(h): identify natural persons for whose benefit transactions are conducted (directors, UBOs)

Penalties: up to 10% of annual turnover or €10M.

2027–2028

PSR / PSD3

VoP extends to all EU currencies and RTGS flows. Platform liability for fraud originating on their infrastructure.

Dec 2027

eIDAS 2.0

EUDI Wallet acceptance mandatory for PSPs. Legal entity QEAAs: company attributes verifiable via wallet.

Coverage

Built for the sequence. Not patched for each wave.

RegulationObligationsikker.me
VoP / IPR 2024/886liveResolve grey-zone results. Document liability basis. Registry verdict. Full audit trail.
AMLA CDD RTSJul 2026Registry-sourced verification as compliance baseline. Registry-primary architecture
AMLR Art. 22(6)(a)Jul 2027Verify against reliable, independent sources. Direct government registry integrations
AMLR Art. 26Jul 2027Continuous monitoring + documented update cycles. Automated monitoring + refresh records
PSR / PSD3~2028VoP for all EU currencies and RTGS flows. Multi-registry, multi-jurisdiction

Built for compliance. Ready today.

Request API access Read the technical whitepaper