MiCA Travel Rule: What CASPs Must Have by July 2026
The MiCA Travel Rule demands verified identity data on every crypto transfer. Most CASPs are still unprepared for the July 2026 deadline.
On July 1, 2026 — six weeks from today — the MiCA transitional window closes for good. Any crypto-asset service provider (CASP) that has not obtained MiCA authorization must cease operating in the EU. There are no extensions. But there is a second compliance obligation hiding inside the first one that many compliance teams are still underestimating: the Travel Rule.
The Travel Rule has been technically in force since December 2024. Yet a significant number of CASPs have not operationalized it. The technical integration is harder than it looks. The industry has no single messaging standard. And regulators — particularly in France, Germany, and the Netherlands — have made clear they are done waiting.
This article breaks down exactly what the Travel Rule requires, where most CASPs are failing, and what it will take to close the gap before July 1.
What the MiCA Travel Rule Actually Requires
The Travel Rule in the EU context is implemented through Regulation (EU) 2023/1113, the recast Transfer of Funds Regulation (TFR). Under this regulation, CASPs must collect, verify, and transmit originator and beneficiary information alongside every single crypto-asset transfer.
The data that must travel with every transaction
For any crypto-asset transfer, the sending CASP must transmit to the receiving CASP:
| Field | Required |
|---|---|
| Originator full name | Yes |
| Originator account number (wallet address) | Yes |
| Originator address, date of birth, or national ID | Yes |
| Beneficiary full name | Yes |
| Beneficiary account number (wallet address) | Yes |
There is no minimum threshold in the EU. The FATF standard applies only to transfers above USD 1,000. The EU TFR applies from the first euro. This is materially stricter than the global baseline, and it is the provision most often misunderstood by compliance teams that designed their systems around FATF thresholds.
The self-hosted wallet problem
The Travel Rule creates particular friction when transfers involve self-hosted wallets — private wallets like Ledger or Trezor that are not managed by a regulated entity. When a customer wishes to withdraw more than €1,000 to a self-hosted wallet, the CASP must verify that the customer actually owns or controls that wallet.
In practice, this means either requesting a signed message from the private key (cryptographic proof of ownership) or accepting an on-chain micro-transaction from the wallet in question. Both approaches require technical infrastructure that many CASPs have not built. Both create friction that users resist.
Partial compliance — collecting data for hosted wallet transfers but skipping self-hosted wallet verification — is not compliance. Regulators treat the two identically.
For a broader view of how MiCA has reshaped KYC obligations across the crypto sector, our State of KYC in Crypto 2026 report covers the full landscape of what changed since December 2024.
Why Technical Integration Has Been So Difficult
The core challenge is not regulatory intent — it is infrastructure. The Travel Rule requires CASPs to pass structured data between institutions, but there is no mandated interoperability standard across the EU.
Several messaging protocols exist: TRISA, OpenVASP, Sygna, and others. Each has different adoption rates across different jurisdictions. If the sending CASP uses TRISA and the receiving CASP uses Sygna — or has no protocol at all — the transfer either cannot happen compliantly, or it happens non-compliantly by default.
The sunrise problem
This situation is sometimes called the "sunrise problem": the Travel Rule obligation applies even when the receiving institution isn't ready to receive the data. The sending CASP is trying to comply; the receiving CASP has no Travel Rule infrastructure. Under the regulation, the sending CASP may refuse the transfer — but that creates its own compliance and commercial risk.
AMLA has indicated it expects sending CASPs to document their attempts to transmit data and to maintain records of receiving-side failures. "We tried and they could not receive" is a defensible position. "We didn't try" is not.
The KYC data quality problem
Beyond messaging, there is a deeper data quality problem. Travel Rule compliance requires that the KYC data on file for the originator is complete, verified, and transmissible. If a customer enrolled under a system with minimal identity verification — a scan here, a selfie there — the Travel Rule exposes that gap immediately.
This is why the Travel Rule is not just a data transmission challenge. It is a KYC quality problem. CASPs that onboarded customers with lightweight verification in earlier years now face a retroactive compliance liability: they cannot transmit verified data they never collected.
What Regulators Are Already Doing
The Anti-Money Laundering Authority (AMLA) became operational in July 2025 and has since set clear expectations for CASPs across member states. For an analysis of AMLA's full regulatory mandate, see our article on AMLA and EU crypto KYC compliance.
National regulators have not waited for AMLA to take the lead:
- France (AMF): Travel Rule enforcement has been active since Q1 2026. CASPs that cannot demonstrate compliant data transmission during licensing reviews are being denied authorization.
- Germany (BaFin): Issued specific guidance in March 2026 requiring CASPs to document their Travel Rule solution — not just assert compliance, but show the technical architecture, tested against real transfer flows.
- Netherlands (DNB): Has issued administrative fines to exchanges for systematic Travel Rule non-compliance on cross-border transfers to non-EU counterparties.
The enforcement is active. The fines are real. And for CASPs that assumed regulatory tolerance would persist past July 1, the risk calculus has fundamentally changed.
The Compliance Gap in Numbers
Based on industry data available through Q1 2026:
- Approximately 35% of EU-registered CASPs have not fully operationalized Travel Rule data transmission for outbound transfers
- Self-hosted wallet verification is absent from roughly 60% of CASP withdrawal flows that include crypto withdrawal capabilities
- Automated name matching — verifying that beneficiary names correspond to KYC records at the receiving institution — is implemented at only 40% of CASPs
These are not marginal gaps. They represent a large portion of the industry still operating in a pre-compliance posture more than 18 months after the regulation took full effect.
How Automated KYC Closes the Gap
The firms that have reached Travel Rule compliance on schedule share a common characteristic: they built or adopted identity infrastructure that treats KYC data as structured, transmissible records rather than static documents.
This means three things in practice:
Complete verified identity at onboarding. If originator data is fully verified when the customer onboards, it is ready to travel with every subsequent transaction. If it was collected loosely, it is not. There is no shortcut through this step.
Ongoing identity monitoring. Travel Rule compliance is not a one-time event. Customer data expires. Documents lapse. Risk profiles change. Monitoring systems must flag when transmitted data becomes stale before a transaction triggers the obligation.
Self-hosted wallet verification built into withdrawal flows. This cannot be a manual exception. When a customer initiates a withdrawal to a self-hosted wallet above €1,000, the verification step should trigger automatically within the transaction workflow.
This is where agentic identity infrastructure — systems that autonomously monitor, verify, and maintain customer identity records across their full lifecycle — shifts from a competitive advantage to a compliance requirement. Our article on agentic KYC and AI agents for compliance explains how these systems operate in practice.
Joinble's AI Agents are built around this model: continuous identity verification that maintains compliance posture across the entire customer lifecycle, not just at the point of onboarding. When a transfer is initiated, the identity data is already verified, current, and structured for transmission.
What Happens After July 1
If a CASP is not Travel Rule compliant on July 1, 2026, the consequences are not theoretical:
| Scenario | Consequence |
|---|---|
| Unlicensed CASP, transitional period expired | Must cease EU operations immediately |
| Licensed CASP, Travel Rule non-compliant | Subject to administrative enforcement |
| Licensed CASP, incomplete self-hosted wallet verification | Targeted enforcement for those transactions |
| CASP transmitting unverified originator data | Sanctions, potential license review |
Fines under the AMLR can reach €5,000,000 or 12.5% of annual turnover, whichever is higher. For a CASP generating €40 million in annual revenue, that is a maximum fine of €5 million per enforcement action.
The compliance cost of doing it correctly is a fraction of that. Firms that invest now pay once. Firms that wait pay twice — once for emergency remediation and once for the penalties that accumulate while they scramble.
For CASPs operating in the real-world asset tokenization space, the stakes are compounded. Travel Rule obligations stack on top of existing securities regulation, and identity verification is already load-bearing infrastructure for RWA compliance. Our analysis of KYC in asset tokenization covers those layered obligations in detail.
FAQ
Does the Travel Rule apply to transfers between two wallets at the same CASP? No. The Travel Rule applies to transfers between different regulated CASPs. Internal transfers within the same institution are not subject to the originator and beneficiary data transmission requirement.
What is the minimum threshold for Travel Rule compliance in the EU? There is no minimum threshold. Regulation (EU) 2023/1113 applies to all crypto-asset transfers regardless of amount, from the first euro. This is stricter than the FATF threshold of €1,000, which does not apply in the EU context.
What happens if the receiving CASP has no Travel Rule infrastructure? The sending CASP faces a regulatory dilemma. It can either refuse the transfer (compliant but commercially damaging) or proceed without transmitting the required data (non-compliant). AMLA guidance suggests that sending CASPs should document their attempts to transmit and retain records of receiving-side failures as evidence of good-faith compliance effort.
Does the Travel Rule apply to transfers to self-hosted wallets? Yes. For transfers exceeding €1,000 to or from a self-hosted wallet, the CASP must verify that the wallet is owned or controlled by the customer. For transfers below €1,000 to self-hosted wallets, standard record-keeping requirements apply.
What messaging protocol should CASPs use for Travel Rule data transmission? The EU regulation does not mandate a specific protocol. CASPs can use TRISA, OpenVASP, Sygna, or any interoperable solution. The key requirement is that verified originator and beneficiary data is transmitted securely to the counterparty institution before or simultaneously with the transfer.
Can CASPs get an extension on Travel Rule compliance past July 1? No. The July 1, 2026 date marks the close of the MiCA transitional period. Several member states including France, Germany, and the Netherlands closed their transitional windows early. No extension mechanism exists under the current regulatory framework.
Related Articles
Know Your Human: KYC's Agentic Payment Gap
The IMF warns AI agents making payments expose critical KYC gaps. Discover why 'Know Your Human' is now the compliance imperative for agentic commerce.
EU AI Act August 2026: What It Means for Your KYC Stack
The EU AI Act's August 2 deadline activates high-risk AI rules. Here is what the biometric verification exemption really means for your KYC compliance stack.
AMLA's CDD Standards: What Identity Systems Must Deliver
AMLA's consultation on CDD technical standards closed May 8. Final rules go to the EU Commission by July 10. Here's what KYC systems must deliver.