The EU’s upcoming AMLR is poised to introduce sweeping reforms for VLOPs and digital marketplaces, marking the next major regulatory shift after the Digital Services Act (DSA) took effect in 2025.
Together with PSD3 and the Payment Services Regulation (PSR), due in early 2027, the new regime will pull online platforms into a unified payments and compliance framework, redefining their obligations across Europe, said Moody’s.
Over the past decade, many VLOPs and major marketplaces have expanded aggressively into financial services, embedding payment tools into their wider product ecosystems. PSD2 initially enabled this shift by allowing technology firms to offer payment initiation, account information and electronic money services through carve-outs. Those exemptions, however, are set to expire in March 2026, meaning firms that wish to continue providing these services will need to meet full payment services requirements. This includes activities such as holding customer funds, enabling transfers and providing wallet-based products.
The AMLR – Regulation (EU) 2024/1624 – will widen the definition of a correspondent relationship to include not only banks, but also credit and financial institutions and crypto-asset service providers involved in payments, securities and cross-border transfers. The broad scope means the global payment functionality embedded in many VLOPs could fall directly under enhanced AML obligations, bringing them closer to the standards traditionally reserved for regulated financial institutions.
As platforms increasingly process payments, onboard merchants and facilitate transactions across borders, they will face deeper financial crime responsibilities. Firms will be required to carry out enhanced due diligence, perform ongoing monitoring of customers and merchants, and store and share data in ways that meet European AML standards. This represents a significant operational shift for platforms accustomed to lighter regulatory expectations.
The DSA also strengthens expectations around customer verification. VLOPs and digital marketplaces will need to establish robust processes to verify the legitimacy of business users, maintain additional documentation and engage more closely with regulators. These obligations sit alongside the operational risks linked with payments resilience, financial crime exposure and content integrity, creating more complex compliance ecosystems across major platforms.
Under the AMLR, requirements will expand further to include stronger customer authentication, stricter due diligence and more advanced transaction monitoring. Responsibilities for fraud liability will also grow, particularly for digital wallets and payment gateways embedded within marketplace environments. The result is a higher baseline of consumer protection and a clear expectation that platforms take ownership of fraud and AML risks within their systems.
Despite these challenges, the evolving regulatory environment also offers opportunities for innovation. As payments, embedded finance, digital identity and crypto increasingly converge, VLOPs and marketplaces can rethink how they structure compliance frameworks. Many will need to reassess whether a payment licence is required, as PSD3 is expected to make unregulated intermediary activity far more difficult.
Strengthening fraud prevention and consumer protection frameworks will be essential. Firms entering regulated territory may need to deploy more advanced screening, broaden authentication procedures and introduce upgraded verification checks. This will likely extend to KYC, KYCC and AML measures, ensuring that platforms can identify beneficial owners, assess customer risk and create auditable data flows for both fiat and crypto-related services.
Technical preparation will play a key role. Many firms will need to align with new expectations around open banking, consumer data portability and API standardisation. Stronger governance, documentation and reporting structures will also be required, particularly for those placed under direct regulatory supervision. Platforms facilitating cross-border payments may need to enhance reporting systems to satisfy regulator expectations around transparency and traceability.
Ultimately, VLOPs and digital marketplaces that embrace these changes stand to benefit. By investing in compliance, strengthening operational resilience and demonstrating robust financial crime controls, they can build trust with both regulators and global users. As AMLR and PSD3 tighten obligations, the firms that act early will be best positioned to operate securely and credibly across Europe’s digital economy.
Copyright © 2025 RegTech Analyst
Copyright © 2018 RegTech Analyst
