Legichain

EU Financial Regulation Guide: MiCA, AMLD, PSD3, TFR, AMLA

A practical operator's map of EU compliance for crypto-asset, payment and e-money providers — what applies today, what changes by 2027, what to build for now.

Legichain Team 22 min read 26 May 2026

The European Union has rebuilt its financial services compliance architecture over the past three years. On the crypto side, MiCA (Regulation (EU) 2023/1114) and TFR (Regulation (EU) 2023/1113) became applicable in December 2024. In traditional finance, PSD3 + PSR is moving through the legislative process, while the 2024 AML Package — AMLR (2024/1624) and the new AMLD6 (2024/1640) — applies from 10 July 2027. AMLA, the new EU AML Authority, is operational in Frankfurt. This pillar is an operator's map of the moving parts: what applies today, what changes when, and how a payments fintech, e-money institution or crypto-asset service provider should sequence the build to be compliant by 2027.

TL;DR

  • MiCA licenses Crypto-Asset Service Providers (CASPs); ART and EMT provisions apply since 30 June 2024, the rest from 30 December 2024.
  • TFR is the EU crypto Travel Rule; €0 threshold for CASP-to-CASP transfers, €1,000 for self-hosted wallet transfers triggers identity requirements.
  • PSD3 + PSR was proposed in June 2023; as of May 2026 still in trilogue. Likely application 2027-2028. EMD2 will be absorbed into the PSR.
  • AMLR (2024/1624) + AMLD6-new (2024/1640) + AMLAR (2024/1620) form the 2024 AML Package. AMLR and AMLD6-new apply 10 July 2027; AMLA is operational mid-2025, with direct supervision of ~40 high-risk entities starting 2028.
  • AMLD5 (2018/843) and the original AMLD6 (2018/1673) remain in force until the 2024 Package takes over.

The Two Tracks of EU Financial Regulation

Today any financial services provider in the EU faces two parallel regulatory tracks:

  1. Crypto track: MiCA (licensing + conduct) + TFR (Travel Rule data) + AMLD/AMLR (general AML).
  2. Traditional finance track: PSD2/PSD3 (payment services) + EMD2/PSR (e-money) + AMLD/AMLR.

Both tracks fall under AMLA's emerging central supervision umbrella. Below we go through each regulation by scope, in-scope entities, and practical compliance load.

MiCA: Markets in Crypto-Assets Regulation

MiCA, Regulation (EU) 2023/1114, was published on 9 June 2023. Most provisions became applicable on 30 December 2024. Asset-Referenced Token (ART) and E-Money Token (EMT) provisions kicked in earlier, from 30 June 2024.

In scope:

  • Crypto-asset issuers (utility tokens + ART + EMT).
  • CASPs — Crypto-Asset Service Providers: exchanges, custodians, transfer service providers, portfolio managers, advisors.

Core obligations:

  • White paper — prior approval required for ART and EMT; notification for utility tokens.
  • CASP authorisation — through the national competent authority under ESMA and EBA Level 2 RTS/ITS.
  • Capital requirements — €50k to €150k minimum depending on service class.
  • Market abuse rules — insider dealing, manipulation prohibitions.
  • Consumer protection — pre-contractual disclosure, complaint handling.

For a full analytical treatment of MiCA, see our What is MiCA article. For a side-by-side with Turkey's crypto framework, the Turkey crypto VASP regulation (KVHS) article walks through the differences in licensing thresholds and white paper regimes.

TFR: EU Crypto Travel Rule

The Transfer of Funds Regulation — Regulation (EU) 2023/1113 — implements Travel Rule for crypto from 30 December 2024. It is the EU transposition of FATF Recommendation 16 for virtual assets.

Practical rules:

  • CASP-to-CASP transfers: €0 threshold. Every transfer carries originator and beneficiary name, address, account/wallet number, identity data.
  • Self-hosted wallet transfers: above €1,000, the CASP must verify ownership of the self-hosted wallet — beyond user declaration, technical proof (message signing, micro-deposit) is required.
  • High-risk third country CASPs: EU CASPs must perform enhanced due diligence and may restrict transfers.

For implementation detail see our EU TFR Crypto Travel Rule article. The broader FATF Travel Rule context is in our FATF Travel Rule guide.

AMLD5 and AMLD6: The Current AML Frame (Until the 2024 Package Applies)

Two existing directives remain effective until the 2024 AML Package becomes applicable:

  • AMLD5 (Directive (EU) 2018/843) — adopted May 2018, transposed by January 2020. Brought VASPs into AML scope, expanded the PEP definition, mandated beneficial ownership registers.
  • AMLD6 (Directive (EU) 2018/1673) — adopted November 2018. Harmonised the list of predicate offences, clarified corporate criminal liability, raised the minimum maximum sentence to 4 years.

For the difference between these and the new AMLD6 (Directive (EU) 2024/1640 in the AML Package), see our AMLD5 vs AMLD6 article. For a TR comparison, the MASAK compliance guide is the reference point.

The 2024 AML Package: AMLR + AMLD6-new + AMLAR

Published in the EU Official Journal on 10 July 2024, the AML Package has three parts:

  1. AMLR — Regulation (EU) 2024/1624. Directly applicable single rulebook. Customer due diligence (CDD), beneficial ownership, reporting obligations. Applies 10 July 2027.
  2. AMLD6-new — Directive (EU) 2024/1640. Member States transpose. FIU powers, supervision, penalty regime. Transposition deadline 10 July 2027.
  3. AMLAR — Regulation (EU) 2024/1620. Establishes AMLA. Operational mid-2025; direct supervision of selected entities from 2028.

Scope expansion: AMLR brought CASPs, crowdfunding platforms and dealers in high-value goods (luxury vehicles, art, jewellery above €10,000) into scope. For traditional finance, the cash CDD threshold drops to €10,000.

PSD2 → PSD3 + PSR Transition

PSD2 (Directive (EU) 2015/2366) is still in force today. The European Commission proposed PSD3 + PSR on 28 June 2023:

  • PSD3 (Directive) — Member State transposition required; payment institution licensing, competent authority cooperation.
  • PSR (Regulation) — directly applicable; Strong Customer Authentication (SCA), open banking access, user protection, integration of EMD2 provisions (EMI becomes a payment institution issuing e-money).

As of May 2026 the proposal is still in trilogue between the European Parliament and Council. Adoption likely 2026-2027; application 2-3 years later. For a deeper transition analysis, see our PSD2 to PSD3 transition article.

EMD2: The E-Money Directive

EMD2 — Directive 2009/110/EC — remains the foundational regulation for EMIs:

  • Minimum capital: €350,000.
  • Safeguarding: 100% of outstanding e-money must be held in segregated accounts or qualifying covered bonds (Article 7).
  • Passporting: single licence operation across the EU.

Under the PSR proposal, EMD2 will be repealed and its substance absorbed into the PSR. Until then EMD2 binds. For deeper coverage see our EMD2 E-Money Directive Explained article.

AMLA: The New EU AML Authority

The Anti-Money Laundering Authority (AMLA) is headquartered in Frankfurt (selected February 2024). After becoming operational mid-2025 it has three core roles:

  1. Direct supervision: ~40 highest-risk EU obliged entities (large banks, major CASPs) supervised directly — starting 2028.
  2. Coordination: between national FIUs and supervisory authorities.
  3. Standard-setting: developing technical regulatory and implementing standards.

For more on AMLA see our What is AMLA article.

TR, EU and UK Side-by-Side

Topic Turkey EU UK
Crypto licensing KVHS Regulation (2025) MiCA FCA crypto registration (MLR 2017)
Crypto Travel Rule MASAK framework (TRY/USD 1,000 threshold) TFR (€0 CASP-CASP, €1,000 self-hosted) MLR 2017 + JMLSG (£1,000 threshold)
AML framework Law No. 5549 + MASAK communiqués AMLD5/6 → AMLR (2027) MLR 2017
E-money BDDK Law No. 6493 EMD2 → PSR (2027-2028) UK EMRs 2011
Central supervisor MASAK AMLA (2028 direct supervision) FCA

For deep dives by jurisdiction see our Turkey AML/KYC compliance guide and UK financial regulation guide.

Sequencing the Build for EU Market Entry

For a non-EU fintech or crypto exchange entering the EU, practical sequencing:

  1. Pick a host Member State. Licensing is done in one host state and passported across the EU. First-choice CASP jurisdictions: Lithuania, Malta, Ireland, Netherlands, Germany.
  2. Classify: CASP (MiCA), EMI (EMD2/PSR), PSP (PSD2/PSD3), or a combination?
  3. Capital + safeguarding plan. Minimum capital for licensing + ongoing safeguarding mechanics.
  4. AML/KYC layer. Process compliant with AMLD5 + TFR + (for crypto) MiCA + (from 2027) AMLR. This is Legichain's primary integration area.
  5. Travel Rule integration. If you are a CASP: TFR, the IVMS 101 standard, network membership for the sunrise problem (TRP, Sygna, TRISA).
  6. AMLA readiness. If you are in a high-risk category, plan for potential inclusion on the 2028 AMLA direct-supervision list.

Frequently Asked Questions

Is MiCA applied uniformly across all EU Member States?

As a Regulation it is directly applicable without Member State transposition. National competent authorities (BaFin, AMF, CBI, MFSA, etc.) however differ in application processes, documentation expectations and supervisory intensity. The "MiCA passport" is therefore obtained through a single host state.

Is the TFR €1,000 threshold in EUR or in crypto terms?

For self-hosted wallet transfers the €1,000 threshold is calculated on fiat equivalent at the time of transfer. The CASP must compute this from the crypto-to-fiat rate at transfer time and apply additional verification above the threshold. CASP-to-CASP transfers carry no threshold (€0).

When does PSD3 actually apply?

As of May 2026 the PSD3 + PSR proposal is still in trilogue between the European Parliament, Council and Commission. Adoption is expected late 2026 - 2027. Application typically follows 18-36 months after publication. EMD2 will be repealed in parallel and its substance carried into the PSR.

Who does AMLA work with when it becomes operational in 2025?

AMLA is set up mid-2025 and begins coordination and standard-setting activities. Direct supervision begins in 2028 with ~40 highest-risk entities. The list of supervised entities is expected in 2027. Other obliged entities remain supervised by national competent authorities, though AMLA's coordination function raises the floor on supervisory practice.

Does the 2024 AML Package have direct impact on non-EU fintechs?

Not directly — the Package binds EU Member States and obliged entities operating in the EU. However a non-EU fintech serving EU customers will see its EU-side counterparties (banks, CASPs, EMIs) demand tighter documentation due to AMLR and TFR. For a non-EU player licensed in the EU, the full Package applies.

How Legichain Helps with EU Compliance

Legichain's API layer is built to satisfy MiCA + TFR + AMLR + PSD2/PSD3 obligations through a single integration. The Legichain AML screening API covers AMLD5/6 and the forthcoming AMLR requirements for PEP, sanctions and adverse media — including EU consolidated lists and OFAC. The Travel Rule module provides IVMS 101 messaging compliant with TFR, with TRP, Sygna and TRISA network integrations that pragmatically solve the sunrise problem. Our crypto exchange solution covers the AML/KYC infrastructure required for a MiCA CASP application end-to-end; our e-money solution supports EMI safeguarding reporting and customer due diligence under EMD2/PSR.

Next Steps

Legichain Team· Compliance editorial

Written by Legichain's compliance editorial team — regulated-financial-services veterans who built and integrated AML platforms for banks and crypto exchanges across EMEA.

Related reading

You may also like

eu-regulation

EU's TFR (Transfer of Funds Regulation) for Crypto

The EU Travel Rule, Regulation (EU) 2023/1113, has been applicable since 30 December 2024. €0 threshold for CASP-to-CASP transfers, identity verification above €1,000 for self-hosted wallet transfers. This article walks through TFR practical rules, the IVMS 101 message format, sunrise problem solutions and how TFR compares to MASAK in Turkey and MLR 2017 in the UK.

Read article
eu-regulation

PSD2 to PSD3 Transition: What Changes for Payment Institutions

On 28 June 2023 the European Commission proposed PSD3 + PSR: a directive that updates and replaces PSD2 and a directly applicable regulation. The package integrates EMD2, mandates IBAN-name matching against authorised push payment fraud, extends open banking to open finance, and refines SCA. As of May 2026 it is in trilogue. What should a PSP or EMI start preparing for now?

Read article
eu-regulation

What Is MiCA? A Practical Roadmap for Crypto Providers

MiCA (Regulation (EU) 2023/1114) brought EU crypto activity under a single licensing umbrella. Largely applicable since 30 December 2024, it sets out CASP authorisation, a white paper regime, capital requirements and market abuse rules. This article reads MiCA from an operator's perspective and compares it side-by-side with Turkey's KVHS framework.

Read article

Be screen-ready in an afternoon.

Spin up a free workspace, paste your first API key into a curl, ship a verified onboarding flow before your next stand-up.

Start freeBook 30 min with sales