This week the Committee on Economic and Monetary Affairs (ECON) and the Committee on Civil Liberties (LIBE) of the European Union voted overwhelmingly to instill strong new regulations on cryptocurrency transactions, with no minimum limit, as part of their new anti money laundering package. This is first of its kind regulation in a major economy as it pertains to crypto, or really most transactions considering the lack of minimum amounts and it will have significant implications on people using crypto all over the world, but especially in Europe.
So what are the new regulations? In a nutshell in order to legally send crypto currency in Europe (if this passes into law) you will need to ensure that the party you are sending to has confirmed their identity and record that identity with your transaction. You will also be responsible for ensuring that the counterparty is not on a list of “high-risk entities” that the MEPs want the European Banking Authority to build and maintain.
Europe expects “cryptocurrency providers” to build technological solutions that will enable these regulations to be put into place while allowing users to continue to use cryptocurrency under these conditions. MEPs cite the Panama Papers and Pandora Papers as reason to eliminate secrecy, even though neither leak had anything directly to do with cryptocurrency and I’m fairly sure the European Parliament did not prosecute or punish those actually implicated in those scandals.
This is not finalized yet, and there are still some rough edges that they will need to smooth out and 3rd party organizations that would have to dedicate time and money to putting this into place. But those European Parliament Committees have spoken and their intentions are loud and clear, so it is highly likely that these regulations will be put into place soon, or something like them.
So how will this affect Chia and the people who transact with it? Well, if you are not in Europe and never plan to be in Europe, it probably doesn’t affect you. There is the possibility that they pro-actively identify non-European crypto users and refer them as high-risk to the EBA system, but that seems like a worst case scenario and not one I think we need to worry about yet. But if you are in Europe or regularly doing business in crypto with Europeans or EU companies then you will likely need to have at least part of your portfolio held in fully compliant wallets. Which for the time being means custodial wallets that have undergone a “Know Your Client” (KYC) process. The MEPs specifically call out privately held self-custodied wallets as requiring technological solutions to enable the identification of users they transact with.
For cryptocurrencies like Bitcoin its going to require complex off-chain infrastructure identifying wallets and addresses and people will need to be strict about ensuring that before they send a transaction that they have checked those lists and confirmed that the recipient has their identity known. This is going to be a lot of work, and create a lot of opportunity for middle-man friction. It also begins to eliminate a LOT of the benefit of Bitcoin if you have to check an https API for information in order to make a transaction. Once you have that as a critical part of the transaction process, why even bother with cryptocurrency; just use that same webserver and database. There will likely be a Bitcoin Improvement Proposal (BIP) to attach metadata functionality to transactions to satisfy these regulations if they come to pass, but those are a long and brutal process with no certainty of outcome.
For Ethereum things are probably going to be a little bit easier, but a LOT more expensive for users. There is no reason an Ethereum account cannot be identified to a person with KYC and wallets written that support transaction limitations. You can even attach metadata to transactions or use a smart contract to ensure that you are operating within the bounds of the law and to ensure that you cannot send to a restricted address. These are all possible on a smart chain, they will just require the development work to be done. The problem, as intimated, is the cost. Ethereum Mainnet is already intensely expensive to transact on and adding additional data to every transaction or requiring once simple transactions to move through a smart contract will make them even more expensive. So people will cut corners, as they do when paying insane prices per byte of code, and there will be problems in the news about broken KYC smart contracts and all sorts of exploits, the way we see with DeFi.
So how will this work on Chia? Well, without knowing the exact technical details of what the EU requirements will entail its impossible to know for sure how Chia will solve this problem, but I am fairly certain they will do it with DIDs and a “European transaction” puzzle. I don’t know exactly how Chia’s DID implementation will work, but they have said that they will follow the W3C standard being developed. How this will likely work for Europeans who want to transact with a self-custodied wallet legally will be that they will have to do KYC at an accepted authority, like a bank or the tax department, who will then sign a DID (Distributed IDentifier) to go into the users wallet as a token of some sort. That token will contain a serial number for the organization and the user and someone transacting with that wallet through an authenticated transaction will be able to query the identity provider to get the information they need to satisfy regulatory requirements. No signed DID, no transaction.
This is why certain people in the cryptocurrency and identity governance technology spheres have been so interested in DIDs, because it could be the next evolution of current federated authentication and authorization systems. Instead of having an account with an identity provider you use to prove who you are to other sites, you control the token that proves your identity with the identity provider merely vouching for you cryptographically. This means that the provider can disappear and as long as their public keys remains accessible and trusted by those seeking to identify you it will continue to work.
Now, neither the final regulations nor any Chia DID solutions have been released, so this is all conjecture but I am pretty confident that even if this isn’t the ultimate solution that European Chia users go with, it will look something like the above. Maybe the identity provider will provide an NFT and not sign a DID, depending on their capabilities. Maybe they will come up with something I haven’t even considered. But its looking like we are going to need something because merely getting rid of self-custodied wallets is not an option.
A token or NFT wont work because you can transfer it, essentially selling your identity.
I mean that’s true of any centralized service account, they don’t require constant re-certification