EU targets privacy coins while leaving Bitcoin transfers untouched

Regulation (EU) 2024/1624, which takes effect on July 10, 2027, will tighten anti-money-laundering (AML) rules for crypto-asset service providers operating in the European Union. The framework introduces stricter customer verification obligations and new restrictions on services that enhance transaction anonymity.

EU AML rules restrict privacy-enhancing crypto services

The regulation will bar regulated crypto firms from supporting privacy coins starting July 2027. It also prohibits anonymous crypto accounts and services that enable transaction anonymization or increased obfuscation, including those involving anonymity-enhancing cryptocurrencies.

While the rules target regulated providers, they do not prohibit individuals from owning or privately using privacy-focused cryptocurrencies.

Customer due diligence thresholds for crypto transactions

Under the new framework, regulated crypto businesses—including exchanges and custodians—must conduct full customer due diligence for occasional crypto transactions worth €1,000 (around $1,150) or more.

For transactions below €1,000, providers must still identify customers, but they are not required to apply the same level of verification used for larger transactions or ongoing business relationships.

The regulation clarifies that identification requirements apply to crypto-asset service providers rather than every blockchain transaction. Direct transfers between self-hosted wallets remain outside these obligations.

Travel Rule and identity checks when intermediaries are involved

Separate requirements under Regulation (EU) 2023/1113, commonly known as the Travel Rule, require regulated providers to transmit sender and recipient information during crypto transfers.

Additional checks apply when transfers involving self-hosted wallets reach €1,000 or more and a regulated intermediary is involved. As a result, users transacting through exchanges and other regulated platforms must complete know-your-customer procedures, while peer-to-peer Bitcoin transactions conducted without an intermediary do not trigger direct identity verification requirements under EU law.

Bloc-wide €10,000 cap on commercial cash payments

Regulation (EU) 2024/1624 also establishes a harmonized €10,000 (around $11,500) ceiling for commercial cash payments across the European Union. Member states may still enforce lower limits if national authorities choose stricter controls.

For cash transactions valued at €3,000 (about $3,450) or more, traders and other obligated entities must verify customer identities and perform due diligence checks before completing the transaction.

The regulation states that the €10,000 cap does not apply to deposits or payments made through banks, payment institutions, or electronic money issuers. Those transactions remain subject to existing monitoring systems and suspicious activity reporting requirements where warning signs are detected.

Expanded AML coverage and beneficial ownership transparency

The legislation expands the list of entities covered by EU AML obligations. Professional football clubs, football agents, crowdfunding operators, investment migration businesses, luxury goods dealers, and several other sectors will now be required to carry out compliance checks and report suspicious activity.

Beneficial ownership transparency rules are also strengthened. Legal entities across the bloc must disclose their ultimate owners through national registries, with ownership thresholds generally set at 25% and reduced to 15% for certain higher-risk structures.

Trusts, foundations, and non-EU entities involved in specific EU business activities or real estate transactions will also face disclosure requirements. Trustees are required to update ownership information within 28 calendar days.