§The era of “KYC-light” is over—navigating the split between institutional and sovereign money.

by Alien Investor
────────────────

We are standing at a fork in the road.

On one side, “Institutional Bitcoin” has established itself: regulated, wrapped in ETFs, managed by large asset managers—and married to KYC/AML logic at every interface. In this world, the Satoshis aren’t “tainted,” but the paths to them are: accounts, withdrawal addresses, timing, counterparties, and data retention.

On the other side stands “Sovereign Bitcoin”: censorship-resistant peer-to-peer money, just as Satoshi Nakamoto designed it.

For a long time, we in Europe could live comfortably in between—thanks to “KYC-light” and pragmatic onramps. But this bridge is visibly crumbling. Anyone who wants to hold Bitcoin with a minimal data footprint in 2026 must adjust their strategy.

────────────────

§The End of “KYC-light” as a Standard

For years, Switzerland served as a functional grey area. Services like Relai or Pocket used simplified processes to enable Bitcoin purchases up to certain limits without a classic ID upload. This created pseudonymity: The coins were linked to a bank transfer (IBAN/Name), but not necessarily to an ID photo and a complete identity file in an app.

This phase is ending. The break is concrete:

Relai: Announced in July 2024 that all previously unverified users must complete verification by October 31, 2024.

**Pocket Bitcoin: **Announced “full verification” in October 2025. Unverified users must complete a one-time full KYC verification by December 8, 2025. Pocket cites regulatory adjustments and international frameworks.

The “comfortable app path” is practically always a data-rich path. Data has one property: It does not diminish just because you decide to become “private” later.

────────────────

§EU Rules: Facts vs. False Timelines

**To clarify: **Several regulatory frameworks run parallel in Europe—and many discussions confuse “decided” with “already in force.”

**Travel Rule (TFR): **Live at the Interfaces The EU has pulled the “Travel Rule” for crypto transfers via service providers into the Transfer of Funds Regulation. In practice: CASPs (Crypto-Asset Service Providers) must perform additional checks for transfers to/from self-custody wallets depending on the case. In many implementations, the ownership/control check above €1,000 is a relevant threshold. These rules have been in effect since December 30, 2024.

AMLR (EU Anti-Money Laundering Regulation): Decided, but not yet applicable The new EU “Single Rulebook” AMLR (Regulation (EU) 2024/1624) is published and in force, but it will only apply from July 10, 2027. Anyone pretending this is fully “live” in 2026 is discussing the wrong time zone.

Cash Caps: A Patchwork An EU-wide cash cap of €10,000 is provided for in the AMLR. Many countries already have national limits today. This is not a uniform “cash ban” starting in 2026, but a national patchwork with an EU-wide bracket starting in 2027.

**Conclusion: **The convenient route via regulated brokers remains legal and easy—but structurally, it is a monitored route.

────────────────

§P2P Marketplaces: Infrastructure without Custodians

When central exchanges (CEX) are fully caught in the KYC/AML net, Peer-to-Peer (P2P) marketplaces become critical infrastructure. They connect buyers and sellers directly—without a central company holding your coins permanently.

**Note: **“P2P” is not a free pass. Identification and reporting obligations may vary depending on jurisdiction, payment method, and platform. Always check local laws and bank T&Cs.

The Landscape (Status 2026):

**Bisq **(The Decentralized Tank): Open-source desktop client. Security via 2-of-2 multisig and security deposits. With “Bisq Easy,” there is a simplified protocol based more on reputation. Downside: Slower, more technical.

**RoboSats **(Fast & Cheap): Typically works over Tor and Lightning. Relies on “Bonds” (deposits) that are lost in case of misconduct. Upside: Very fast, often cheap.

**Peach Bitcoin **(Mobile Middle Ground): Mobile-first with a focus on UX. Trade-off: Mobile environment means more metadata risk (IP, push notifications, app telemetry).

Hodl Hodl (Web): Non-custodial multisig escrow in a web interface. Emphasizes not serving US customers.

────────────────

§Privacy & Security: Staying Clean in a Monitored World

Data trails are not just created when buying—they are created later when you mix things up.

After the crackdown on Samourai/Whirlpool: Risk Realism In April 2024, developers of Samourai Wallet were arrested in the US. This visibly changed the risk landscape around certain privacy services. This does not mean “privacy is banned.” It means:

1. Tools do not equal risk.

2. Jurisdiction, operator structure, centralization, and communication decide the outcome.

3. Anyone using privacy tech should understand what they are doing—and why.

**Wallet Hygiene & Coin Control The most common mistake: **You buy “privacy-sensitively” via P2P and then send everything to the same wallet structure you use for fully identified holdings.

Do not mix UTXOs from different contexts lightly. A single common input can undo your separation.

Use wallets with Coin Control (e.g., Sparrow), label your UTXOs (“P2P Purchase Jan 2026”), and keep flows separate—not as magic, but as clean accounting of your privacy.

The Risk: De-Banking & Compliance Friction The adversary today is often not the police, but the compliance machine: Banks use automated AML/fraud models that evaluate patterns—and sometimes overreact.

**Typical Red Flags: **Frequent payments to changing private individuals, unclear payment references, or patterns that do not fit the profile.

Countermeasures (Legal & Banal):

• Document what you do.

• Use clear, truthful payment references.

• Separate budgets/accounts for organization, not as a “trick.”

• If you use P2P regularly: Clarify beforehand what expectations your bank has.

────────────────

§Conclusion: Sovereignty is Work

The times of “a little privacy on the side” are getting harder because interfaces are more tightly regulated and data paths are stored longer. The market is splitting into the white market (convenient, highly regulated) and the free market (P2P, more friction, more responsibility).

If you want true financial independence, you must learn to operate these tools—and understand the rules of the game. Learn Linux, learn Tor, learn Coin Control. It pays off.

────────────────

Further Research

• Wasabi Wallet: A Research Overview on CoinJoin and Privacy https://primal.net/Alien-Investor/wasabi-wallet-a-research-overview-on-coinjoin-and-privacy

────────────────

Money, power, Bitcoin — and OPSEC. I write about financial sovereignty, privacy, and cybersecurity in a world built on control. More at alien-investor.org 👽 (German Only)