Recap: Compliance and Coffee Meetup by idOS
Last week in Paris, during Paris Blockchain Week, we brought together leading voices in crypto regulation, decentralized identity, and legal innovation for our Compliance & Coffee Meetup - and the conversations didn’t disappoint.
Over croissants and caffeine, we dove into the biggest challenges facing web3 today: How can web3 move fast and stay compliant? How to align with global compliance standards without compromising decentralization, privacy, or usability?
Hosted by our team, the meetup brought together experts from Chainalysis, Ramp Network, NEAR, Notabene, Deloitte Legal, MME Digital Self Labs, LexDAO and European Crypto Initiative (EUCI). The result? Honest, deeply technical, and occasionally spicy debates about the future of compliance in web3 - from MiCA to identity, and everything in between.
In this blogpost, you’ll find key takeaways from the keynotes and panels. Towards the end of the post, you’ll find a more detailed summary of each session. We’re also excited to share that session recordings will soon be available for those who couldn’t attend or want to revisit the insights.
Key Moments & Highlights
- Marina Markezic (EUCI) kicked things off with EU Regulation
Her keynote unpacked the real impact of EU regulation - especially AMLR and MiCA - and what it means for builders across the ecosystem. The bottom line? Regulation isn’t just coming - it’s here. And it's time for Web3 to engage with it on our own terms.Check out the deep dive of this session below.
- Marjorie Ninno (idOS) introduced the identity and compliance perspective
In her talk on decentralized identity and compliance, Marjorie shared how idOS enables apps to comply with regulations without sacrificing user control. Read a comprehensive summary below.
- Panel 1: Global Compliance Trends: What’s Shaping Web3 Today?
Together, they explored what are the biggest compliance challenges web3 companies face today and topics such as MiCA and Travel Rule, Payments regulation (PSD3 and PSR) and the legal complexities of cross-border compliance. Check out the deep dive of this session below.
Moderated by Marina Markezic, this panel featured:
- Caitlin Barnett (Chainalysis)
- Wanda Kudrycka (Ramp)
- Chris Donovan (NEAR)
- Catarina Veloso (Notabene)
- Panel 2: Decentralization vs Compliance: Can We Have Both?
This panel didn’t shy away from hard questions. They unpacked the tension between regulatory demands and the decentralized ethos of web3, exploring if it is possible to offer a well balanced path forward. Check out the deep dive of this session below.
Moderated by Bianca Guimarães-Chadwick (NEAR), this was a powerhouse discussion featuring:
- Alireza Siadat (Deloitte Legal)
- Linda Jeng (Digital Self)
- Paolo Maria Gangi (LexDAO)
- Reto Luthiger (MME)
In-depth look at the discussions from each session
Keynote 1: The Impact of EU Crypto Regulation on the Industry: An Overview of Current and Future Development by Marina Markezic (Co-founder EUCI)
As the European Commission continues to shape the future of digital finance, we are seeing increasing attention being given to how DeFi intersects with regulatory frameworks. With the Markets in Crypto-Assets (MICA) regulation already on the horizon, there are a number of pressing issues to consider. In particular, how will DeFi projects navigate the growing demands of regulation, and how does this align with initiatives like Dora (Digital Operational Resilience Act)?
The state of crypto regulation in europe:
Marina provided an overview of the European Union’s regulatory progress, particularly under MICA. Although implementation has been gradual, there have been concrete developments, including the issuance of licenses in Germany and Malta, with France expected to follow. One tangible outcome of MICA has been the emergence of euro-denominated stablecoins, which likely would not have taken off without the regulatory clarity provided by the framework. This, Marina noted, is a clear win for monetary stability within the EU.
Regulatory strain on SMEs
Despite the progress, Marina emphasized the disproportionate burden MICA may place on small and medium-sized enterprises - the core of the European economy. As these businesses work to adapt to the growing complexity of crypto and digital finance rules, they face high compliance costs that could stifle innovation.
Upcoming reforms: The future of payments regulation
In parallel with MICA, the EU is negotiating the third iteration of the Payments Directive, alongside a new regulation to replace the e-money directive entirely. While implementation is still about two years away, the decisions being made now will define the future of digital payments in Europe. Marina highlighted one key tension: although custody of e-money tokens is allowed under MICA for registered custodians, the act of transferring them could invoke additional obligations under the Payments Directive, creating friction and legal uncertainty for market participants.
Potential regulatory exemptions and grey zones
To mitigate complexity, regulators are exploring carve-outs for certain activities. For example, similar to how transfers between self-hosted wallets were excluded from earlier AML regulations, there’s discussion around potential exemptions for decentralized wallet transfers under new rules as well. This shows a willingness to accommodate decentralized activity - but the rules are still evolving, and many questions remain open.
Will MICA cover DeFi?
A key question looming over the European regulatory landscape is whether MICA will be extended to cover decentralized finance. The European Commission is considering whether additional provisions are needed to address areas like DeFi lending, staking, and miner extractable value (MEV). A long-anticipated report on these topics - originally delayed - is now expected by the end of Q2 2025 and could significantly shape future legislation.
Decentralization as a spectrum, not a switch
Marina urged regulators and the public to view decentralization not as a binary state, but as a spectrum. Projects need time to evolve toward more decentralized structures, and some jurisdictions, including the U.S., are considering grace periods to reflect this reality..
The role of DORA
While much of the spotlight has been on MICA, Marina pointed out that DORA - the Digital Operational Resilience Act - is just as crucial, particularly in how it will affect the relationship between DeFi projects and traditional financial institutions. DORA may become a key bridge between the decentralized and traditional finance worlds, especially around operational standards and institutional trust.
Looking ahead with cautious optimism
Marina concluded with a call for optimism. The regulatory process may be slow and, at times, murky - but it's moving. For those interested in understanding where DeFi regulation is headed, she recommended reading the latest Eva paper - a detailed exploration of lending and staking - that could become foundational for the EU’s next wave of regulatory decisions.
Keynote 2: Decentralized Identity & Compliance in Web3, by Marjorie Ninno (Head of Legal of idOS)
Marjorie starts by acknowledging the tremendous strides web3 has made, particularly in decentralized finance (DeFi). “With DeFi, self-custody of funds is actually a reality today. Maybe even a fundamental principle, if you think about it,” she says, highlighting the fact that users now have control over their digital assets without relying on traditional intermediaries. “You don’t need to trust the bank. You hold your keys. You’re in control.”
Why scaling web3 starts with solving identity
However, she quickly identifies a significant gap: while self-custody has been realized for financial assets, the same cannot be said for identity. This lack of progress on identity has resulted in a major barrier to scaling web3. Despite the decentralization of assets, users are still forced to share and verify their personal identity multiple times across different platforms. “In web3, we have decentralized finance, but we don’t have decentralized identity,” Marjorie points out. This distinction is crucial because it exposes a flaw in the scalability of web3 - without solving identity, the space can’t truly scale.
The lack of interoperability and friction of current identity solutions
She expands on the limitations of traditional identity systems, stressing that users today have no way of proving who they are in a decentralized, self-sovereign manner. In the current ecosystem, the process of proving identity is often tedious and siloed. She emphasizes, “You end up submitting your ID over and over again across different platforms, re-doing the same process.” This duplication of effort and lack of interoperability is frustrating for users and limits adoption.
The fragmentation and poor UX of identity in web3
Marjorie suggests that if web3 is to grow and thrive, identity needs to be a first-class citizen in the ecosystem. "We need a way to prove who we are once and for all, in a self-sovereign way,” she insists. She points to the current friction and user pain points in decentralized identity solutions - clunky key recovery systems, complex seed phrase management, and often a non-intuitive user experience. “The user experience is still fragmented. Onboarding flows are painful. These are huge barriers for mainstream adoption,” she says.
Compliance vs. Decentralization. Why do current identity solutions fall short?
She also touches on how existing decentralized identity solutions - such as identity wallets, and Soulbound Tokens - are still not being widely adopted by regulated entities due to concerns around compliance and security. “Many of these systems are technically brilliant,” she admits, “but very few have reached a point where regulated entities can compliantly and confidently use them.” She also questions how decentralized identity systems can balance user privacy with compliance, pointing out that law tends to be far less flexible than the technology itself. “How do we ensure that users have control over their data while also adhering to regulatory requirements?” This delicate balancing act is a significant challenge, and one that most current solutions are not fully prepared to tackle.
The lack of transparency in current identity solutions
In the absence of universal identity standards, there is a lack of accountability and transparency. “Who is processing your data? Where is it stored? For how long? These questions still don’t have clear answers” she states, underscoring the need for better visibility into the governance of decentralized identity solutions.
The path forward: How technology can solve the identity problem
But it’s not all doom and gloom. Marjorie does offer hope, emphasizing that with the right technological advancements, web3 can solve the identity problem. “We have the tools - decentralized identity systems, zero-knowledge protocols, blockchain technology - it's just a matter of aligning them with compliance and usability to create a system that users trust.”
The solution: enabling self-sovereign identity with compliance
One solution she highlights as a step in the right direction is idOS. She explains how it’s solving many of the issues surrounding decentralized identity by providing a seamless and compliant way for users to control and share their identity data. “What idOS brings to the table is the perfect combination of self-sovereign identity with compliance,” she says, noting that idOS offers an open-source, interoperable framework that makes it possible for decentralized identity to work in tandem with existing regulations. Marjorie explains that idOS is designed to help developers integrate identity solutions into web3 applications without the need for complex back-end systems. “The power of idOS is that it abstracts the complexities of identity management while still giving users control over their data,” she says, “allowing them to share only what’s necessary, when it’s necessary, and always on their terms.” She emphasizes that idOS’s enables users to manage their own personal data while ensuring that all interactions are compliant with regulatory standards, like GDPR. “This is the future we need to build. We don’t have to sacrifice compliance for decentralization. We can have both” she concludes.
Panel 1: Global Compliance Trends: What’s Shaping Web3 today?
Web3 space is rapidly evolving, but with innovation comes a complex and fragmented regulatory landscape. As one of the panelists remarked, "Web3 companies are pioneering new models for digital interaction and finance, but as they push the boundaries of innovation, they’re also navigating an incredibly complex and fragmented regulatory landscape." This tension between innovation and regulation is a central theme that will be explored, particularly with the emergence of MiCA, the Travel Rule, Payments regulation (PSD3 and PSR), and the legal complexities of cross-border compliance.
MiCA (Markets in Crypto-Assets) and regulatory landscape in europe
MiCA, or the Markets in Crypto-Assets regulation, has been a key point of discussion, especially in Europe, where its potential impact is being keenly felt. As one panelist put it, "MiCA is an important step forward for crypto in Europe, but for web3 companies, it’s a balancing act - how to comply with the regulations while preserving decentralization."
Another participant expanded on this: "Navigating MiCA is challenging because it requires a deep understanding of both the technology behind crypto assets and the traditional financial regulations that govern them. It’s a constant learning process for companies." These insights underscore how web3 companies must adapt quickly to meet these regulations without compromising their decentralized ethos.
The Travel Rule and its Impact on decentralized systems
A significant regulatory issue discussed was the Travel Rule, which requires crypto firms to share information about the originators and beneficiaries of transactions. One panelist raised the key challenge: "The Travel Rule was created with centralized financial institutions in mind, but applying it to decentralized networks creates unique challenges. It’s a struggle between user privacy and regulatory transparency."
Another speaker added, "The decentralized nature of Web3 creates a paradox for the Travel Rule - how do we track transactions without undermining the principles of decentralization and user control?" These conversations illustrate the delicate balance between complying with global regulations and preserving the foundational values of Web3.
Payments Regulation: PSD3 and PSR
The upcoming revisions to payment services regulation in Europe, such as PSD3 and PSR, were also heavily discussed. As one panelist highlighted, "PSD3 is likely to be a game-changer for crypto companies operating in Europe. It provides clarity, but also creates new compliance hurdles for Web3 players trying to integrate with the traditional banking system."
This perspective was echoed by another participant, who pointed out: "While PSD3 opens up new opportunities for digital payments in Europe, it’s essential that Web3 projects don’t fall into the trap of over-complying and losing their edge as decentralized solutions." These remarks emphasize the need for Web3 companies to balance regulatory compliance with the desire to remain innovative.
Cross-Border Compliance Complexities
Cross-border compliance continues to be a thorny issue for many web3 companies, and this was a major point of focus during the panel discussion. As one expert put it, "Cross-border compliance is the toughest challenge for web3 companies. They’re often forced to comply with regulations in multiple jurisdictions, each with its own take on crypto and digital assets."
Another participant offered a broader view, saying, "As web3 evolves, it will be critical to create frameworks that not only protect users but also allow companies to operate across borders without getting caught in a compliance quagmire." The panelists agreed that creating a global framework for Web3 companies is crucial to ensuring that innovation can continue without being stifled by contradictory regulations.
Legal complexities in the web3 ecosystem
The legal complexity of Web3 ecosystems was also a key area of discussion. One panelist pointed out, "The decentralized nature of Web3 projects means they often don’t fit neatly into existing legal categories. Regulators need to rethink old models if they’re going to properly address the needs of decentralized businesses."
This was expanded upon by another expert: "Without clear legal definitions for DAOs and decentralized platforms, web3 companies are left with a significant amount of uncertainty in how to structure their operations and manage risk." The need for updated legal frameworks that reflect the decentralized nature of web3 was a consensus among the panelists.
Panel Insights on overcoming compliance challenges
Despite the regulatory hurdles, the panelists were optimistic about how web3 companies could navigate these challenges. One participant remarked "Web3 companies should embrace collaboration with regulators and traditional financial institutions. This isn’t about one side winning, but about creating an ecosystem that supports innovation while protecting users."
Another panelist offered a more technological solution, saying, "RegTech is revolutionizing how Web3 companies can meet compliance standards. Automated solutions allow businesses to comply with regulations without sacrificing the speed and efficiency that Web3 promises." These insights pointed toward technology and collaboration as key strategies for overcoming regulatory challenges in Web3.
Moving toward a compliant future
As the panel discussion wrapped up, the experts agreed that the future of Web3 compliance hinges on adaptability. One of them concluded, "The future of Web3 compliance is about adaptability. Regulators and companies must be ready to evolve alongside technology, finding ways to protect users without stifling innovation."
Summing up, another expert stated, "Ultimately, the goal is to strike a balance - allowing the decentralized web to flourish while ensuring that there are safeguards in place to protect users, investors, and the broader economy."
Panel 2: Decentralizations vs Compliance. Can We Have Both?
Can Web3 Stay True to Its Ethos While Meeting Regulatory Expectations?
At the Compliance & Coffee Meetup during Paris Blockchain Week, a group of legal experts, technologists, and policy thinkers came together to explore one of the most complex and timely questions in Web3 today, can decentralized systems comply with regulatory demands without sacrificing their core values? The discussion was wide-ranging, nuanced, and grounded in the real-world frictions that arise when innovation outpaces law.
From Control to Compliance by Design
The session began with a reflection on the limitations of current compliance models, which are still largely based on control layers and third-party reporting. Instead, panelists argued for a shift toward compliance by design, where obligations are built directly into the architecture of new technologies. With tools like programmable money, zero-knowledge proofs, and multi-party computation, it’s becoming technically possible to satisfy regulatory goals like AML and KYC while preserving user privacy and decentralization. This is more than a technical shift, it’s a conceptual one, asking regulators to move from enforcing control to enabling verifiable trust.
DeFi’s Growing Pains
Much of the conversation revolved around the tension between decentralized finance and regulatory frameworks that require a clear accountable party. As institutional interest in DeFi increases, so too does the pressure to demonstrate regulatory compliance. Some protocols are integrating extensive toolkits, including identity checks, sanctions screening, and transaction monitoring, in an effort to meet institutional expectations. Yet this integration raises questions about whether such measures can truly coexist with decentralization, or whether they inadvertently reintroduce central points of control under the guise of compliance. The challenge lies in constructing systems that are compliant on the surface but decentralized in their core functions, a balance that is proving difficult to strike.
The Cultural Divide Between Builders and Regulators
A recurring theme throughout the panel was the cultural disconnect between the builders of Web3 and the institutions tasked with regulating them. Many regulators still view blockchain projects through the lens of traditional financial institutions, expecting a clearly defined entity to take responsibility. Meanwhile, decentralized systems are intentionally designed to avoid such centralized choke points. This mismatch leads to confusion, frustration, and sometimes overly conservative or poorly informed policy decisions. The panel emphasized that regulation is not just a legal or technical challenge, but a cultural one. Bridging the gap will require sustained dialogue, education, and a mutual willingness to rethink long-held assumptions.
Decentralized Identity and Self-Managed Compliance
One of the most promising areas for reconciling compliance and decentralization lies in identity infrastructure. Decentralized identity frameworks like idOS, and government-led initiatives like the EU’s EUDI wallet, aim to give users control over their credentials while enabling trusted verification across networks. These solutions introduce new forms of accountability without requiring a central gatekeeper. Still, concerns remain. If a state actor can revoke a user’s entire digital wallet, not just one credential, what happens to the individual’s autonomy? How does this align with GDPR, with ownership rights, with the promise of user control? The panel agreed that these questions are not fully resolved, but must be addressed as identity becomes more central to compliance infrastructure.
Accountability Without Centralization
Accountability is at the heart of regulation, yet it sits awkwardly in decentralized environments. Traditional frameworks depend on identifying a responsible entity someone to license, to audit, to sanction if needed. In decentralized systems, responsibilities are often distributed, shared, or fully autonomous. While some panelists saw potential in models of shared liability, these are still poorly supported by current law. Others pointed to the risk that regulators will default to the easiest path, assigning accountability to any visible actor, even if that undermines the principle of decentralization. Finding new frameworks that honor both legal accountability and distributed design remains a major challenge.
A Data-Heavy Future and Its Discontents
As regulatory regimes expand, so too does the appetite for data. Emerging frameworks like DAC8 and CARF are pushing for more reporting, more transparency, and more collection of personal identifiers. In some jurisdictions, even tax ID numbers are now part of standard onboarding. But the panel questioned whether more data always means better compliance. Instead, they envisioned a system where trust is based on verified attestations rather than repetitive data collection, where an identity or credential confirmed once can be relied on many times, across institutions and jurisdictions, without unnecessary duplication. Privacy-enhancing technologies offer a path forward, but require a mindset shift from regulators and institutions alike.
What Comes Next
The panel closed with reflections on where compliance is headed. While the current trajectory leans toward more centralization, heavier reporting, and increasingly complex obligations, there was a shared hope that a more balanced future is possible. A future where compliance is not a burden but a feature of well-designed systems. Where data is minimized and privacy respected. Where regulators, builders, and users can find common ground in principles like transparency, accountability, and autonomy.
What became clear is that there are no easy answers. Compliance and decentralization will continue to pull in opposite directions, but thoughtful design, open dialogue, and a shared commitment to progress can create the conditions for something new. Not a compromise, but a reimagining of how regulation works in a decentralized world.
To find more about idOS, see below the following resources: