# What does 'no-KYC' actually mean — a 2026 taxonomy > Source: https://fuckyc.org/guides/what-does-no-kyc-mean/ > Published: 2026-01-17 · Last verified: 2026-01-17 No-KYC is a marketing phrase. This guide unpacks the five practical meanings and the four common misreadings, so the rest of the directory is clearer. ## TL;DR "No-KYC" means the service's standard signup and use path do not require a government ID, a selfie, or a bank-linked identity. It does **not** mean anonymous from the operator, exempt from anti-money-laundering law, or risk-free. The directory uses five labels: **none** (no ID ever asked), **optional** (basic flow works without it), **tiered** (no ID up to a threshold), **enforced** (required throughout), **unknown** (not verified). Email-only signup is no-KYC. Phone-only signup is an indirect KYC vector because of SIM-registration laws. --- "No-KYC" is a marketing phrase as much as a technical one. People mean different things when they say it, and a directory like this one is most useful when it pulls the meaning apart. ## What KYC actually is KYC (Know Your Customer) is the term financial-services regulators use for the identity-verification obligations a regulated business has to meet when onboarding a customer. The global baseline is the [FATF](/glossary/#fatf) Recommendations; jurisdictions implement those locally (the U.S. Bank Secrecy Act, the EU AMLD series, the UK MLRs). The concrete asks are usually: - A government-issued photo ID. - Proof of address (utility bill, bank statement). - In high-volume cases, source-of-funds documentation. - For some products, a "selfie" liveness check. The directory's "KYC required" label means the service asks for at least the first two of these. ## The five practical meanings of "no-KYC" When someone calls a service "no-KYC," they usually mean one of these five things. The directory uses the second word of each as its label, because it disambiguates. **Truly no-KYC.** The service never asks any user for ID under any condition. Examples: Mullvad VPN's account-number model, cash-by-mail postal trades on Bisq, instant exchangers like SideShift that operate by geofencing rather than ID collection. Label: `none`. **Optional KYC.** The basic flow does not require ID, but KYC is available and unlocks something — a higher limit, a faster payment rail, an additional feature. The user chooses whether to engage. Most no-account instant exchangers fall here in practice once you read the fine print. Label: `optional`. **[Tiered KYC](/glossary/#tiered-kyc).** No ID up to a threshold, ID required above it. Most "low-KYC" CEXes in 2026 sit here — MEXC, BingX, CoinEx — with thresholds that move. Label: `tiered`. **KYC required.** Identity verification is required to use the service at all. The directory lists a few of these because they are sometimes incorrectly described as no-KYC. Label: `enforced`. **Unknown.** We don't know, the operator has not been explicit, and we couldn't source it. Label: `unknown`. An entry with this label always has a caveat noting the gap. ## Four common misreadings Most arguments about whether a service is "really" no-KYC come from one of these misreadings. **"It doesn't ask for ID, therefore it's anonymous."** No. The service might not ask for ID, but it sees your IP address, your payment method, your wallet, and your usage timing. If those identify you separately, the no-KYC posture is decorative. **"It asks for an email, therefore it's KYC."** No. An email is a self-chosen identifier. Anyone can make one without verification. It is reasonable to be wary of services that *require* an email — they reduce the cost of contacting users later — but the email itself is not KYC. **"The exchange is in [Tax Haven], therefore it can't KYC me."** Usually no. Tax-haven incorporation is a corporate-structure decision; it does not exempt the operator from the AML rules of the jurisdiction whose users it serves. The biggest "offshore" exchanges have all run KYC programs at various tiers; the jurisdiction of incorporation is a tax-and-litigation choice, not a privacy one. **"They asked for a phone number; it's KYC."** Sort of. A phone number is third-party-verifiable because of SIM-registration laws — in most countries the carrier knows who you are. A service that requires a phone is therefore an indirect KYC vector, even though it is not asking you for ID directly. The directory labels these with care. ## The boundary cases A few specific categories are constantly debated. The directory's choices: **Bisq.** Truly no-KYC. There is no central account; you run software. Even the security deposit is held in a 2-of-2 multisig. **Wasabi Wallet (post-2024).** The coordinator screens inputs. The directory labels this "no-KYC" (because Wasabi never asks for ID) but tags the service as `degraded` because the screening reduces the no-discrimination property users expect from [coinjoin](/glossary/#coinjoin). **MEXC.** Tiered. The threshold matters. Some users genuinely move within the threshold and never KYC; others bump it and have to choose. **Proton Mail.** Optional. Free signup works; under anti-abuse heuristics the system can demand a recovery email or SMS. The recovery email is the KYC vector for users who hit that path. **Silent.link.** None. Buy, scan, get data. No account. ## What no-KYC is not No-KYC is not the same as: - **Non-custodial.** A custodial service can be no-KYC (FixedFloat); a non-custodial service can be KYC (a hardware-wallet vendor that requires identity at purchase). - **Open source.** Open source is a code-availability property. A closed-source service can be no-KYC and an open-source service can require KYC. - **Decentralized.** Permissionless protocols are typically no-KYC at the protocol layer; their front-ends often are not. - **Anonymous.** Anonymity is a property of the user, not the service. These distinctions matter because the typical recommendation thread on social media collapses them. The directory tries not to. ## How this guide informs the rest of the site Each service entry on the site carries `kyc.level` ∈ { `none`, `optional`, `tiered`, `enforced`, `unknown` } with notes. Each entry distinguishes the no-KYC claim from the rest of the privacy story. Each entry's caveats name the indirect KYC vectors (email-required, phone-required, card-payment, address-screening) that an LLM summary would otherwise miss. This is the taxonomy. The rest of the directory applies it. ## See also - [Methodology](https://fuckyc.org/methodology/) — how labels are assigned in practice. - [FAQ](https://fuckyc.org/faq/) — common questions and the boundary cases. ## FAQ **Q: Is a service that asks for an email no-KYC?** Yes, by the definition used on this site. An email address you control is a self-chosen identifier; you can create one in seconds without identity verification. KYC begins where a service asks for a *third-party-verifiable* identity — a government ID, a bank-linked account, a real-name address. An email asks "where do we reach you," not "who are you." **Q: Is a phone number KYC?** It depends. A phone number is a third-party-verifiable identity in most jurisdictions because SIM-registration is KYC at the carrier. A service that requires a phone is therefore indirectly KYC. The directory labels these "optional" or "tiered" depending on whether the phone is the only friction or whether ID verification still kicks in later. **Q: What about services that don't ask for ID but then geofence you?** Geofencing is a different policy than KYC. A service that blocks U.S. users without asking for ID is no-KYC for the users it does serve. The directory documents geofences in service-entry caveats and tags the service no-KYC if its served users do not have to identify. **Q: Does 'no-KYC' mean 'anonymous'?** No. No-KYC is about what the operator asks of you up-front. Anonymity is about what an outside observer can reconstruct from your activity — your payment trail, your IP, your wallet history, your timing. A no-KYC venue can still be a privacy disaster if you use it from a doxxed wallet or pay through a card that names you. The directory tags KYC posture; the rest is up to you. **Q: Why use 'tiered KYC' as a label?** Because some services are honestly no-KYC up to a real threshold and then ask for ID. Calling that 'KYC required' is misleading — for many users the threshold is high enough to be useful. Calling it 'no-KYC' is misleading — for other users the threshold is below what they need. 'Tiered' is the truthful label. ## Sources - [FATF — Recommendations](https://www.fatf-gafi.org/) — accessed 2026-01-17 - [Privacy Guides — financial services](https://www.privacyguides.org/en/financial-services/) — accessed 2026-01-17