EU Regulations

DORA, MiCA & Travel Rule are the key crypto EU regulations shaping the also the ATM landscape across the European Union (EU).

While these regulations are set at the EU level, their implementation and enforcement may vary slightly across individual EU Member States. Some countries may introduce stricter requirements or shorter compliance deadlines for businesses operating within their jurisdiction. It is therefore essential for BATM operators to monitor both EU-wide rules and their local national transpositions.

MiCA (Markets in Crypto-Assets)

A comprehensive regulation aimed at harmonizing crypto-asset markets across the EU. It introduces common rules for crypto-asset issuance, licensing of service providers (CASPs), transparency, and consumer protection.

Travel Rule

Defined in EU Regulation 2023/1113, effective 1 January 2025, this rule requires crypto service providers (including BATMs classified as CASPs or CASs) to collect and transmit Personally Identifiable Information (PII) for transactions of €1,000 or more, when at least one party is a regulated entity.

DORA (Digital Operational Resilience Act)

Coming into force on 17 January 2025, DORA focuses on ensuring operational and digital resilience for financial entities and their ICT service providers. It introduces requirements for risk management, incident response, third-party oversight, and resilience testing.

Applicability & Implications

Below is a breakdown of what each regulation means for BATM operators and related stakeholders:

MiCA

Who it applies to: Crypto Asset Service Providers (CASPs), including BATM operators providing exchange or custodial services.
Effective from: Phased in during 2024–2025, with Travel Rule compliance tied to MiCA obligations starting in January 2025.
What it means for BATM operators:
- Operators may need to register or obtain a license as CASPs in their local jurisdiction.
- Must comply with consumer protection, governance, and asset transparency rules.
- May face stricter requirements depending on national implementation (e.g. Czech Republic, Germany).
- MiCA ties into Travel Rule obligations by requiring traceability and security of crypto transactions.

Travel Rule

Who it applies to: All EU-based CASPs/CASs, including BATM operators facilitating crypto transfers.
Effective from: 1 January 2025
What it means for BATM operators:
- Must collect and verify KYC data for users.
- Require customers to declare if they are sending to their own (self-hosted) wallet or a third party.
- Must generate and transmit Travel Rule "Envelopes" containing PII to the receiving provider.
- Must retain related transaction and identity records for five years.
- Operators may need to integrate third-party Travel Rule solutions (e.g. Notabene, GTR, SumSub) or use GB's built-in tools to achieve compliance.

Read more here: Travel Rule | GENERAL BYTES Confluence

DORA

Who it applies to: Financial entities and their ICT service providers, including BATM manufacturers and software providers like GENERAL BYTES.
Effective from: 17 January 2025
What it means for BATM operators:
- You must ensure that any third-party systems or vendors (like your BATM software provider) comply with DORA's risk management and resilience obligations.
- The DORA compliance ensures:
  - Minimized risk of critical ICT disruptions.
  - Documented and tested incident response procedures.
  - Robust oversight of software and infrastructure providers.
- This means BATM operators can rely on the providers' software solutions to remain operational, secure, and compliant—even under adverse conditions.

How GENERAL BYTES supports EU regulatory compliance

GENERAL BYTES provides built-in tools in both hardware and software to help BATM operators comply with EU regulations, especially the Travel Rule and MiCA. Compliance features are integrated directly in our Crypto Application Server (CAS) and are continuously updated based on current legislation.

We also maintain full DORA compliance as a software and infrastructure provider, ensuring high operational security and resilience, giving BATM operators a reliable and future-proof foundation for their business.

Our platform supports direct and third-party integrations (e.g. Notabene, and upcoming GTR and SumSub), so operators can meet legal obligations without the need for custom development.

MiCA Compliance in GENERAL BYTES

MiCA introduces a new licensing and operational framework for crypto service providers, including BATM operators. GENERAL BYTES actively monitors MiCA developments and continuously adapts our platform to ensure compatibility with its core requirements.

Our solutions are designed to support operators in meeting obligations such as user protection, wallet verification, and transparent transaction handling. This includes:

Integrated KYC verification tools and threshold-based identity collection.
Flexible transaction flow controls aligned with local licensing rules.
Recordkeeping mechanisms to support MiCA audit trails and customer protection.
Modular integration of AML and fraud detection tools to support governance expectations.

By using GENERAL BYTES software, BATM operators are equipped to meet both MiCA’s licensing expectations and its underlying principles for crypto market integrity and customer safeguards, especially when operating across multiple EU countries with varied local requirements.

Travel Rule Compliance in GENERAL BYTES

GENERAL BYTES offers built-in support for Travel Rule compliance directly within the Crypto Application Server (CAS), giving BATM operators a seamless path to regulatory readiness.

Key features include:

Automated collection of sender and recipient PII for transactions ≥ €1,000, with clear user prompts and wallet ownership declarations.
Envelope generation and secure data transmission to counterparties, including internal providers or third-party integrations.
Full audit trail and archival of Travel Rule transactions via the CAS interface.
Self-hosted wallet detection and exception handling to comply with regulatory exemptions.

We already provide full support for Notabene, a leading Travel Rule interoperability platform, and are actively working to integrate GTR and SumSub during 2025, giving operators a choice of partners depending on jurisdiction and preferred workflows.

This means that BATM operators using GENERAL BYTES solutions have all the tools needed to comply with the EU’s Travel Rule obligations, without the need for external development or custom integration.

DORA Compliance in GENERAL BYTES

GB maintains operational resilience through robust frameworks to ensure the security, stability, and continuous availability of our mission-critical systems. Also, we regularly audit and update our procedures to align with DORA requirements and industry best practices. Our compliance reflects a company-wide commitment to risk management, cybersecurity, incident reporting, and third-party oversight, ensuring that we meet and exceed regulatory standards.

This means that BATM operators using GENERAL BYTES solutions can rely on minimized risk of critical security incidents and, in the unlikely event of an issue, benefit from well-established response procedures designed to resolve incidents swiftly and effectively in line with DORA requirements.

GENERAL BYTES as your compliance-ready partner

GENERAL BYTES delivers a fully integrated compliance solution for BATM operators facing EU regulations. Our Crypto Application Server (CAS) includes built-in Travel Rule support with zero need for custom coding, plus direct integration with Notabene (available now) and upcoming support for GTR and SumSub in 2025.

Unlike key competitors (e.g. Lamassu, GenesisCoin) who offer no third-party Travel Rule integrations, GENERAL BYTES provides a turnkey solution—minimizing legal risk, simplifying audits, and enabling fast deployment.

As a DORA-compliant vendor, we ensure the operational reliability and governance you can build your business on, giving you peace of mind while you focus on growth, not regulation.