Article 1 Proportionality and risk-based approach


This is a draft act

This text has been parsed from the AMLA consultation paper draft as published on 9 February 2026. While we run a suite of validations, the automated parsing can result in errors. Also, before it is finally adopted by the Commission, its wording, numbering and references may change, and entire articles might be removed or added.

Summary What does Article 1 of the RTS on customer due diligence say?

This is a short but foundational article that establishes the overarching principle governing the entire Regulation: the risk-based approach.

It sets the tone for everything that follows by making clear that obliged entities are not expected to apply a one-size-fits-all framework, but rather to calibrate both the information they gather and the measures they take to the specific type and level of risk they identify.

Important points:

  • Apply all measures under this Regulation in line with the risk-based approach.
  • The extent and nature of information gathered must be commensurate with the risk identified.
  • Obliged entities must ensure their measures enable them to manage and mitigate that risk appropriately.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

  1. This Commission Delegated Regulation (‘Regulation’) shall be applied in line with the risk-based approach. The extent and the nature of the information to be obtained and the measures to be applied by obliged entities shall be commensurate with the type and level of risk identified and shall enable obliged entities to manage and mitigate that risk appropriately.

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod