Key Takeaways
- The AMLR (Regulation (EU) 2024/1624) is the EU’s first single, directly applicable anti-money laundering rulebook, and it starts applying on 10 July 2027.
- Crypto-asset service providers are treated like banks: full identity checks from 1,000 euros, mandatory monitoring, and a ban on anonymous accounts and privacy coins.
- You can still self-custody and hold any coin, but regulated EU exchanges face far stricter checks and will offboard anonymity-focused assets.
In This Article
Why the AMLR Is a Big Deal
If you follow crypto on social media, you have probably seen dramatic warnings about the EU “ending financial privacy” from 2027. The trigger for most of that noise is a piece of legislation called the AMLR. It sits right next to MiCA, the EU’s crypto market regulation, but where MiCA handles licensing and market conduct, the AMLR handles the anti-money laundering layer: who checks your identity, when, and what happens to anonymous transactions.
Understanding the AMLR matters because it changes the day-to-day experience of using a regulated European exchange, and because a lot of the online commentary mixes real requirements with exaggeration. This article separates the two.
What the AMLR Actually Is
AMLR stands for Anti-Money Laundering Regulation, officially Regulation (EU) 2024/1624. It is the core of the EU’s new anti-money laundering package, and it creates a single set of rules that applies directly and identically in all 27 member states.
The word “regulation” is doing a lot of work there. Previous EU anti-money laundering law came as directives, which each country had to write into its own national law, often with local variations. A regulation skips that step: the same text binds a bank in Dublin, a payments firm in Tallinn, and a crypto exchange in Amsterdam, with no room for national reinterpretation.
The AMLR was adopted on 31 May 2024, published in the Official Journal on 19 June 2024, and entered into force on 9 July 2024. Its substantive rules apply from 10 July 2027, giving businesses roughly three years to prepare.
From a Patchwork of Directives to One Rulebook
For decades, EU anti-money laundering policy ran on a series of directives, numbered up to the sixth. The problem was consistency: identical activity could face different obligations depending on the country, and criminals learned to route money through the weakest links. High-profile banking scandals across the bloc made the case for harmonisation hard to ignore.
The response was a coordinated package: the AMLR as the substantive rulebook, a recast directive known as AMLD6 for national governance and supervision, and a new central body. That body is the Anti-Money Laundering Authority (AMLA), based in Frankfurt and operational since 1 July 2025. From around 2027, AMLA will directly supervise up to 40 of the highest-risk cross-border entities, a list that explicitly includes large crypto platforms.
How Does the AMLR Work?
The AMLR works by expanding the list of “obliged entities” and standardising what they must do. Obliged entities now clearly include banks, payment firms, real estate agents, high-value goods dealers, crowdfunding platforms, certain lawyers and accountants, and crypto-asset service providers (CASPs).
Crypto exchanges become obliged entities
Any CASP licensed under MiCA is automatically an obliged entity under the AMLR. In practice that means centralised crypto exchanges and custodial wallet providers carry the same core duties as a bank: verify customers, monitor transactions on an ongoing basis, report suspicious activity to the national Financial Intelligence Unit, and keep records for at least five years.
Lower thresholds for identity checks
The AMLR lowers the thresholds that trigger customer due diligence. For most occasional transactions, the general threshold drops from 15,000 euros to 10,000 euros. For occasional cash transactions, limited identification kicks in at 3,000 euros. Crypto gets the strictest treatment: CASPs must run due diligence on occasional crypto transactions from 1,000 euros, and are expected to identify customers even below that figure.
The 10,000 euro cash payment limit
Separately, the AMLR sets a bloc-wide cap of 10,000 euros on cash payments for goods and services in a business context. Individual member states are free to set lower national limits, and several already plan to. This cap targets large physical cash deals such as cars, jewellery, and art, and does not restrict everyday spending.
What the AMLR Means for Crypto Users
For most people using a regulated European exchange, the AMLR mainly means more identity checks and less anonymity at the on-ramps and off-ramps. Two areas draw the most attention.
Self-hosted wallets are not banned
You can keep using hardware and software self-custody wallets freely. The AMLR does not outlaw them. What changes is the moment you interact with a regulated CASP: the provider must assess the money laundering risk of transfers to or from self-hosted addresses and apply risk-based measures, which can mean verifying that you control the wallet or asking for source-of-funds details. This reinforces the separate Transfer of Funds Regulation, the EU’s version of the crypto “travel rule”, which requires originator and beneficiary data to accompany transfers between providers.
Privacy coins and anonymous accounts
Article 79 of the AMLR prohibits obliged entities, including CASPs, from keeping anonymous accounts and from handling “anonymity-enhancing coins”. These are privacy coins designed to obscure transaction details, such as Monero, Zcash, and Dash. The result is that regulated EU platforms are expected to delist and offboard these assets before the 2027 deadline. Importantly, the ban binds the platforms, not individuals: owning privacy coins and moving them peer-to-peer between self-hosted wallets stays legal.
What the Rules Aim to Achieve
- One consistent rulebook across all 27 member states, closing gaps criminals exploited between countries.
- Clearer, more predictable obligations for crypto businesses that operate across borders.
- Stronger beneficial ownership transparency and tighter suspicious-transaction reporting.
- Central EU-level supervision through AMLA for the highest-risk entities.
Criticisms and Concerns
- Privacy advocates argue the anonymity ban treats ordinary users as suspects and erodes financial privacy.
- Compliance costs are significant, and critics note they can exceed the value of criminal funds actually recovered.
- Delisting privacy coins may simply push that activity to unregulated or offshore venues rather than stopping it.
- Smaller CASPs may struggle with the operational burden of full due diligence and monitoring.
AMLR vs MiCA
People often confuse the AMLR with MiCA because both are EU crypto rules arriving around the same time. They are complementary, not competing.
| Aspect | MiCA | AMLR |
|---|---|---|
| Main focus | Licensing and market conduct for crypto-assets | Anti-money laundering and terrorist financing |
| Core question | Can this business operate and issue tokens? | Who is the customer and is this transaction clean? |
| Applies from | Phased through 2024 and 2025 | 10 July 2027 |
| Privacy coins | Restricts trading platforms from listing them | Extends the ban to all CASPs, not just platforms |
A CASP needs a MiCA licence to operate and must follow the AMLR to stay compliant on the anti-money laundering side. Together with the travel rule, they form the full European framework.
Why the AMLR Matters in 2026
Although the AMLR does not fully apply until July 2027, its effects are already visible in 2026. Major exchanges have started removing privacy-focused tokens ahead of the deadline, and AMLA is drafting the technical standards that will pin down the finer details. For anyone building a crypto business in Europe, preparation is a now problem, not a 2027 problem.
For everyday users, the practical takeaway is that using crypto through regulated EU platforms will feel more like using a bank account, with more identity checks and fewer anonymous options. If you want a deeper look at how this plays out for specific assets, see our breakdown of whether privacy coins are being banned in Europe.
Official Sources and a Word of Caution
The AMLR is settled law, but the detailed technical standards that flesh out how the rules work in practice are still being drafted and will apply from 10 July 2027. Specifics such as exact thresholds, edge cases, and the treatment of optionally private assets can still be refined through implementing and delegated acts. Treat this article as an educational overview, not legal or compliance advice, and always confirm current details against the official sources below before making decisions.
- Full legal text: Regulation (EU) 2024/1624 (AMLR) on EUR-Lex
- Crypto travel rule: Regulation (EU) 2023/1113 (Transfer of Funds) on EUR-Lex
- Package overview: European Commission anti-money laundering hub
Stay Ahead in Crypto