Skip to main content
Regulatory requirements affect API behavior depending on account jurisdiction. The following sections document active compliance changes that require integration adjustments.

MiCA: USDT Restrictions for EEA Users

Since December 30, 2024, EEA accounts cannot deposit, withdraw, or create WhiteBIT Codes in USDT. The restriction implements Markets in Crypto-Assets Regulation (MiCA) requirements — Tether (USDT issuer) has not obtained EU e-money authorization.

Impact on API Integrations

  • USDT deposit requests from EEA accounts are rejected at the server level
  • USDT withdrawal requests from EEA accounts are rejected at the server level
  • WhiteBIT Codes denominated in USDT are blocked for EEA accounts
  • No endpoint schema changes — the same endpoints are used, but the server returns an error for USDT operations from EEA-jurisdiction accounts
  • Non-EEA accounts are not affected
StablecoinIssuerMiCA Status
USDCCircleEU e-money license obtained
EURIEuro-peggedMiCA-compliant

Integration Guidance

Do not hardcode USDT as the default stablecoin for EEA users. Use the Asset Status endpoint (GET /api/v4/public/assets) to check available currencies dynamically. Build currency selection logic that respects jurisdiction-specific restrictions. Source: Changes to USDT Services for EEA Users (Help Center)

MiCA transaction thresholds

The following platform-level thresholds apply to EEA users under MiCA. Any integration should account for the possibility that end users may encounter additional verification steps at these levels:
ThresholdPlatform behaviour
> 1,000 EURAnonymous transactions prohibited — KYC required
≥ 10,000 EUR per transactionAdditional verification checks may apply
> 50,000 EUR annuallyEnhanced due diligence required
Only fiat-backed stablecoins (e.g., USDC, EURI) are permitted under MiCA. Algorithmic stablecoins are not allowed for EEA accounts.

Travel Rule: EEA Crypto Withdrawals

Since May 19, 2025, crypto withdrawals from EEA accounts (and Turkey) require a travelRule object in the withdrawal request body. The requirement implements the FATF Travel Rule for Virtual Asset Service Providers (VASPs).

Timeline

DateEvent
May 18, 2025New deposit status codes (27, 28) activated
May 19, 2025Travel Rule enforcement activated for withdrawals

Withdrawal Request: travelRule Object

The travelRule object is required on POST /api/v4/main-account/withdraw for crypto withdrawals from EEA accounts.
FieldTypeRequiredDescription
typestringYes (EEA crypto)Receiver type. Values: "individual" or "entity"
vaspstringYes (EEA crypto)Destination platform (VASP) name. Example: "Binance"
namestringYes (EEA crypto)If type = "individual": first name. If type = "entity": entity name.
addressstringYes (EEA crypto)If type = "individual": last name. If type = "entity": entity address.
Despite the field names, name contains the first name (or entity name) and address contains the last name (or entity address) — not a physical address. The mapping matches the OpenAPI spec field descriptions.

Code Example: Withdrawal with Travel Rule

# EEA crypto withdrawal with Travel Rule (individual)
curl -X POST https://whitebit.com/api/v4/main-account/withdraw \
  -H "Content-Type: application/json" \
  -H "X-TXC-APIKEY: YOUR_API_KEY" \
  -H "X-TXC-PAYLOAD: YOUR_PAYLOAD" \
  -H "X-TXC-SIGNATURE: YOUR_SIGNATURE" \
  -d '{
    "ticker": "ETH",
    "amount": "0.5",
    "address": "0x742d35Cc6634C0532925a3b844Bc9e7595f2bD18",
    "unique_id": "withdrawal-001",
    "travelRule": {
      "type": "individual",
      "vasp": "Binance",
      "name": "John",
      "address": "Doe"
    },
    "request": "/api/v4/main-account/withdraw",
    "nonce": "1709340000000"
  }'
For Go and PHP examples, see SDKs. Entity example: For entity withdrawals, set type to "entity", name to the entity name, and address to the entity address: 
"travelRule": {
  "type": "entity",
  "vasp": "Kraken",
  "name": "Acme Corp",
  "address": "123 Business Street, London, UK"
}

Deposit Status Codes

Two new deposit status codes indicate Travel Rule verification in progress.
Status CodeNameDescription
27DEPOSIT_TRAVEL_RULE_FROZENDeposit frozen pending Travel Rule verification
28DEPOSIT_TRAVEL_RULE_FROZEN_PROCESSINGTravel Rule verification in progress
Deposits with status 27 or 28 are not credited to the account balance until Travel Rule verification completes. Build deposit monitoring logic to handle status codes 27 and 28 gracefully — do not treat frozen deposits as failed deposits.

Integration Guidance

Partners must collect beneficiary information (type, VASP name, name, address) from end users before submitting withdrawal requests. Withdrawal requests from EEA accounts that omit the travelRule object will be rejected. Source: Travel Rule Requirements (Help Center)

Data Processing & Privacy

  • Data residency: Data processed in the European Union. Data Processing Agreement (DPA) available on request.
  • GDPR: WhiteBIT processes data in accordance with the General Data Protection Regulation (GDPR). GDPR is a European regulation, not a certification.
  • Sub-processors: For the current list of sub-processors, contact compliance@whitebit.com.
  • Data retention: For data retention policies, contact compliance@whitebit.com.

Certifications & Audits

CertificationDetails
ISO 27001Information security management. Audited by Hacken.
PCI DSS Level 1Payment card data security. Audited by Hacken.
CCSS Level 3Cryptocurrency Security Standard. Audited by Hacken.
For certificate numbers, issuing bodies, and validity dates, contact institutional@whitebit.com. Independent verification is available on request.

VASP Registrations

WhiteBIT holds VASP registrations in multiple jurisdictions. For a complete list of registration jurisdictions, supervising authorities, and registration numbers, contact compliance@whitebit.com.

Restricted Jurisdictions

For a current list of restricted and prohibited jurisdictions, contact compliance@whitebit.com.

Compliance Requirements May Expand

Regulatory requirements are evolving. Travel Rule enforcement and MiCA restrictions currently apply to EEA accounts (and Turkey for Travel Rule). Additional jurisdictions may be added. Monitor the WhiteBIT Help Center and the Changelog for updates.

What’s Next

Institutional Overview

Product catalog and partner-type routing.

Onboarding

Step-by-step institutional onboarding process.
For Go and PHP examples, see SDKs.