Article 8 Reliable and independent sources of information


This is a draft act

This text has been parsed from the AMLA consultation paper draft as published on 9 February 2026. While we run a suite of validations, the automated parsing can result in errors. Also, before it is finally adopted by the Commission, its wording, numbering and references may change, and entire articles might be removed or added.

Summary What does Article 8 of the RTS on customer due diligence say?

This article provides the criteria by which obliged entities must evaluate whether a source of information qualifies as reliable and independent.

It is a supporting article that underpins verification obligations found elsewhere in the regulation, particularly where obliged entities are required to use reliable and independent sources to verify customer identity.

Rather than leaving that standard undefined, Article 8 sets out the specific factors that must be assessed when making that determination, applying a risk-sensitive approach throughout.

Important points:

  • Assess each information source against the five criteria listed, covering credibility, official status, currency, accuracy, and vulnerability to forgery.
  • The obligation falls on obliged entities, who must apply risk-sensitive measures when carrying out this assessment.
  • The ease with which identity data can be forged is an explicit consideration, meaning digital or easily manipulated sources warrant closer scrutiny.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

  1. In order to determine whether a source of information is reliable and independent, obliged entities shall take risk-sensitive measures to assess:

    1. the credibility of the source, including its reputation;

    2. the official status and independence of the information source;

    3. the extent to which the information is up-to-date;

    4. the accuracy of the source, based on whether the information or data provided had to undergo certain checks before being provided or is consistent with other sources;

    5. the ease with which the identity information or data provided can be forged.

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod