Article 20 Minimum requirement for customer identification in situations of low risk


This is a draft act

This text has been parsed from the AMLA consultation paper draft as published on 9 February 2026. While we run a suite of validations, the automated parsing can result in errors. Also, before it is finally adopted by the Commission, its wording, numbering and references may change, and entire articles might be removed or added.

Summary What does Article 20 of the RTS on customer due diligence say?

This article sets out the minimum identification information that obliged entities must collect from customers in low-risk situations.

It operates as a floor for compliance, distinguishing between two types of customer: natural persons and legal entities.

For individuals, the required data points cover names, birth details and nationality or status.

For legal entities, the focus shifts to structural and registration information.

The article sits within the broader simplified due diligence framework, representing the baseline that applies when the risk level does not require more intensive measures.

Important points:

  • In low-risk situations, collect at minimum names, place and date of birth, and nationality (or statelessness/protection status) for natural persons.
  • For legal entities, collect legal form, registered and trade names, registered office address, and where available, a registration or tax identification number or legal entity identifier.
  • The same minimum identification requirements extend to any person acting on behalf of the customer or for whose benefit a transaction or activity is being carried out.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

    1. In situations of low risk, obliged entities shall obtain at least the following information to identify the customer and the person purporting to act on behalf of the customer:

      1. for a natural person:

        1. all names and surnames;

        2. place of birth;

        3. date of birth;

        4. nationalities of the natural person or their statelessness, refugee or subsidiary protection status.

      2. for a legal entity and other organisations that have legal capacity under national law:

        1. the legal form;

        2. the registered name of the legal entity and its trade name where it differs from its registered name;

        3. the address of the registered office; and

        4. where available, the registration number or tax identification number, or the legal entity identifier.

    1. Paragraph 1 shall also apply to persons on whose behalf or for the benefit of whom a transaction or activity is being carried out.

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod