In its quest for principled leadership, Europe may once again be out-regulating its own future. As with Russian sanctions, meant to isolate a rival but hit its own economies harder, the EU’s new guidelines on blockchain data processing risk undermining European innovation more than protecting its citizens.

During its April 2025 plenary, the European Data Protection Board (EDPB) released new Guidelines on the Processing of Personal Data Through Blockchain Technologies. Their intention is clear: ensure that blockchain technologies comply with the General Data Protection Regulation (GDPR) and uphold the rights and freedoms of individuals.

However, the impact could be devastating for public blockchain innovation in Europe.

What’s In the Guidelines?

The EDPB doesn’t classify blockchain itself as a personal data processing activity but instead analyses how its technical characteristics - immutability, decentralisation, transparency - collide with data protection principles.

The guidelines stress the need for data protection by design and by default, particularly because blockchains are resistant to data deletion by definition, this directly challenges GDPR’s right to erasure; while it is already possible to comply with the right to rectification, and data minimisation principle.

In a particularly controversial statement, in paragraph 63, the EDPB writes:

“When deletion has not been taken into account by design, this may require deleting the whole blockchain.”

This clearly places permissionless blockchains in jeopardy, as compliance could necessitate architectural overhauls that are technically and politically unfeasible.

From MiCA to GDPR: A Regulatory Minefield

While MiCA has laid the groundwork for regulating crypto assets in the EU, these new GDPR-aligned guidelines pile on complexity and risks.

The EDPB insists that:

  • Blockchain nodes processing personal data may still fall under the definition of data controllers or processors - i.e., actors who determine the purposes and means of the processing of personal data, or who process the data on behalf of the former
  • Encrypted personal data is still personal data, and encryption does not remove the need for GDPR compliance
  • Even public keys, hashed or on-chain commitment data, may qualify as personal data

In practice, these interpretations risk creating a de facto European ban on many existing blockchain systems, unless significant restructuring and re-architecting occur.

Where the Debate Lies

Hopefully, the EDPB is opening the debate. The guidelines will be subject to public consultation until 9 June 2025, providing stakeholders with the opportunity to comment. And it has already begun.

While we didn’t yet see reactions from frontline figures like Vitalik Buterin (Co-Founder, Ethereum), voices across the Web3 space are ringing alarm bells: the EU Crypto Initiative in collaboration with the Web3Privacy think tank deep dived into the different sections of the guidelines and protested that "Public blockchain must not become collateral damage of GDPR", joined by Raphaël Bloch from The Big Whale (Co-Founder and Editor-in-Chief) who warned that "This could kill public blockchains”.

Indeed, while customer protection should be a priority, the community wonders whether this initiative is really aimed at protecting people living in the European Economic Area (EEA), or if a war against permissionless networks is emerging.

The guidelines heavily favour permissioned blockchains, citing clearer accountability, and the EDPB is even openly taking a position: “Organisations should favour permissioned blockchains” and stresses that “Organisations should only explore different blockchain governance alternatives if well-justified and documented reasons hinder this preference” (paragraph 40).

While the European Union and the European Data Protection Board are undoubtedly acting in the interest of Europeans, the real question is whether citizens should have to bear the cost of being restricted to centrally controlled systems.

Broader Implications of the EU EDPB Blockchain Regulation

Because Blockchain is global by nature, this isn’t just a European issue. Using permissionless blockchain protocols often involves international transactions - since anyone can run a node and participate in the network security - involving so-called EU data subjects.

This could create regulatory crossfire for protocols and we recall highlights from the Paris Blockchain Week where it was stressed that protocols cannot comply with every jurisdiction globally at the same time.

Worse, Europe risks isolating itself while more agile jurisdictions in Asia, the Middle East, or the Americas attract innovation, builders and capital.

Bringing regulatory clarity is definitely needed, but Europe once again appears to lead with sanctions - once against its economy, this time against its technology.

What comes next

The EDPB is running a public consultation period until June 9, 2025.

The crypto and blockchain ecosystems have a window to voice concerns, share alternatives, and propose data protection-by-design frameworks that don’t stifle innovation or risk shutting down adopted systems, in Europe at least.

Will Europe evolve, or entrench itself further in its bureaucratic fortress?

If the guidelines are enforced as written, Ethereum, Solana, and other major networks would become non-compliant by default within the EEA.

CEOs and CTOs will need to make strategic choices, business and technology-driven.

  1. Will they (legally) operate in the European Economic Area?
  2. If so, how?

If businesses want to continue operating in Europe, they will need to review their architecture and implement solutions that allow them to comply with the regional regulatory framework. And this doesn’t look simple:

In paragraph 27 of the guidelines, the EDPB states that “Some approaches may provide ways of hiding identifiers using advanced cryptographic tools, but the data which replaces those identifiers may still constitute personal data.

The EU may take a regulatory lead - but without proportional support for experimentation and innovation, it risks falling behind and leading an exodus of the new Lumières - builders of borderless systems and planetary coopetition.

Share this article
The link has been copied!