EU Regulatory Landscape
Applicable Regulations for eu.TrustCircles

General Data Protection Regulation — (EU) 2016/679

The foundational EU privacy law governing collection, processing, storage and erasure of personal data. Mandates consent, data minimisation, right to erasure (Art. 17) and privacy-by-design (Art. 25). Administrative fines up to €20M or 4% of global annual turnover for serious violations.

Impact on eu.TrustCircles: The structural tension between GDPR data minimisation and AML data pooling is the core problem eu.TrustCircles solves. nodeU records only consent and permission events — never personal data. The distributed, zero-central-storage architecture is designed around Art. 5, 7, 17, 22 and 25. The TMNL shutdown by the Dutch DPA in July 2024 was the definitive validation of this conflict.

Official source: EUR-Lex — GDPR full text

EU Digital Identity Regulation — (EU) 2024/1183

Amends the original eIDAS regulation (910/2014) to establish the EU Digital Identity Wallet (EUDIW) — a government-issued digital identity instrument every EU citizen and business can use to authenticate and share verifiable credentials across borders and sectors.

Impact on eu.TrustCircles: idU, the identity layer of dataU, must interoperate with EUDIW. Bank customers onboarded via eu.TrustCircles will need wallet-compatible KYC flows as the November 2027 deadline approaches. Participation in EUDIW working groups is a near-term strategic priority to ensure architectural alignment and early certification.

Official source: EUR-Lex — eIDAS 2.0 full text

Data Governance Act — (EU) 2022/868

Creates a harmonised framework for data intermediaries — neutral entities that facilitate voluntary, consent-based data sharing between data holders and data users. Also establishes a framework for data altruism organisations and conditions for re-use of public sector data.

Impact on eu.TrustCircles: The dataU platform's architecture closely matches the EU legal definition of a data intermediary. This creates both a notification obligation with the national competent authority (ACM in the Netherlands) and a powerful commercial positioning opportunity: certification as an EU-compliant data sharing infrastructure layer distinguishes eu.TrustCircles from point-solution competitors.

Official source: EUR-Lex — Data Governance Act full text

Data Act — (EU) 2023/2854

Establishes rules on fair access to and use of data generated by connected products and services. Grants users the right to access and share data generated through their use of products. Imposes switching obligations on cloud providers to facilitate data portability.

Impact on eu.TrustCircles: Strengthens the regulatory foundation for eu.TrustCircles' consent-gated data sharing model. Bank customers' right to access and port transaction-derived data aligns directly with dashboardU's purpose. The cloud-switching obligations reinforce eu.TrustCircles' EU-sovereign, vendor-neutral architecture as a compliance advantage over US hyperscaler-hosted solutions.

Official source: EUR-Lex — EU Data Act full text

EU Anti-Money Laundering Regulation — (EU) 2024/1624

The new single AML rulebook — directly applicable across all EU member states without national transposition. Replaces the previous directive-based patchwork. Mandates continuous transaction monitoring, cross-institution data sharing for risk scoring, customer due diligence, enhanced due diligence for high-risk customers, and mandatory suspicious activity reporting.

Impact on eu.TrustCircles: The July 2027 enforcement deadline is eu.TrustCircles' primary commercial forcing function. The TMNL shutdown in July 2024 left five major Dutch banks (ING, ABN AMRO, Rabobank, Triodos, de Volksbank) without a structurally compliant solution ahead of this deadline. FraudShield and the anonymised DataLake are designed to meet AMLR monitoring and analytics requirements without triggering GDPR violations.

Official source: EUR-Lex — AMLR 2024/1624 full text

Anti-Money Laundering Authority Regulation — (EU) 2024/1620

Establishes the new EU-level Anti-Money Laundering Authority (AMLA), headquartered in Frankfurt. AMLA holds direct supervisory powers over the highest-risk financial institutions and coordination authority over national AML supervisors. It will set binding technical standards and supervisory expectations across the EU.

Impact on eu.TrustCircles: AMLA will define the technical standards and audit criteria eu.TrustCircles' clients must satisfy. A pan-European supervisor reinforces the market case for a pan-European compliant infrastructure layer. eu.TrustCircles' architecture should be designed to meet AMLA's forthcoming technical standards from day one.

Official source: EUR-Lex — AMLA Regulation full text

Sixth Anti-Money Laundering Directive — 2018/1673

Harmonises the definition of money laundering offences and criminal liability across the EU. Extends predicate offences to 22 categories, introduces stricter criminal penalties and broader corporate liability. The preceding directive framework is being superseded by AMLR 2024/1624.

Impact on eu.TrustCircles: Establishes the baseline AML obligations that FraudShield's AI analytics, SAR-generation workflows and audit trails are designed to fulfil. Compliance with 6AMLD obligations is a prerequisite for the Dutch WWFT (Wet ter voorkoming van witwassen en financieren van terrorisme) implementation.

Official source: EUR-Lex — 6AMLD full text

Payment Services Directive 2 — 2015/2366 · PSD3 in progress

PSD2 regulates payment services and open banking, mandating access to account data (XS2A) and Strong Customer Authentication (SCA). PSD3 will extend open finance data sharing, introduce the Financial Data Access (FIDA) framework and tighten authentication rules.

Impact on eu.TrustCircles: PSD3's open finance expansion widens the data-sharing surface that eu.TrustCircles' consent infrastructure can govern. proxyU is architecturally well-suited to act as a GDPR-compliant data-sharing intermediary under the FIDA framework, enabling eu.TrustCircles to address data-sharing obligations beyond AML.

Official source: EUR-Lex — PSD2 full text

Markets in Crypto-Assets Regulation — (EU) 2023/1114

Creates a harmonised EU regulatory framework for crypto-asset service providers (CASPs), covering licensing requirements, AML obligations, consumer protection, stablecoin rules and market abuse prevention for digital asset markets.

Impact on eu.TrustCircles: CASPs are subject to the same AMLR/AML obligations as banks. eu.TrustCircles can extend its AML compliance infrastructure to licensed crypto-asset service providers — a meaningful vertical expansion opportunity alongside the banking segment, sharing the same underlying platform

Official source: EUR-Lex — MiCA full text

Digital Operational Resilience Act — (EU) 2022/2554

Mandates ICT risk management, incident reporting, digital resilience testing and contractual oversight of third-party ICT providers for EU financial entities. Applies to banks, payment institutions, investment firms and their critical technology suppliers.

Impact on eu.TrustCircles: As a critical technology provider to banks, both eu.TrustCircles and Mindrops (as AI infrastructure partner) fall within DORA's third-party risk management scope. Banks will require contractual DORA compliance from eu.TrustCircles. The platform's distributed, no-single-point-of-failure architecture is a structural DORA compliance advantage over centralised alternatives.

Official source: EUR-Lex — DORA full text

Network & Information Security Directive 2 — 2022/2555

Raises cybersecurity requirements for operators of essential services including banks and financial market infrastructure. Mandates incident response plans, supply-chain security assessment and mandatory reporting within 24 hours (initial) and 72 hours (full report).

Impact on eu.TrustCircles: nodeU infrastructure and FraudShield's AI pipelines must meet NIS2 security baselines. Supply-chain security obligations mean eu.TrustCircles' bank clients will conduct formal security due diligence on the platform, requiring robust documentation of the EU-sovereign architecture and incident response procedures.

Official source: EUR-Lex — NIS2 full text

Artificial Intelligence Act — (EU) 2024/1689

Risk-based framework for AI systems in the EU. AI systems used in credit scoring, AML and fraud detection, and access to financial services are explicitly classified as high-risk, requiring conformity assessments, human oversight provisions, transparency documentation, bias monitoring and ongoing performance testing.

Impact on eu.TrustCircles: FraudShield's AML detection models are high-risk AI under the Act, requiring documented conformity assessments, explainability of model decisions, human-in-the-loop oversight and continuous monitoring. The EU-sovereign inference architecture operated by Mindrops under Jibe's IP ownership is essential to satisfy the Act's third-country AI system requirements.

Official source: EUR-Lex — EU AI Act full text