Timothy Morano
Oct 09, 2025 17:26
The European Blockchain Sandbox, featuring IOTA Foundation’s Tokenized KYC Solution, reveals insights on compliant identity verification in Web3, as shared by IOTA Blog.
The European Blockchain Sandbox has successfully wrapped up its second cohort, showcasing the IOTA Foundation’s innovative Tokenized Know Your Customer (KYC) Solution. This initiative, part of a three-year project by the European Commission, allows distributed ledger projects to test their solutions with European regulators, according to IOTA Blog.
Building a Web3 Identity Solution
The sandbox, which ran from June 2024 to March 2025, included 20 projects, among which the IOTA Foundation’s solution stood out. Developed in collaboration with IDnow, walt.id, and Bloom Wallet, the Tokenized KYC Solution facilitates off-chain identity verification. Users receive a tokenized proof in their wallet, enabling decentralized applications (dApps), exchanges, and other services to confirm eligibility without revealing sensitive on-chain data.
Key Takeaways from the Sandbox
One significant focus was the implementation of Anti-Money Laundering (AML) and KYC regulations. The sandbox emphasized the legal obligations of crypto-asset exchanges to verify user identities. The Tokenized KYC Solution allows the responsible entity to access verified personal data from the identity provider, IDnow, while ensuring authorities can request personal data linked to a soulbound token.
The sandbox also explored the reuse of KYC data collected by other entities, a practice with varying rules across Europe. The forthcoming Anti-Money Laundering Regulation (AMLR) aims to harmonize these rules, facilitating the use of customer information across different entities.
Soulbound Tokens and Data Classification
The sandbox highlighted the classification of data on public permissionless distributed ledger technologies (DLTs) like IOTA. In the Tokenized KYC Solution, only soulbound tokens, which do not contain personal data, are recorded on-chain. These tokens indicate the completion of the KYC process, with data stored securely off-chain. Despite this, such tokens are treated as pseudonymized personal data under GDPR, necessitating ongoing review and compliance.
Implications for Wallet Providers and Node Operators
The sandbox examined the GDPR classification of wallet providers and node operators. Self-hosted wallet providers, which operate solely on a user’s device, are not considered data controllers or processors. This aligns with GDPR, as responsibility for personal data lies with entities accessing or using it, such as IDnow for verification.
Node operators, performing only technical functions, should not be treated as controllers. The Tokenized KYC Solution supports this view, as verified identity data remains off-chain, and nodes merely relay pseudonymized attestations without accessing identity data.
Future Prospects for Tokenized KYC
New regulations, including the Transfer of Funds Regulation, require cryptoasset exchanges to hold data about self-hosted wallet users. There is a growing need for on-chain identification tools that ensure compliance while maintaining privacy. The IOTA Foundation’s solution integrates identity verification into a soulbound token, allowing for secure and private interactions within Web3 ecosystems.
The IOTA Trust Framework, developed alongside the rebased IOTA Mainnet, further supports privacy and compliance. This suite of infrastructure components is designed to facilitate solutions like the Tokenized KYC Solution.
The IOTA Foundation expresses gratitude to IDnow, walt.id, and Bloom Wallet for their collaboration, demonstrating an effective, privacy-preserving solution for the Web3 space.
For more information, visit the IOTA Blog.
Image source: Shutterstock