The European Union has approved anti-money laundering rules that will ban regulated crypto firms from supporting privacy coins while leaving direct Bitcoin transfers between private wallets outside the scope of mandatory identification requirements.
- EU AML rules will bar regulated crypto firms from supporting privacy coins starting July 2027.
- Bitcoin transfers between self-hosted wallets remain outside direct EU identity verification requirements.
- The regulation also introduces a €10,000 cash payment cap and stricter KYC rules for crypto transactions.
According to Regulation (EU) 2024/1624, which will take effect on July 10, 2027, crypto-asset service providers operating in the bloc will face stricter customer verification obligations and new restrictions on services that enhance transaction anonymity.
The regulation arrives alongside a bloc-wide €10,000 (around $11,500) limit on commercial cash payments and introduces additional compliance requirements for several industries considered vulnerable to money laundering risks.
Bitcoin transfers between private wallets remain outside AML checks
Under the new framework, regulated crypto businesses, including exchanges and custodians, must conduct full customer due diligence for occasional crypto transactions worth €1,000 (around $1,150) or more.
For transactions below that threshold, providers must still identify customers, although they are not required to complete the same level of verification applied to larger transactions or ongoing business relationships.
At the same time, the regulation explicitly prohibits anonymous crypto accounts and services that allow transaction anonymization or increased obfuscation, including those involving anonymity-enhancing cryptocurrencies.
While the rules effectively prevent regulated crypto firms from listing, custodying, or facilitating transactions involving privacy-focused assets, the legislation does not prohibit individuals from owning or privately using those cryptocurrencies.
Clarification published alongside the regulation states that the identification requirements apply to crypto-asset service providers rather than every blockchain transaction. Direct transfers conducted between self-hosted wallets remain outside these obligations.
Separate requirements under Regulation (EU) 2023/1113, commonly known as the Travel Rule framework, require regulated providers to transmit sender and recipient information during crypto transfers. Additional checks apply when transfers involving self-hosted wallets reach €1,000 or more and a regulated intermediary is involved.
As a result, users transacting through exchanges and other regulated platforms must complete know-your-customer procedures, while peer-to-peer Bitcoin transactions conducted without an intermediary do not trigger direct identity verification requirements under EU law.
Cash payments face new limits across the bloc
Beyond crypto, Regulation (EU) 2024/1624 establishes a harmonized €10,000 ceiling for commercial cash payments throughout the European Union. Individual member states may continue enforcing lower limits if national authorities choose stricter controls.
For cash transactions valued at €3,000 (about $3,450) or more, traders and other obligated entities must verify customer identities and perform due diligence checks before completing the transaction.
The regulation notes that the new cap does not apply to deposits or payments made through banks, payment institutions, or electronic money issuers. Those transactions remain subject to existing monitoring systems and suspicious activity reporting requirements where warning signs are detected.
Another major component of the legislation expands the list of entities covered by EU anti-money laundering obligations. Professional football clubs, football agents, crowdfunding operators, investment migration businesses, luxury goods dealers, and several other sectors will now be required to carry out compliance checks and report suspicious activity.
Beneficial ownership transparency rules have also been strengthened. According to the regulation, legal entities across the bloc must disclose their ultimate owners through national registries, with ownership thresholds generally set at 25% and reduced to 15% for certain higher-risk structures.
Trusts, foundations, and non-EU entities involved in specific EU business activities or real estate transactions will also be subject to disclosure requirements, with trustees required to update ownership information within 28 calendar days.
