EU Travel Rule TFR Implementation by Member State 2026

TFR implementation reality — uniform on paper, varied in practice

EU Travel Rule under Regulation (EU) 2023/1113 (TFR) went operational 30 December 2024 alongside MiCA. As an EU Regulation, TFR is directly applicable across all member states without national transposition. The substantive obligations are uniform.

Operational reality through 2025-2026 reveals real variation in member-state implementation. NCA supervisory engagement intensity differs. Operational expectations differ. Guidance specificity on ambiguous interpretation questions differs. Operators serving multiple EU member states face materially different operational reality in each major market.

This article surveys TFR implementation across major EU member states, identifying the patterns operators should plan for in cross-border operations.

The TFR framework baseline

Before surveying member-state variations, the TFR framework baseline:

Originator and beneficiary information required on all crypto-asset transfers between CASPs regardless of value:

• Originator: name, account number (or wallet address), address (or other identifier)
• Beneficiary: name, account number (or wallet address)

No de minimis exemption — unlike traditional Travel Rule for fiat transfers, EU TFR has no value threshold below which information requirements waive. All transfers in scope.

Self-hosted wallet enhanced obligations — transfers above EUR 1,000 to/from self-hosted wallets require enhanced due diligence:

• Verification of beneficial owner of self-hosted wallet
• Transaction-graph analysis on wallet provenance
• Risk-assessment framework
• Documentation of enhanced due diligence

Record-keeping integration — TFR records integrated with MiCA Article 68 record-keeping infrastructure with five-year retention.

Cross-CASP information exchange — infrastructure for information exchange between CASPs. Industry-standard protocols (TRISA, OpenVASP, Notabene, Sumsub Travel Rule) handle the technical layer.

Germany — BaFin substantive engagement

Supervision profile. BaFin’s TFR supervision is among the most substantive in the EU, consistent with BaFin’s broader AML supervisory tradition.

Specific engagement patterns:

• Detailed guidance issued early 2025 on TFR operational implementation
• Active supervisory engagement on self-hosted wallet enhanced due diligence — BaFin tests operator infrastructure adequacy
• Enforcement engagement on inadequate TFR record-keeping — multiple operators have faced supervisory action on infrastructure gaps
• Tight integration with FIU Germany (Zentralstelle für Finanztransaktionsuntersuchungen)

Operational implications for operators serving Germany:

• Infrastructure investment beyond minimum TFR baseline
• Documentation infrastructure adequate for BaFin substantive review
• Self-hosted wallet enhanced due diligence with transaction-graph analytics
• German-language documentation for formal supervisory matters

France — ACPR / AMF coordinated supervision

Supervision profile. Coordinated supervision between ACPR (banking supervisor with AML role) and AMF (markets supervisor with crypto-asset role). The dual structure produces methodical supervisory engagement.

Specific engagement patterns:

• Guidance issued mid-2025 on TFR operational expectations
• Engagement on cross-border CASP coordination
• Enforcement on inadequate self-hosted wallet enhanced due diligence
• Integration with TRACFIN (FIU France)

Operational implications for operators serving France:

• French-language documentation infrastructure
• Coordination across ACPR / AMF dual supervisory engagement
• Self-hosted wallet enhanced due diligence with French-language analytical documentation
• TRACFIN reporting infrastructure

Netherlands — AFM / DNB engagement

Supervision profile. Coordinated supervision between AFM (markets) and DNB (banking and AML). Active supervisory engagement on operational implementation.

Specific engagement patterns:

• Guidance issued through 2025 on TFR operational expectations
• Engagement on cross-border passport implications
• Enforcement on operators with substantial Dutch customer base running inadequate TFR infrastructure
• Integration with FIU Netherlands

Operational implications for operators serving Netherlands:

• Dutch-language documentation for substantial customer base
• Coordination across AFM / DNB dual supervisory engagement
• Cross-border passport infrastructure addressing Dutch customer servicing
• FIU Netherlands reporting infrastructure

Ireland — CBI substantive engagement

Supervision profile. CBI supervisory engagement consistent with CBI’s broader AML supervisory tradition — methodical, technical, banking-grade expectations.

Specific engagement patterns:

• Guidance issued 2025 on TFR operational implementation
• Engagement on cross-border passport implications for Irish-domiciled operators serving EU-wide customer base
• Enforcement on inadequate infrastructure
• Integration with FIU Ireland (within An Garda Síochána)

Operational implications for operators with Irish CASP authorisation:

• Infrastructure adequate for CBI substantive home-state supervisory engagement
• Cross-border passport infrastructure for multi-jurisdictional operations
• English-language documentation infrastructure (the working language)
• FIU Ireland reporting infrastructure

Luxembourg — CSSF measured engagement

Supervision profile. CSSF supervisory engagement consistent with Luxembourg financial-services supervisory tradition — substantive but procedurally efficient.

Specific engagement patterns:

• Guidance issued late 2024 / early 2025
• Engagement on operator infrastructure adequacy
• Enforcement on operators with substantial Luxembourg customer base
• Integration with FIU Luxembourg (CRF)

Operational implications for operators with Luxembourg CASP authorisation:

• Multi-language documentation (French, German, English standard for Luxembourg financial services)
• Cross-border passport infrastructure
• Integration with CRF reporting framework

Estonia / Lithuania — calibrated for export-CASP scale

Supervision profile. Active but proportionate supervisory engagement reflecting concentration of crypto-asset operators in these jurisdictions, where most operators serve cross-border customer base rather than domestic.

Specific engagement patterns:

• Guidance issued through 2025 on operational expectations
• Engagement particularly on operators serving substantial cross-border customer base
• Enforcement on infrastructure inadequacy
• Integration with Baltic FIU frameworks (Estonia FIU, FNTT Lithuania)

Operational implications for Baltic-authorised operators:

• Infrastructure for active supervisory engagement
• Cross-border passport infrastructure essential — typical Baltic operator business model is export-focused
• English-language documentation (typical operating language for Baltic-domiciled international operators)
• Integration with Baltic FIU frameworks

Spain — TFR plus marketing-restriction overlay

Supervision profile. Banco de España and CNMV supervisory engagement. Overlay with Spanish marketing-restriction framework (Royal Decree 824/2024 on crypto-asset marketing restrictions) creates additional complexity for operators serving Spanish customers.

Specific engagement patterns:

• Guidance issued mid-2025
• Engagement on cross-border CASP servicing Spanish customer base
• Enforcement engagement on marketing-related TFR matters
• Integration with SEPBLAC (FIU Spain)

Operational implications for operators serving Spain:

• Spanish-language documentation
• Coordination with Spanish marketing-restriction framework
• Spanish-language customer-facing materials
• SEPBLAC reporting infrastructure

Italy — Banca d’Italia / CONSOB coordination

Supervision profile. Coordinated supervision between Banca d’Italia (AML role) and CONSOB (markets supervision). Methodical supervisory engagement reflecting Italian supervisory tradition.

Specific engagement patterns:

• Guidance issued through 2025
• Engagement on cross-border CASP servicing Italian customer base
• Enforcement on infrastructure inadequacy
• Integration with UIF (FIU Italy)

Operational implications for operators serving Italy:

• Italian-language documentation
• Coordination across Banca d’Italia / CONSOB dual supervisory engagement
• Italian-language customer-facing materials
• UIF reporting infrastructure

What this variation means for operators

For operators with cross-border passport operations, member-state variation in TFR implementation produces specific operational implications:

Infrastructure investment varies by market — substantive infrastructure for German market exceeds infrastructure adequate for smaller member states. Plan investment proportionate to customer base in each market.

Language requirements vary by market — local-language documentation essential for substantial customer base in major markets (Germany, France, Italy, Spain). Plan local-language infrastructure accordingly.

Supervisory engagement varies by market — engagement intensity differs across member states. Plan engagement infrastructure for the most active markets.

Enforcement risk varies by market — based on supervisory engagement intensity. Active-supervision markets warrant more conservative infrastructure investment.

AMLA harmonisation from 2027 — centralised AML supervision under AMLA from 2027 will substantively unify enforcement approach. Operators investing in robust infrastructure now position well for the harmonised regime.

Industry-protocol coverage

Cross-CASP TFR information exchange runs through industry-standard protocols. Operators need coverage across the major protocols since counterparty CASPs use different solutions:

TRISA (Travel Rule Information Sharing Alliance) — open-source protocol with substantial adoption, particularly among US and European exchanges. Public key infrastructure for CASP verification.

OpenVASP — Swiss-origin protocol with European adoption, particularly among institutional CASPs.

Notabene — commercial Travel Rule platform with broad CASP coverage. Strong UI for operations teams.

Sumsub Travel Rule — bundled with broader AML/KYC infrastructure. Common choice for operators already using Sumsub for KYC.

Other regional protocols — Veriscope (Shyft Network), 21 Travel Rule Protocol, various exchange-specific protocols.

Most substantive operators implement coverage across 2-3 protocols to ensure counterparty CASP coverage. Cross-protocol gaps create TFR-information-transmission failures that trigger supervisory engagement.

Operational recommendations

For operators planning TFR operational infrastructure:

Tiered investment by market — substantive infrastructure for substantive markets (Germany, France, Italy, Spain, Netherlands), proportionate infrastructure for smaller markets.

Local-language infrastructure for major markets — German, French, Italian, Spanish language coverage for substantial customer bases.

Cross-protocol coordination — implement coverage across 2-3 major industry Travel Rule protocols.

Self-hosted wallet enhanced due diligence infrastructure — transaction-graph analytics (Chainalysis, Elliptic, TRM Labs) integrated with operator AML workflow.

Integration with FIU frameworks across passport markets — substantive reporting infrastructure across markets where operator has meaningful customer base.

Monitoring AMLA implementation through 2027 — preparation for harmonised supervisory regime from AMLA operational start.

Operators investing in substantive TFR infrastructure now are well-positioned for both current member-state variation and the AMLA harmonised future regime from 2027.