Digital asset advocacy group the European Crypto Initiative (EUCI) has published an AML Handbook to help firms “stay compliant” with the European Union’s (EU) impending new anti-money laundering (AML) regulations, which will ban so-called privacy coins and anonymous digital asset accounts from 2027.
As noted by the EUCI, under Article 79 of the EU’s new Anti-Money Laundering Regulation (AMLR), “credit institutions, financial institutions, and crypto-asset service providers are prohibited from maintaining anonymous accounts” or handling privacy-preserving digital assets, such as Monero (XMR) and Zcash.
These rules are just part of the wide-ranging new AML package, Regulation 2024/1624, which the European Parliament introduced in April 2024, formally adopted a month later, and is set to come into force by July 1, 2027.
The framework is intended to “protect EU citizens and the EU’s financial system against money laundering and the financing of terrorism.”
Anti-anonymity
The new regulation extends the AML rules to new “obliged entities,” including crypto-asset service providers (CASPs).
It also bans “crypto-asset accounts allowing anonymization of transactions” and “accounts using anonymity-enhancing coins.”
‘Anonymity-enhancing coins’, or privacy coins, are digital assets that use advanced cryptographic techniques and transaction obfuscation tools to make transactions untraceable and increase user anonymity.
Under the EU’s new rules, such coins will be banned in the bloc.
New authority and tighter control
To enforce these rules, another key element of the regulatory framework involves the creation of a new AML watchdog, the Anti-Money Laundering Authority (AMLA), which will directly supervise up to 40 CASPs across at least six EU countries.
These companies must have either over 20,000 users or handle more than 50 million euros in annual transactions—criteria which aim to ensure that only companies with a significant operational presence in multiple jurisdictions are subject to direct supervision.
The incoming regulations will also impose tighter controls on digital asset transfers to bring the sector more in line with
traditional banking. Specifically, if the transaction is over 1,000 euros, the identity of the sender and receiver will need to be verified.
Since the new rules were adopted by the European Council—the executive arm of the EU—last April, some CASPs operating in the bloc have been slowly accepting their fate, as evidenced by digital asset exchange Kraken delisting XMR in June 2024.
However, many businesses have yet to comply with the new rules, perhaps hoping that they may be changed or adjusted before the 2027 implementation date.
AML rules final
After adopting the new AML regime, the job of implementation largely fell to the European Banking Authority (EBA)—the EU’s top banking sector regulator—via the ‘implementing and delegated acts‘, which can allow for a law to be updated “to reflect developments in a particular sector or to ensure that it is implemented properly.”
On March 6, 2025, the EBA launched a consultation on the AML package, suggesting that some new rules, such as those related to anonymous accounts and privacy coins, may be negotiable.
However, the EUCI says the regulations are essentially “final.” This is why the advocacy group put together its recently
published AML manual to assist firms in preparing for the all-important 2027 date, and help them get their heads around the “dense,” “critical” rules.
“The regulations (the AMLR, AMLD and AMLAR) are final, and what remains is the ‘fine print’ — aka the interpretation of some of the requirements through the so-called implementing and delegated acts,” said Vyara Savova, senior policy lead at the EUCI.
She added, “The EUCI is still actively working on these level two acts by providing feedback to the public consultations, as some of the implementation details are yet to be finalized… However, the broader framework is final, so centralized crypto projects (CASPs under MiCA) need to keep it in mind when determining their internal processes and policies.”
In other words, EU businesses—digital currencyor otherwise—have over two years to comply with the new AML regulation, including ditching privacy coins and anonymized wallets.
Watch: Reggie Middleton on DeFi, booms/busts & crypto regulation
title=”YouTube video player” frameborder=”0″ allow=”accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share” referrerpolicy=”strict-origin-when-cross-origin” allowfullscreen>