No, The EU Will Not Require ID For Every Bitcoin Transaction

Over the weekend, swaths of posts about the European Union's latest Anti-Money Laundering package flooded finance X's timeline, claiming that the EU just passed a law that would "require ID for all Bitcoin transaction starting 2027." But the AML package in question was adopted over 1.5 years ago, and only applies to so-called Crypto Asset Service Providers (CASPs) – much of which is already in effect.

Then, just as now, what the EU's new AML laws actually say was lost somewhere between news aggregator alarmism and influencer attention grabs needing to be corrected, causing the AML package, which is actually really bad, to sound not so bad at all, because the 'worst case' that was advertised was seemingly averted.

Time is a flat circle, or, as the philosophically more gifted may say:

"New conceptions of time can only ever be thought of in relation to emerging techno-capitalist apparatuses—which themselves generate time—and it is the distribution, ordering, and arbitration of time that these apparatuses control. Capitalist time is ultimately born of strict equivalence with capital."
Alsindi, W. Z., Hampshire, M., & Seidler, P. (2023)
Twenty-Two Years of Transcendental Time Machines, MVU Press

KYCing All Custodians

First, non-custodial wallet providers, as well as hardware wallets, are explicitly excluded from the EU's new AML Regulation (AMLR), adopted in May of last year.

However, any software provider which holds custody of funds and is regulated under the EU's Markets for Crypto Assets Regulation (MiCAR) – and therefore qualifies as a CASP – is required to apply Know-Your-Customer (KYC) and Anti-Money Laundering (AML) frameworks under the AMLR starting July 2027.

MiCAR defines a "crypto-asset service" as "providing custody and administration of crypto-assets on behalf of clients," while "‘providing custody and administration of crypto-assets on behalf of clients" is defined as "the safekeeping or controlling, on behalf of clients, of crypto-assets or of the means of access to such crypto-assets, where applicable in the form of private cryptographic keys."

Under MiCAR, any custodial wallet provider who holds custody of funds and qualifies as a CASP must obtain a MiCAR license at the latest by July 2026.

Applying the Travel Rule

The AMLR additionally requires all CASPs to conduct due diligence on any payment to and from non-custodial wallets and apply so-called proof-of-ownership of any address for payments exceeding 1 000 EUR.

The AMLR's regulation of transfers to and from non-custodial wallets harmonizes the already widely in effect FATF Travel Rule, which requires CASPs to "obtain and hold the information on the self-hosted address," "ensure that the transfer of crypto-assets can be individually identified," and "assess whether that address is owned or controlled by the CASP customer where the transfer amount exceeds EUR 1 000."

While the EU originally contemplated full-on Know Your Customer (KYC) measures for such transfers, it ultimately agreed on the above risk-based approach, which includes the use of blockchain analytics as well as measures such as the 'Satoshi Test' for transactions above 1 000 EUR – requiring customers to make micro-transactions to the CASPs to prove that an address is owned by the customer.

Banning Privacy Coins

What's new in the AMLR is the explicit banning of privacy coins for CASPs, although some EU CASPs have already delisted privacy coins such as Monero.

As the AMLR reads: "The anonymity of crypto-assets exposes them to risks of misuse for criminal purposes. Anonymous crypto-asset accounts, as well as other anonymising instruments, do not allow the traceability of crypto-asset transfers, and make it difficult to identify linked transactions that might raise suspicion or to apply an adequate level of customer due diligence. In order to ensure effective application of AML/CFT requirements to crypto-assets, it is necessary to prohibit the provision and the custody of anonymous crypto-asset accounts or accounts allowing for the anonymisation or the increased obfuscation of transactions by crypto-asset service providers, including through anonymity-enhancing coins."

"Anonymity-enhancing coins" are herein defined as "crypto-assets that have built-in features designed to make crypto-asset transfer information anonymous, either systematically or optionally," while a "crypto-asset account" is defined as "an account held by a crypto-asset service provider in the name of one or more natural or legal persons and that can be used for the execution of transfers of crypto-assets."

Capping Cash Transactions at 10,000 EUR

Last but not least, the AMLR officially caps cash transactions for business purposes at 10,000 EUR and requires merchants to identify its customer when conducting cash transactions over 3,000 EUR. As the AMLR reads:

"Persons trading in goods or providing services may accept or make a payment in cash only up to an amount of EUR 10 000 or the equivalent in national or foreign currency, whether the transaction is carried out in a single operation or in several operations which appear to be linked," and "to ensure that the measures are proportionate with the risks posed by transactions of a value lower than EUR 10 000, such measures should be limited to the identification and verification of the customer and the beneficial owner when carrying out occasional transactions in cash of at least EUR 3 000."

However, the regulation allows member states to set and maintain far lower limits, which many members have already chosen to do. For example, in Spain and France, cash transactions are already limited to 1,000 EUR.

Independent journalism does not finance itself. If you enjoyed this article, please consider making a donation. If you would like to note a correction to this article, please email corrections@therage.co