I decided to do a bit of a deep dive into the latest crypto regulation
It's interesting to say the least and everyone living in the EU should take notice. I also covered the developments regarding this in December of last year. There are basically three major goals that regulatros are trying to tackle with the upcoming regulation:
- (1) Establishing a general regulatory framework for crypto currencies/asssets (MiCA)
- (2) Making all crypto transactions traceable (ToF)
- (3) making it mandatory for CEXs to inform tax authorities of crypto transactions
The Market in Crypto Assets (MiCA) as well as the Transfer of Funds (ToF) legislature was passed some days ago in the EU. You can read about the summary in the media. It has some good information listed there. But it is rather basic and leaves a lot of questions unanswered. Because of this I felt I needed to dig a bit deeper into the law. An important thing to realize is that the first and second goals will be implemented in early 2025 while the third one (3) will be implemented in early 2026. This still leaves a bit time to get prepared.
Now with this sorted out, let's begin...
Why the criticism?
Perhaps I should also make it clear why I am so critical of this legislation. While I endorse regulation that sets clear goals and boundaries, it is the bias of regulators that constitutes the problem for me (see next section). For example, it is clear that concepts and values like privacy are de facto criminalized. The state can't have its citizens live a life shrouded in privacy, right? The state wants to know and wants to control (normally under the pretext of combating terrorism or money laundering). We are seeing this mindset almost everywhere we look in politics and it's a topic for another post. But I believe that citizens have to make it clear that they do not want a life that is completely controlled by a central entity (or perhaps the majority wants such a life?). That this can very quickly lead down a road of totalitarianism is clear when one looks at China and the plans for CBDCs in general. So it is important to realize that there is actually another way forward (e.g., see Jordan Peterson's attempt to establish a pro human alternative to the WEF) .
It's all about control, stupid!
You might have heard the phrase that the crypto world resembles the "wild west" in its current state. There is hardly or no regulation in place in many countries, making it difficult for all actors to ascertain how to proceed when dealing with cryptos. Just recently, the US made it clear that it does not really know how to proceed in this regard and seemingly wants to add more confusion than provide clarity (see e.g., 
Here is where it gets interesting, though. Imagine the regulatory entities as the eye of Sauron that is "all powerful" (of course I don't want to say all regulators are evil... but it's a fitting analogy here). Whatever it looks at succumbs to its power and control - there is not a fighting chance (as the state makes all the rules). But the image also reveals that it can only focus on one thing at a time and by doing so does not see all the other things that are going on as well. It can also only take hold of the things that are as such controllable. Naturally, this puts all the focus on Centralized Exchanges. CEXs are the bridges that connect the fiat world to the crypto world. While regulatory entities are almost all powerful in the fiat world, they lack that power in the world of cryptoland. Therefore, if CEXs can be controlled crypto can be "controlled" - at least in the sense that it makes it very difficult to utilize crypto in the fiat world. But there are gaps, as we will see...
DeFi not included!
One thing that the eye of Sauron cannot see or control is DeFi. In the documents on can read that the legislature will only encompass Centralized Finance (CeFi) and not Decentralized Finance (DeFi). While they do not straight out admit that they have no idea how to control DeFi, they rather word it as that the necessary regulatory framework still has to be worked out. Good luck with that! It is clear that the only way to deal with DeFi from a regulatory approach is to ban it as there is no other way to handle something that at its core cannot be controlled (after all, the user owns the keys to the wallet; and if it is an actual decentralized chain no actor can simply freeze funds!).
The Deep Dive
There are two parts of the legislation: the MiCA and the Transfer of Funds (i.e., the "travel rule") which can both be seen here (the regulation regarding the tax reporting has not been passed yet as far as I know). I am only covering the Transfer of Funds in this post as I think it is the more important one regarding how this legislation will soon effect user's experience (for the worse!). Since there are 78 pages, I am not covering everything within it, but I believe the most important points are highlighted here.
Paragraph 15a and 16 state the goal of ToF as well as what is expected from CEXs in regards to how to implement the measures:
The goal is clear: crypto transactions should be as transparent as fiat transactions in the banking sector. Currently, anyone can just send X amount (there is almost no limit with KYC, and none whatsoever in DeFi) to anyone. This won't be the case after 2025. You will need to provide information regarding the payer and payee (more on this in the next paragraphs). But there are differences being made whether you send it to another CEX or a "self-hosted" non-custodial wallet. More on this in a moment. Paragraph 16 also shows how CEXs will have to take appropriate measures to ensure that these rules are being followed. This includes, e.g., freezing of funds or also applying DLT (Distributed Ledger Technology) analytic tools to spot "suspicious" wallets.
Regarding the information that such be attached to transactions:
As you can see this is actually rather comprehensive. It's not just the names, it's also the wallet addresses, the network used, and "account number" (probably given to by the CEX), name of country, passport number etc.! Privacy will be no more with this law.. but keep in mind that this is only relevant if a CEX is involved. If you send cryptos in DeFi, there won't be any info required because... they have no power there. You have the keys, so it's your crypto.
Now there is somewhat of a (false) relief that this info does not have to be attached to every transaction as stated in paragraph 22:
To "not drive illicit transaction underground" these rules will only apply for transactions that are greater than 1000โฌ. But, there are caveats that makes the rule to the exception quite useless. Essentially, it cannot be linked to other funds that would then exceed the limit (I would suppose this would include all prior transactions from one address). There is also a blank check given to freeze all funds when transactions are deemed "suspicious". How that would be ascertained, however, is left completely open. Normally this means for the user that using a CEX will be plagued with uncertainty. Just like using paypal, you will never know if your crpyto will be frozen...
And then there are the self-hosted wallets...
Here also there is a limit of 1000โฌ. The same caveats as outlined above will also play a role here. So the limit does not really mean much. Also, the CEX has to verify that you own or control that wallet! Now how would a CEX do that in practice? Sending them your keys is probably not something that anybody wants to do... So I am guessing that it could be something like signing a transaction with your account to verify that you control it. So this means that CEX users will soon always first send and DeFi funds to a wallet they own, before they can then send it to a CEX.
If you have read this far, you will probably have come to the conclusion that using CEXs is not going to sexy in the future! It's going to be a pain in the "!% to use them. Simple as that. The superior UX will always be DeFi (unless you live in the EU, but this will probably set a standard for other countries like the US to follow).
Surprisingly, (and maybe I am misinterpreting this - if so let me know!) there is a gap in the system! In paragraph 19 we can read about funds that have a "low risk" and should therefore be excluded from this regulation. Payment cards among others are such exemptions. Now this is a big surprise to me, since this is an incredibly useful way to convert crypto into goods and services without KYC.
So it seems that gift cards and visa cards etc. will not need to be KYCed! The caveat here is that it has to be used for the purchase of goods and services. But that's the point, right? I always wondered how they would deal with this "loophole" as I suspected it would be near impossible to regulate this industry. After all, anyone can start a business and buy payment cards and then resell them for crypto (which would also work outside the EU).
Paragraph 19a is about NFTs. I have already read in some blogs or news outlets that they interpret this to be all NFTs. But if you read the paragraph you can see that this basically only applies to "valueless" NFTs. As soon as they are sold and have value as an asset they would be subject to ToF. This is of course a nightmare for anyone who wants to sell NFTs. Every single "customer" will then have to KYC to the seller...
This was a long post...
And there is still so much left out and so much more that needs clarification. It will be interesting to see how CEXs actually deal with this. Be sure that UX for using CEXs is going to deteriorate substantially after 2025. So you might want to do everything you need before that date...
What are your thoughts?!
โ ๐ฆ๐ง๐ฆ๐ง๐จโ๐ฉ๐ฆโ ๐งโ๐ค๐ฅ๐ช๐ง๐จ๐ฉโ ๐ฆโ๐ค๐ฅ๐คโ ๐คโ ๐ฆโ
Check out the Love The Clouds Community if you share the love for clouds!
โ ๐ฆ๐ง๐ฆ๐ง๐จโ๐ฉ๐ฆโ ๐งโ๐ค๐ฅ๐ช๐ง๐จ๐ฉโ ๐ฆโ๐ค๐ฅ๐คโ ๐คโ ๐ฆโ