Crypto Law Profile
EU Travel Rule regulation requiring payer/payee and originator/beneficiary information to accompany fund and crypto-asset transfers, including CASP obligations for self-hosted addresses. Applies from Dec. 30, 2024.
Regulation (EU) 2023/1113 is the European Union’s recast Transfer of Funds Regulation (TFR), a binding EU regulation on information accompanying transfers of funds and certain crypto-assets. As of June 6, 2026, EUR-Lex lists the regulation as in force. It entered into force on June 29, 2023, and its main application date is December 30, 2024, aligning the crypto-asset transfer rules with the start of the MiCA crypto-asset service provider regime.
The regulation is designed to make fund and crypto-asset transfers traceable for anti-money laundering and counter-terrorist financing purposes. It applies where at least one payment service provider, intermediary payment service provider, crypto-asset service provider, or intermediary crypto-asset service provider involved in a covered transfer is established or has its registered office in the EU. It also amends Directive (EU) 2015/849 and repeals Regulation (EU) 2015/847 from the date of application.
For crypto-asset transfers, the regulation requires a CASP of the originator to ensure that specified information on the originator and beneficiary accompanies the transfer. The required data can include names, distributed ledger addresses, crypto-asset account numbers, address or identity information, and legal entity identifiers where relevant. The information may be submitted before, simultaneously with, or concurrently with the transfer and need not be attached directly to the on-chain transfer itself.
The TFR does not prohibit transfers involving self-hosted addresses. Instead, when a CASP is involved, it imposes information and risk-control requirements. For transfers to or from a self-hosted address, the CASP must obtain and hold the information required for originators and beneficiaries and ensure that the transfer can be individually identified. For transfers exceeding €1,000 to or from a self-hosted address, the relevant CASP must take adequate measures to assess whether the address is owned or controlled by its customer.
Beneficiary and intermediary CASPs must maintain effective procedures to detect missing or incomplete transfer information. Where required information is absent, the regulation provides for risk-sensitive responses such as rejecting, returning, suspending, or requesting additional information before crypto-assets are made available or a transfer is transmitted. Missing information must also be considered in suspicious-transaction assessment and possible FIU reporting under the EU AML framework.
The regulation connects travel-rule controls with data-protection and sanctions implementation. Payment service providers and CASPs must have internal policies, procedures, and controls to implement EU and national restrictive measures when performing covered transfers. Personal data processed under the regulation may be used only for AML/CFT purposes, and commercial processing is prohibited. Records of required payer, payee, originator, and beneficiary information generally must be retained for five years, subject to specific national-law conditions.
Member States are responsible for laying down effective, proportionate, and dissuasive administrative sanctions and measures for breaches, while competent authorities must monitor compliance. The EBA is assigned guideline work for both payment-service and crypto-asset-service implementation, including travel-rule measures, self-hosted-address verification, direct debit technical aspects, and risk-based supervision of CASPs.
Regulation (EU) 2023/1113 is part of the EU’s broader crypto regulatory package alongside Regulation (EU) 2023/1114 on markets in crypto-assets. MiCA supplies the CASP authorisation framework, while the TFR addresses traceability of transfers and AML/CFT information flows. The regulation also amends Directive (EU) 2015/849 to bring CASPs into the EU AML/CFT perimeter and to add specific measures for risks linked to self-hosted addresses and correspondent relationships involving crypto-asset services.
As of June 6, 2026, the regulation is operative across EU Member States. Its next statutory milestone is the Commission’s report, due by July 1, 2026 after consulting the EBA, on risks from transfers to or from self-hosted addresses or entities not established in the Union and whether additional measures are needed. A broader Commission report on application and enforcement is due by June 30, 2027 and may be accompanied by a legislative proposal.
This profile is for legal-reference and editorial use only. It does not provide legal, compliance, tax, investment, or trading advice.
Sets information rules for transfers of funds and crypto-assets where an EU PSP or CASP is involved, for AML/CFT traceability.
Requires CASPs to ensure covered crypto transfers carry originator and beneficiary information, submitted securely before or with the transfer.
Requires CASPs to obtain and hold information for transfers to or from self-hosted addresses and assess ownership/control above EUR 1,000.
Requires risk-based procedures to reject, return, suspend, or request information when crypto transfer data is missing or incomplete.
Limits personal-data processing to AML/CFT purposes, prohibits commercial use, and generally requires five-year record retention.
Requires Member States to provide effective, proportionate, and dissuasive sanctions and competent-authority monitoring for breaches.
European Parliament position recorded in the regulation’s legislative-procedure footnote.
Council decision recorded in the regulation’s legislative-procedure footnote.
Regulation signed at Brussels by the European Parliament and Council presidents.
Published in OJ L 150, pages 1–39.
Entered into force on the twentieth day after Official Journal publication.
The regulation applies from Dec. 30, 2024 and is directly applicable in EU Member States.
Council of the European Union, Crypto-asset service providers, European Banking Authority, European Commission, European Parliament
Crypto assets, Electronic money tokens
Verified against EUR-Lex and EBA public materials as of 2026-06-06. This profile is editorial reference material and is not legal advice.
