The new British rules could mean more data from Crypto users, as is a recent leak, how risky it can be.
Like a major cryptographic platform admitted entrepreneurs has disclosed user information, the United Kingdom has unveiled new strict rules forcing companies to collect and report detailed personal data on each cryptographic transaction.
From January 1, 2026, cryptographic companies operating in the United Kingdom should keep an eye on just about everything – each customer, each transaction, each crypto movement. This is part of the United Kingdom efforts to bring transparency – and responsibility – a space accused for a long time of being a little too dark for its own good.
HM Revenue and Customs has abandoned the news in a declaration of May 14, claiming that cryptographic companies will have to receive the full name, the reception address, the date of birth and the tax identification numbers of all individual users. Entities such as companies, partnerships and charities are also under spotlights, with requirements for legal business names, addresses and business recording numbers.
This includes each transaction, even those that simply move the crypto between the wallets. The rules comply with international standards but go further by applying them to the United Kingdom, not only through borders. Companies will have to submit reports each year, and those who fail could face fines of up to £ 300 (around $ 398) per user.
Protect consumers
The authorities say that this decision is to protect consumers and create a more robust regulatory environment. But it also clearly aims to make up for tax gaps and to keep the pace of larger global standards, including European mica regulations. As HMRC says, companies should start preparing now – not in 2026 – to avoid a last -minute wheelbarrow.
Mark Aruliah, head of EMEA policy at the Elliptic blockchain analysis company, said in a comment for Crypto.News that this decision is an expected “next step” for an industry that matures to parity with traditional finance.
“The declaration of data on personal transactions has historically been a challenge for industry and consumers. This clarity on legal obligations to reports will help as well as the growth of new declaration services. ”
Mark Aruliah
While Aliah recognized the potential burden of small startups, he said that the push towards transparency was not only necessary, but late.
“Any regulation is generally considered to be an additional cost burden for industry, but this must be balanced with the advantages it provides.
Mark Aruliah
But for many criticisms, the biggest question is not to collect data. It’s about staying safe.
Great responsibility
This concern was strongly to the point, because the exchange of Coinbase cryptocurrency recently confirmed a violation involving customer data. According to the Crypto Exchange, based in the United States, the entrepreneurs working for Coinbase abroad were welded by attackers who had access to information sensitive to customers.
This included names, emails, telephone numbers, addresses and, in some cases, partial social security numbers. Some users have even pointed out that identification documents such as passports and driving licenses had been exposed.
Coinbase said that the violation has affected less than 1% of its user base, although with almost 9 million monthly active users, even this Sliver represents a large population. Worse, it is exactly the type of personal data that the United Kingdom now wants companies to collect and check – and the violation raises urgent questions about the question of whether cryptographic companies are equipped to assume such responsibility.
While Coinbase claims that his internal systems quickly captured the violation, the engineer of the Blockchain Zachxbt said that signs of problems were visible much earlier. In February, he reported a series of scams linked to Coinbase infrastructure, including a victim who lost $ 850,000 after being faked by a false Coinbase support agent.
If the rules aligned by the CARF of the United Kingdom were already in force, the company could look at millions of fines, not to mention reputation damage which is more difficult to quantify. However, the juxtaposition is difficult to ignore: the United Kingdom says that cryptographic companies of hoarding personal data, just as one of the greatest exchanges in the world admits that it has failed to ensure the safety of this data.
