The European Union (EU) has established a regulatory framework for the crypto industry, including the Markets in Crypto-assets (MiCA) Regulation and the Transfer of Funds Regulation (TFR).
MiCA provides a uniform legal framework for crypto-assets, covering consumer protection, asset classification, licensing requirements, and market abuse. Additionally, the TFR oversees the implementation of the Financial Action Task Force’s (FATF) crypto Travel Rule in the EU. MiCA and TFR were adopted on May 31, 2023, and the Travel Rule for crypto-asset service providers (CASPs) will take effect on December 30, 2024.
This page offers an overview of how the crypto Travel Rule applies in the EU, focusing on the TFR and the European Banking Authority (EBA)’s Travel Rule Guidelines. Note: This page has been updated with the EBA’s final Travel Rule Guidelines.
Timeline of Regulatory Action in the European Union:
- May 20, 2015 - The EU adopted Regulation (EU) 2015/847 on information accompanying transfers of funds - the TFR - to apply the FATF’s requirements across the Union uniformly.
- July 20, 2021 - The European Commission proposed a crypto legislative framework to create a new, more coherent AML/CTF regulatory and institutional framework for the crypto industry. This included a recast of the TFR to ensure the complete traceability of fund and crypto-asset transfers.
- June 29, 2022 - All parties reached a provisional agreement on the TFR.
- April 20, 2023 - The European Parliament approved both MiCA and the revised TFR, establishing a uniform legal framework for crypto-assets in the EU and boosting consumer protection.
- May 31, 2023 - The recast TFR was adopted.
- June 9, 2023 - The recast TFR was published in the Official Journal of the European Union.
- November 23, 2023 - The EBA launched a public consultation on new Travel Rule Guidelines, revising three guidelines: ML/TF Risk Factors, Travel Rule, and Risk-based Supervision. Read Notabene's summary of the EBA's draft guidelines.
- February 26, 2024 - Deadline to submit a response to EBA’s public consultation on the Travel Rule guidelines. Read Notabene’s response.
- July 4, 2024 - The EBA published the final Travel Rule Guidelines. National authorities will have two months to comply or explain non-compliance to the EBA. Read Notabene's summary of the EBA's final guidelines.
- December 30, 2024 - Crypto Travel Rule obligations will enter into force in the EU. Both the TFR and the Travel Rule Guidelines will become applicable.
Crypto Regulations in the European Union
1. Is cryptocurrency legal in the European Union?
Yes, cryptocurrency is legal in the European Union. The EU’s MiCA establishes a comprehensive framework for crypto-assets, categorizing them into utility tokens, asset-referenced tokens (ARTs), and electronic money tokens (EMTs). MiCA provides clear regulatory guidelines to ensure market integrity, consumer protection, and financial stability while promoting innovation. The regulation also introduces specific rules for significant ARTs and EMTs and generally excludes non-fungible tokens (NFTs) and financial instruments from its scope.
2. Are there AML crypto regulations in the European Union?
Yes. In 2021, the European Commission published legislative proposals to strengthen the EU’s anti-money laundering and counter-terrorism financing (AML/CFT) rules.
3. Is the Crypto Travel Rule mandated in the European Union?
The crypto Travel Rule is already mandated in some member states that passed national legislation ahead of EU-wide adoption of the recast TFR. The Travel Rule obligations foreseen in the recast TFR enter into force on December 30, 2024.
4. Who is the Crypto Travel Rule Regulator in the European Union?
Each member state has its own regulator or supervisory authority responsible for the enforcement of the crypto Travel Rule. However, the EBA guidelines - including the Travel Rule Guidelines - aim to harmonize regulatory and supervisory practices across the EU. This ensures that all member states adopt and implement the same standards and practices, reducing regulatory arbitrage and ensuring a level playing field for financial institutions.
{{european2="/cta-components"}}
FATF Travel Rule Requirements in the European Union
1. Are there licensing or registration requirements for CASPs in the European Union?
When MiCA enters into force, CASPs will be required to obtain authorization from the competent authorities in their member state before providing services. Once authorized, CASPs can operate across the EU under a passporting regime, which allows them to provide services in other member states without needing separate authorizations in each one. This facilitates a unified and efficient regulatory framework across the EU. However, CASPs may already have registration requirements with their respective national regulators, such as Germany’s Financial Supervisory Authority (BaFin) or Italy’s Ministry of Finance.
2. When is the Crypto Travel Rule enforcement date in the European Union?
The crypto Travel Rule and the EBA’s Travel Rule Guidelines will take effect on December 30, 2024.
3. Does the European Union permit a grace period to comply with the Crypto Travel Rule?
Yes. European VASPs had an 18-month grace period after the TFR was approved.
Complying with the FATF Crypto Travel Rule in the European Union
1. What is the minimum threshold for the Crypto Travel Rule in the European Union?
No minimum threshold applies. EU CASPs must comply with Travel Rule obligations for every transaction, regardless of its amount. Unlike transfers of funds, crypto asset transfers are always subject to the same scope of obligations. This means that the scope of information EU CASPs are required to transmit does not vary depending on the transaction amount or whether or not the transaction is cross-border. In contrast, in transfers of funds, both of these requirements are relevant to determining the scope of applicable obligations.
2. What are the PII requirements for the Crypto Travel Rule in the European Union?
Under Article 14, paragraphs 1 and 2 of the TFR, CASPs must ensure that all transfers include specific details about the originator and beneficiary.
Natural Persons
Travel Rule transfers must include the name, the distributed ledger address, and the account number of both the originator and beneficiary customers. The distributed ledger address is only required for transactions registered on the blockchain. In addition to this information, the Travel Rule transfer must include certain additional information about the originator customer, specifically the address, official personal document number, and customer identification number, or, alternatively, the originator’s date and place of birth.
![Travel Rule Crypto in European Union by the EU Parl 🇪🇺 [2024] - Notabene (1)](https://i0.wp.com/cdn.prod.website-files.com/63e601645c923010ae7f8925/669e4a050bf87dd4bf56047b_AD_4nXcW4ZPUZD5uwCV3QJvU46RMP6VRHtwzdqD4i-mWiXbw4YawbrEFiakAvbUBkSD6BHCvPVZGazt8uaxSLQs-XeGbFR9ZgAXYFyof2HGBHaIJWeIbYVWlZu1LwINUFqTAQi7AG54u7WxQUbCPX-jINZfPdKZg.png "Travel Rule Crypto in European Union by the EU Parl 🇪🇺 [2024] - Notabene (1)")
According to the Travel Rule Guidelines (§39), the specific originator information that CASPs should transmit or demand receiving must allow for identification of the originator with sufficient certainty and support the effective implementation of sanction screening requirements.
The EBA’s Travel Rule Guidelines specify in more detail how CASPs are expected to comply with certain requirements of the TFR. Download our guide to learn more.
Legal Persons
The TFR does not specify the information required when the originator is a legal person (e.g., a corporation). However, the EBA’s Travel Rule Guidelines provide guidance on the necessary information in such cases.
![Travel Rule Crypto in European Union by the EU Parl 🇪🇺 [2024] - Notabene (2)](https://i0.wp.com/cdn.prod.website-files.com/63e601645c923010ae7f8925/669e4a05bf757e73229455dc_AD_4nXdIYClJCYCaiP7bcEzbCpXRwkuyC7GDXMLPib8MF2LGcgYmkeonhPwWHtPm-B6cQThDsHWrRlW32ac3bPJjjYbsxc2jybR_gfhy6blLO7wdXSR3-x0CVUQaW7qc-7bXWHWmzmmMk7a5wbMB8Z_0NO6fii8.png "Travel Rule Crypto in European Union by the EU Parl 🇪🇺 [2024] - Notabene (2)")
3. What are the obligations for beneficiary CASPs in the European Union?
European Beneficiary CASPs have the following requirements:
- Receive Required Information: Beneficiary CASPs must receive specific information about each transaction’s originator and beneficiary customers¹.
- Detect Non-Compliance: Beneficiary CASPs must implement robust policies and procedures to detect incoming transactions lacking necessary information. This includes methods for detecting missing, incomplete, or meaningless information, pre and post-monitoring practices aligned with ML/TF risk levels, criteria for recognizing risk-increasing factors, and clear responsibilities for staff in managing transactions with missing information².
4. How should beneficiary CASPs manage non-compliant transactions?
The EBA’s Travel Rule guidelines outline steps beneficiary CASPs should take to handle transactions that lack information about the originator or beneficiary:
- Transaction Handling: If the beneficiary CASP detects a transaction lacking information, they may choose to execute, reject, return, or suspend the transfer, following effective risk-based procedures³. If rejecting the transfer is not possible, such as when crypto-assets are already received, the transfer should be returned to the originator⁴. If returning to the original address is not feasible, CASPs should use alternative methods, like holding the assets in a secure account and coordinating with the Originator CASP to arrange the return.
- Requesting Missing Information: Beneficiary CASPs can request missing information instead of outright rejecting or returning a transfer⁵. However, if they decide to reject or return the transfer, they must notify the prior CASP in the transfer chain of this action.
- Insufficient Information: If the information received does not allow for unambiguous identification of transaction parties, the recommended action is to reject or return the crypto asset transfer⁷.
- Sufficient but Incomplete Information: In cases where the information, although incomplete, still allows for unambiguous identification of transaction parties, the beneficiary CASP can decide whether to execute, reject, or return the transfer. If opting to execute, the reasoning must be documented appropriately⁸.
5. How should beneficiary CASPs manage non-compliant counterparties?
According to Article 17/2 of the TFR, upon detecting a counterparty’s failure to provide the required information, CASPs should consider two potential actions: (i) reassessing the relationship with the non-compliant counterparty and (ii) reporting the non-compliance to competent authorities.
- Assessment: CASPs must use both quantitative and qualitative criteria to assess whether the counterparty has repeatedly failed to meet its obligations⁹.
- Actions: If the assessment reveals repeated non-compliance, CASPs should consider the following steps:some text
- Sending a warning to the counterparty.
- Exploring alternative methods of managing counterparty risk.
- Terminating the business relationship or rejecting future transfers.
- Reporting repeatedly non-compliant counterparties to the competent authority responsible for AML/CTF supervision¹⁰.
6. Are there differences in customer PII requirements for cross-border transfers versus transfers within the EU?
No, there are no differences. The revised TFR removed simplified requirements for transactions within the EU. TFR Recital 27 highlights that crypto-asset transfers are inherently borderless with global reach. This revision aligns with FATF’s requirement to treat all crypto-asset transfers as cross-border, eliminating distinctions in obligations within or outside the EU. Recital 30 of the TFR justifies this due to the rapid, expansive, and pseudo-anonymous nature of crypto transactions, facilitating large, fast illicit transfers evading detection.
7. What are the non-custodial or self-hosted wallet requirements in the European Union?
The obligations applicable to transactions between CASPs and self-hosted wallets depend on the transaction amount and whether the transaction involves a CASP customer or a third party.
![Travel Rule Crypto in European Union by the EU Parl 🇪🇺 [2024] - Notabene (3)](https://i0.wp.com/cdn.prod.website-files.com/63e601645c923010ae7f8925/66990921ba2b5bcb75e85f59_fig%203.png "Travel Rule Crypto in European Union by the EU Parl 🇪🇺 [2024] - Notabene (3)")
- Transactions of 1,000 euros or less: CASPs must collect and retain specific information on the originator or beneficiary from their customer.
- Transactions exceeding 1,000 euros where the wallet owner is a CASP customer: CASPs must verify wallet ownership or control using at least one method from a provided list.
- For transactions exceeding 1,000 euros where the wallet owner is not a customer of the CASP: The TFR does not specify obligations. However, the Travel Rule Guidelines state that the verification of the originator or beneficiary’s identity, as required by Article 19a(1)/(a) of Directive (EU) 2015/849, can be fulfilled by gathering additional information from other sources or through other appropriate means.
Why Choose Notabene for Crypto Travel Rule Compliance in the European Union?
Notabene enables European CASPs and financial institutions to comply with the EU’s crypto Travel Rule. Our SafeTransact platform allows customers to identify and prevent high-risk activities before transactions occur. It includes a self-hosted wallet identification tool that collects verification data at the withdrawal screen, applying the necessary jurisdictional requirements for each transaction. Our privacy-preserving platform ensures end-to-end compliance with crypto Travel Rule regulations, accommodating the specific needs of various jurisdictions.
![Travel Rule Crypto in European Union by the EU Parl 🇪🇺 [2024] - Notabene (2024)](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8/h8AAvMB+NzmkbcAAAAASUVORK5CYII=)