We delved into the question of how compatible Lightning Network is with regulation, and came up with a surprisingly optimistic assessment.
The Lightning Network is Bitcoin’s great hope for scaling up as a global payments system, and the network is growing rapidly.
However, there is a thorny and awkward question that is often overlooked: can it withstand EU regulation?
The belated discussion centers around two questions: Which participants in the Lightning Network are evading regulation — and are they actually capable of following the rules?
These are tough questions. When I started researching them, the answers were initially discouraging, and it seemed inevitable that regulation would kill off the Lightning Network. But in the end, the prospects turned out to be better than expected.
Apparent trustee deemed to be trustee
Let’s start with the obvious: custodial wallets require a license. They will be regulated just like “crypto asset custodians” or “VASPs” (Virtual Asset Service Providers).
This is not surprising, but still uncomfortable. Because unlike pure on-chain wallets, custodians greatly improve the user experience of the Lightning Network. No need to worry about channels and liquidity, you can use wallets such as BlueWallet, lnbits, Zebedee or LNTXBOT just like an on-chain wallet.
These custodial wallets — and their users — will sooner or later enter a regulatory reality. For those who choose to ignore it, this can be a crushing blow. Ultimately, however, the Lightning Network helps regulators reach Bitcoin users with on-chain wallets who would otherwise never be reached.
Semi-custodial wallets like Phoenix and Muun are interesting. With these wallets, users manage their keys themselves but rely on payment channels through (unconfirmed) operator nodes. These semi-custodial wallets offer a user experience that is almost as good as custodial wallets.
If they resist regulation, it could help set higher wallet standards for the Lightning Network.
Will Lightning Nodes be regulated?
More difficult and unpleasant is the question of whether Lightning nodes are also considered “VASPs”.
Patrick Hanser, an EU regulatory expert, said that “professional lightning nodes” could be considered regulated payment providers. However, he did not specify what he meant by “professional.”
If the "professional" needs to generate income from something, then every lightning node will make that happen after collecting payment fees.
Formally, a lightning node acts as a trustee: it takes the sender's money and pays the recipient with its own money. Smart contracts ensure that he cannot cheat. But is this enough to avoid being classified as a trustee?
After all, private nodes can choose to keep fees low or drastically reduced. This would make them more of a hobby project than a regulated enterprise.
Nodes run by companies on a commercial basis will have more difficulty. Some examples: LNBIG provides a lot of liquidity to earn a yield, Bitrefill also provides liquidity for a fee, Acinq nodes provide inbound capacity for Phoenix wallets, etc.
Even if semi-custodial wallets like Phoenix can escape regulation, the nodes behind them cannot escape regulation.
Travel rules in the Lightning Network: an unattainable requirement?
But what does it mean when Lightning nodes are regulated?
The core issue is the Travel Rule. This rule is currently being implemented in almost every jurisdiction in the world, most recently also in the EU as part of the MiCa Regulation. The Travel Rule requires service providers to know and store the identity of the sender and recipient of each payment.
To do this, the provider must first verify the user’s identity. This process, called KYC (Know Your Customer), has long been standard for many service providers, such as cryptocurrency exchanges or custodial wallets.
This is still a big challenge for wallets like BlueWallet, LNBITs, Satoshi Wallet, etc. - and a big surprise for people.
But now comes the tricky part of the Travel Rules, how do service providers know who the payment is for? The obvious answer is: they ask the user. But how do you know they’re telling the truth?
With on-chain transactions, service providers have a certain approach to this as all transactions are transparent. This is not perfect, but should be enough to satisfy the required level of trust. However, with the Lightning Network, transactions are much more private. This is intentional and well-intentioned, but could become a Trojan Horse from a regulatory perspective. It would be difficult, if not impossible, for a Lightning wallet to be fully compliant with the Travel regulations.
But a passage in the EU regulation came to the rescue of the trustee’s wallet: for transactions under €1,000, service providers are not obliged to check the information provided by users. Since the Lightning Network is currently barely capable of transmitting larger amounts, this should cover almost all payments.
So users can breathe a sigh of relief, this one statement is enough. At least at first, if users just enter anonymously and hope it passes the service provider's review, nothing bad will happen.
For professional nodes, it gets even trickier. They often don’t know where payments are coming from and going, or even how to find out the identities behind fake names in a reliable way.
For them, being classified as a VASP can be an existential threat, as it imposes rules on them that they cannot even fulfill. Our analysis reaches its bottom at this point.
A network fragment
Therefore, we have different players:
Nodes, which are either private and unregulated or professional and regulated.
Trusted and custodial wallets or non-trusted and uncustodial wallets. The situation of semi-custodial wallets is unclear.
At the wallet and service provider level, the Travel Rules will be uncomfortable but manageable: wallets and exchanges will verify the identities of their users and collect data on their trading partners, but will not inspect it.
However, the Travel rule becomes more unpleasant at the node level. They do not know who is the sender or receiver of a transaction, and therefore, they lack a way to collect the data required by the Travel rule.
The only way this works is a bad one: professional nodes form a "network of networks" and only forward payments that originate from other professional nodes and go to other professional nodes.
In this case, the Lightning Network will be fragmented. But what about the rest?
core
The rest, namely those private nodes and wallets that refuse to comply with the regulations.
Wallets like Electrum, Eclair or Lightning are fine for storing Bitcoin, there is no issue with regulating them.
Privately operated nodes do run the risk of being classified as VASPs, but this is questionable and could probably be mitigated in an emergency by removing the fee. If private nodes operate outside the Tor network, it will be difficult for regulators to enforce the rules. The EU will have to watch helplessly as its rules are ignored.
Even in the most severe way, the Lightning Network has a good chance of surviving such a regulatory “attack”. The real core will operate on the Tor network or in a regulatory haven.
However, the average user will not be interested in this network. The user experience suffers because you have to manage payment channels yourself, payments become unreliable, and you may not be able to pay at exchanges or merchants due to the lack of large liquidity nodes.
It is sometimes said that Lightning must be able to serve eight billion people. This does not apply to the network that forms the core, since only a small fraction of humanity will even be interested in using it, probably far fewer than a million people.
The Importance of Smart Bridges
So far, the outlook is pretty bleak. A split of Lightning into a regulated and unregulated network is almost inevitable.
But there is hope! This hope is mainly based on the 1undefined000 euro threshold, and the provider does not have to check the collected data. It allows Bitcoin to be sent back and forth between the two networks. There is nothing to stop you from sending money from an unregulated private wallet to a regulated wallet.
Possible protocols for transferring or retrieving data would also help. For example, free, unregulated wallets could integrate options that provide data on the recipient and sender. Then, a transaction could take the route through both networks to complete.
If wallets are smart, they can store the information after it has been filed and - when we use it - transmit it to the merchant like PayPal does when making a payment. Smart wallets can calculate whether a payment can also go through "privately" or how much it would save if it went through, i.e. bypassing the Travel Rules network.
Thus, the Lightning Network can comply with and evade regulation at the same time. This is not the worst prospect.
