European Union lawmakers on Thursday backed tougher traceability rules for transfers of Bitcoin and other cryptocurrencies, in a move the industry said would erode privacy, hinder innovation and expose users to a higher risk of theft.
The draft legislation, part of a broader fight against money laundering and financial crime, would require crypto firms to collect and share data on transactions in a business that has so far thrived on its anonymity.
The $2.1 trillion (€1.9 trillion) crypto sector is still subject to patchy regulation across the world. But concerns that Bitcoin and its peers could upset financial stability and be used for criminal purposes have accelerated work by policymakers to bring the sector to heel.
Under the proposal, first put forward last year by the European Commission, crypto firms such as exchanges would have to obtain, hold, and submit information on those involved in transfers. This information would have to be made available to the competent authorities.
That would make it easier to identify and report suspicious transactions, freeze digital assets, and discourage high-risk transactions, said Ernest Urtasun, a Spanish Green Party lawmaker helping to steer the measure through the parliament.
Crypto exchange Coinbase had warned ahead of the vote that the rules would usher in a surveillance regime that stifles innovation.
The legislation would also crack down on so-called "unhosted" wallets - held by individuals, not exchanges - by requiring them to keep records of crypto transactions and notify relevant authorities in the event of a transaction worth €1,000 or more.
"Recipe for disaster"
Lawmakers from the EU Parliament's Committee on Economic and Monetary Affairs (ECON) and the Committee on Civil Liberties (LIBE) backed the proposed text with 93 votes to 14 and 14 abstentions.
The European Parliament is set to vote on the text during its plenary session next week before negotiations known as “trilogue” talks begin between the EU parliament, Commission and Council.
“We have lost a battle, but this is far from over,” Patrick Hansen, head of strategy for decentralised finance (DeFi) start-up Unstoppable Finance, tweeted after the vote.
He called the text a "recipe for disaster" that would make crypto transfers more burdensome and less secure.
The reporting regime, he argued, would create "personal data honeypots" within private crypto companies and government agencies that would be at high risk of hacking.
Public register of high-risk entities
The parliamentary committees also want the European Banking Authority (EBA) to create a public register of crypto asset service providers that may face a high risk of money-laundering and other criminal activities, including a list of non-compliant businesses.
Before making crypto assets available to beneficiaries, providers would have to verify that the source of the transfer is not subject to restrictive measures and that there are no risks of money laundering or terrorism financing.
During Thursday’s debate, co-rapporteur Eero Heinäluoma said a crackdown on money laundering was needed following Russia’s invasion of Ukraine, which unleashed a wave of global sanctions against Russian government officials and oligarchs.
While the Russian rouble has buckled under the sanctions, Bitcoin and other cryptocurrencies have risen, stoking speculation that they could be used to bypass the economic blockade.
No minimum thresholds
The Commission had proposed applying the traceability rule to transfers worth €1,000 or more, but under the cross-party parliamentary agreement, all transfers would be in scope.
Urtasun said removing the threshold brings the draft law into line with rules from the global Financial Action Task Force that sets standards for combating money laundering.
He said an exemption for low-value transfers would not be appropriate, as crypto users could dodge the rules by creating an almost unlimited number of transfers.