EU regulation: AMLR, MiCAR & DAC8 explained
–
What Bitcoin payments mean in practice
In recent weeks, numerous false reports about the EU anti-money laundering package (AMLR) have been making the rounds again.
One read about an alleged “compulsory ID card for every Bitcoin transaction” or even the end of peer-to-peer payments in Europe.
But what is really behind it all?
And what does all this mean in concrete terms for Bitcoin payments in everyday life – i.e. for payers and merchants?
So it’s time to set the record straight and explain the wider context of MiCAR and DAC8 and why self-custody is more important than ever.
MiCAR, AMLR & DAC8 – The new EU crypto triangle
Three new EU legislative packages will interlock in future:
| Rules and regulations | Focus | Affected parties |
|---|---|---|
| MiCAR (Markets in Crypto Assets Regulation) | Uniform EU rules for crypto service providers (license, consumer protection, stablecoins) | Exchanges, custodians, issuers |
| AMLR (Anti-Money Laundering Regulation) | Measures against money laundering & terrorist financing (KYC, wallet check, privacy coin ban) | Banks, CASPs, financial service providers |
| DAC8 (Directive on Administrative Cooperation 8) | Tax transparency and automatic exchange of information on crypto transactions | CASPs, tax authorities |
MiCAR regulates who is considered a crypto service provider.
AMLR prescribes auditing obligations and customer identification for these service providers.
DAC8 finally ensures the automatic exchange of information between tax authorities.
👉 Together, they form the EU’s attempt to monitor cryptocurrencies more closely and embed them in the traditional financial system.
No ID required for every Bitcoin transaction
The fact is:
There is no general ID requirement for every Bitcoin payment.
The new rules only apply to regulated service providers (CASPs) – e.g. exchanges, custodians or payment providers that hold crypto on behalf of others.
However, anyone who controls their own keys (self-custody) is not a CASP and is therefore not subject to these regulations.
Due diligence obligations of service providers for payments with self-custody wallets
The AMLR requires service providers (CASPs) to perform certain checks when sending or receiving money to or from a self-managed wallet.
- Under €1,000:
A risk-based analysis is sufficient – e.g. automated blockchain analysis. - Over €1,000:
The service provider must check whether the wallet actually belongs to its customer, for example by means of the so-called Satoshi test (a small test transaction).
This verification obligation applies exclusively to the service provider, not the individual payer or merchant.
If both parties use self-custody, no verification takes place – because there is no regulated third party that would be obliged to do so.
Practical example: The pizzeria and its Bitcoin payments
Imagine the pizzeria around the corner accepts Bitcoin.
How the AMLR works depends on who uses which wallet:
1. both sides use self-custody
The customer pays with their own wallet (e.g. Phoenix, BitBox).
The payments end up directly in the pizzeria’s own wallet.
-
No exchange, no payment service provider in between.
-
Peer-to-peer payment in the original sense.
-
No AMLR check, no data collection, no reporting obligation.
This is how Bitcoin works as it was intended – decentralized, private and without middlemen.
2. customer pays from a custody wallet (e.g. stock exchange account)
The customer pays from their exchange account. A regulated service provider is involved here – the stock exchange.
According to the AMLR, it must check where the money is sent.
- Under €1,000: automatic risk analysis.
- Over €1,000: additional verification possible.
- The pizzeria is not affected – the obligation lies with the payer’s exchange.
3. pizzeria uses a custody payment provider
In this case, the pizzeria uses an external payment provider for its Bitcoin payments, which processes the transactions technically and financially – such as BitPay or OpenNode.
What does a custody payment provider do?
Such a provider stores the Bitcoin balance on behalf of the trader.
This means:
-
Incoming Bitcoin payments do not end up directly in the merchant’s wallet, but first in a wallet that is controlled by the provider.
-
The provider stores these Bitcoin(custody) and can automatically exchange them for euros if required.
-
He then credits the euro amount to the merchant’s bank account or holds the Bitcoin balance in trust on behalf of the merchant.
What does this mean legally?
-
The payment provider is considered a Crypto Asset Service Provider (CASP) and is fully subject to AMLR and DAC8.
-
It must identify its customers (i.e. the merchant) (KYC ) and check and document transactions.
-
Wallet verification is mandatory for amounts over €1,000.
-
The provider may also be obliged to report transaction data to tax authorities.
What does this mean for the retailer?
- The pizzeria itself does not have to carry out any checks.
- However, it no longer works in a peer-to-peer model, but within a regulated and monitored system.
- The merchant has no direct control over the Bitcoin received as long as it is held by the payment provider.
Custody payment providers such as BitPay or OpenNode make Bitcoin payments convenient, but lead them into a centralized, monitored system with KYC and reporting obligations.
Those who want to maintain independence and privacy should therefore rely on self-custody solutions such as BTCPay Server or Coinsnap .
4. both sides use custody providers
If the customer pays from an exchange wallet and the pizzeria receives via a custody payment provider, two regulated service providers are involved.
In this case, both providers must fulfill their verification obligations and inform each other about the sender and recipient – this is done via the so-called travel rule.
5. merchant with self-custody payment provider
Many merchants today use solutions such as BTCPay Server or Coinsnap in the self-custody version, where the Bitcoin received flows directly into their own wallet.
➡ A dvantages:
-
No third-party custody → no CASP → no AMLR or DAC8 obligation.
-
Full control over your own funds.
-
Data protection-friendly and independent.
DAC8 – The new tax reporting obligation for crypto
With DAC8, the EU obliges all crypto service providers to automatically transmit tax-relevant information to the tax authorities.
This includes:
-
Identity data (name, address, tax ID)
-
Type, number and value of crypto assets traded
-
Timing of transactions
-
Account balances at the end of the year
This data is exchanged between EU member states so that national tax authorities have a complete overview of citizens’ crypto activities.
The rationale: to prevent tax evasion.
The reality: the end of tax privacy for crypto users.
The DAC8 only requires regulated service providers (CASPs) to report transaction and customer data to the tax authorities.
Self-custody users are not affected by this.
Those who hold their own keys remain outside the DAC8 reporting obligation – but must of course pay tax on their income correctly.
DAC8 in practice: The pizzeria question
A reader recently asked a very good question:
“Does DAC8 also have an impact on the pizzeria around the corner that sells pizzas for sats? Or on small donations in Bitcoin?”
No.
As long as the pizzeria receives Bitcoin directly into its own wallet, it does not fall under DAC8.
Only if a custodian payment provider is involved does it have to report the transaction data – not the merchant itself.
Overview
| Scenario | Parties involved | Who is obliged? | AMLR check? | DAC8 notification? |
|---|---|---|---|---|
| Customer & merchant with self-custody (e.g. BTCPay Server, Coinsnap | no CASPs | nobody | ❌ No | ❌ No |
| Customer (Custody) → Retailer (Self-Custody) | 1 CASP | Provider of the customer | ✅ Yes | ✅ Yes (customer side) |
| Customer (self-custody) → Merchant (custody provider) | 1 CASP | Payment provider | ✅ Yes | ✅ Yes (merchant side) |
| Both Custody | 2 CASPs | Both providers | ✅ Yes, on both sides | ✅ Yes, on both sides |
Recommendation: Rely on self-custody and peer-to-peer payments
Anyone who uses Bitcoin as it was intended uses it peer-to-peer – directly from person to person, without middlemen, without authorizations, without censorship.
Self-custody solutions such as BTCPay Server or Coinsnap allow exactly that:
- complete control over its own funds,
- no disclosure of personal data,
- Protection of privacy,
- Independence from banks, stock exchanges and state supervision
Conclusion:
Those who hold their own keys remain free – legally, technically and financially.
Bitcoin only works as a peer-to-peer electronic cash system if payers and merchants control their own wallet.
This is the only way for Bitcoin to remain sustainable, censorship-resistant and sovereign.
Positive trend: lightning wallets rely on self-custody
A positive trend is already emerging:
More and more Bitcoin and lightning wallets are switching to self-custody – and thus consistently following the original Bitcoin idea.
For example, the Wallet of Satoshi recently announced that it would restrict its services in regulated markets and encourage users to manage their own keys.
Other wallets such as Phoenix, Zeus or MistyBreez are already completely non-custodial, so that users retain full control over their funds at all times.
This development is a direct consequence of the new legal requirements:
The more regulations focus on monitoring, mandatory reporting and control, the more awareness of genuine self-custody grows – among payers as well as merchants.
⚡ Self-custody wallets are therefore not only a technical advance, but also an answer to excessive regulation.
They strengthen privacy, promote financial sovereignty and make Bitcoin payments what they should be again:
a free, decentralized and borderless means of payment.
