Crypto Payment Regulations 2026: What Merchants Need to Know
2026 crypto payment regulations for merchants. MiCA in the EU, US state-by-state rules, Travel Rule, KYC/AML obligations, and which gateways handle compliance for you.
Key Takeaways
- MiCA is now fully in effect across the EU — crypto payment service providers need authorization, and stablecoin issuers must hold reserves
- In the US, crypto payment regulation remains state-by-state. Wyoming and Texas are most permissive; New York's BitLicense is the strictest
- The Travel Rule requires identifying information for crypto transfers above thresholds — this affects custodial gateways, not non-custodial
- Merchants do not typically need their own license to ACCEPT crypto payments — the gateway handles regulatory compliance for you
Crypto regulation has evolved dramatically since the early days of "move fast and break things." In 2026, we have real frameworks — MiCA in Europe, evolving state laws in the US, and global standards like the Travel Rule. For merchants, this is mostly good news: clearer rules mean more partners, more banking access, and more customer trust.
But it also means you need to understand what is required of you. This guide cuts through the noise and tells you exactly what a merchant accepting crypto payments needs to know about compliance — no more, no less.
What Merchants Actually Need to Worry About
Here is the good news: if you are a merchant accepting crypto payments (not issuing tokens, not running an exchange), your regulatory burden is relatively light. In most jurisdictions:
- You do not need a crypto-specific license to accept crypto as payment for goods and services. Your payment gateway holds the necessary licenses
- You DO need to report income from crypto payments for tax purposes — just like any other revenue
- You DO need to track the fair market value of crypto at the time of receipt for accounting purposes
- You may need to comply with sanctions — do not accept payments from sanctioned countries or individuals
The heavy compliance work — KYC verification, AML screening, transaction monitoring — falls on the payment gateway, not on you. This is why choosing a compliant gateway matters.
MiCA: EU Crypto Regulation Explained
The Markets in Crypto-Assets (MiCA) regulation is the most comprehensive crypto regulatory framework in the world. Fully in effect since December 2024, it covers all 27 EU member states plus the EEA.
What MiCA means for merchants:
- Use authorized providers: If you are an EU-based merchant, use a crypto payment gateway that has MiCA authorization or is grandfathered under transitional provisions. BitPay, CoinGate, and CoinsPaid are among the gateways with EU compliance
- Stablecoin clarity: MiCA requires stablecoin issuers to maintain reserves. USDC (Circle) has obtained MiCA authorization. USDT (Tether) faces stricter scrutiny — check which stablecoins your gateway supports within the EU framework
- Passporting: A gateway authorized in one EU country can serve merchants across all member states. This simplifies cross-border commerce within Europe
- Consumer protection: MiCA mandates clear risk disclosures and fair practices. As a merchant, this means your payment experience must be transparent about what customers are paying in and any conversion fees
What MiCA does NOT require of merchants:
- You do not need your own MiCA license to accept crypto payments
- You do not need to perform KYC on your customers (your gateway does this if required)
- You do not need to register as a Virtual Asset Service Provider (VASP) unless you are providing crypto services beyond accepting payments
US Crypto Payment Regulation (State-by-State)
The US does not have a single federal crypto payment framework. Instead, regulation varies by state. Here is the landscape:
Federal level: The IRS treats crypto as property for tax purposes. If you accept Bitcoin as payment for a $100 product, you report $100 in revenue. If you later sell that Bitcoin at a higher price, you also owe capital gains tax on the appreciation. FinCEN applies anti-money laundering rules to crypto businesses, but accepting crypto as a merchant (not as a service provider) generally does not make you a money services business.
The Travel Rule: What It Means for Payments
The Travel Rule (FATF Recommendation 16) requires financial institutions — including crypto service providers — to share sender and receiver information for transactions above certain thresholds. In practice:
- Threshold: Typically $1,000-3,000 depending on jurisdiction (US: $3,000, EU: EUR 1,000 under MiCA)
- Applies to: Custodial gateways and exchanges — entities that transmit funds on behalf of users
- Does NOT apply to: Non-custodial/self-hosted wallets or peer-to-peer transactions (in most jurisdictions)
- What gets shared: Sender name, account number, and address. Receiver name and account number
For merchants: If you use a custodial gateway like BitPay or CoinGate, the Travel Rule compliance is handled by the gateway. You may need to provide your business information during KYC, but the per-transaction data sharing happens between the gateway and the customer's wallet provider. If you use a non-custodial gateway, the Travel Rule generally does not apply because no intermediary is transmitting funds.
KYC/AML Obligations for Merchants
Know Your Customer (KYC) and Anti-Money Laundering (AML) are the two compliance pillars:
KYC for merchants:
- You are the customer of the gateway — the gateway performs KYC on you, not the other way around
- Gateways requiring KYC will ask for business registration documents, ID of business owners, proof of address, and sometimes website verification
- KYC gateways: BitPay, CoinGate, CoinsPaid
- No-KYC gateways: BTCPay Server, Coinremitter, ATLOS, PayGate.to, Paymento
AML for merchants:
- You generally do not need your own AML program for accepting crypto payments
- Your gateway handles transaction screening, sanctions checks, and suspicious activity reporting
- However, if you operate in a high-risk industry (gambling, adult content, etc.), you may face enhanced due diligence from your gateway
Which Gateways Handle Compliance for You
No-KYC Gateways: What Is Still Legal
Using a no-KYC crypto payment gateway is legal in most jurisdictions. The gateway's choice not to perform KYC on merchants is the gateway's regulatory decision — it does not make you as a merchant non-compliant. However, there are nuances:
- You still owe taxes on income received through no-KYC gateways. Tax obligations exist regardless of whether your gateway verified your identity
- No-KYC gateways cannot offer fiat settlement — converting crypto to USD/EUR requires KYC under money transmission laws in most countries
- Some industries require KYC gateways — if you are in a regulated industry, your compliance team may require you to use a fully licensed gateway
- Non-custodial no-KYC gateways like BTCPay Server are the most regulation-resistant because no third party touches your funds
For a full list, see our no-KYC crypto payment gateways guide.
Stay Compliant, Stay Open
Choose a gateway that matches your compliance needs — from full KYC to zero verification.
Compare Gateways by Compliance →Frequently Asked Questions
Do I need a license to accept crypto payments for my business?
In most countries, no. Accepting crypto as payment for goods or services does not require a specific license. The regulatory burden falls on the payment gateway or exchange, not on merchants. You do need to report crypto income for tax purposes.
What is MiCA and does it affect me?
MiCA (Markets in Crypto-Assets) is the EU's comprehensive crypto regulation framework. If you are an EU merchant, it means your crypto payment gateway must be MiCA-authorized. As a merchant, you do not need your own MiCA license — just use an authorized gateway.
Can I get in trouble for using a no-KYC crypto gateway?
Using a no-KYC gateway is legal in most jurisdictions. However, you must still report income, pay taxes, and comply with sanctions. The gateway's lack of KYC does not exempt you from your own legal obligations. If you operate in a regulated industry, consult a lawyer about gateway requirements.
What is the Travel Rule and does it apply to me?
The Travel Rule requires crypto service providers to share sender/receiver information for transactions above certain thresholds. It applies to custodial gateways, not to merchants directly. Your gateway handles Travel Rule compliance for you.
How do I handle taxes on crypto payments?
Record the fair market value (in your local currency) of each crypto payment at the time you receive it. This is your revenue for tax purposes. If you later sell the crypto at a different price, the difference is a capital gain or loss. Use accounting software that supports crypto or work with a crypto-savvy accountant.
Are there countries where accepting crypto payments is illegal?
Yes. China, Algeria, Bangladesh, Nepal, and a few other countries have banned or severely restricted crypto transactions. In most of the world — including the US, EU, UK, Canada, Australia, Japan, and most of Latin America and Africa — accepting crypto payments is legal.
What happens if my gateway loses its license?
If you use a custodial gateway that loses its regulatory authorization, they may be forced to cease operations. Your funds held by the gateway could be frozen during wind-down proceedings. This is another argument for non-custodial gateways — if the gateway loses its license, your funds are already in your wallet.
Do I need to perform KYC on my own customers?
Generally no, unless your business is itself a regulated entity (financial services, gambling, etc.). For standard e-commerce and services, your payment gateway handles customer-facing compliance. You just need to meet your own tax reporting and sanctions obligations.