XRP Ledger Activates On-Chain KYC/AML In Major Upgrade

The XRP Ledger (XRPL) activated its “Credentials” amendment on September 4, 2025 at 03:51:21 UTC, bringing a native, standards-aligned identity layer to the base protocol and enabling KYC/AML-aware flows directly ￰0￱ upgrade follows the XRPL’s amendment governance model—an 80%+ validator supermajority maintained for two weeks—culminating in an EnableAmendment event that permanently switches the new rules on for all subsequent ￰1￱ Adds Native KYC And AML Controls At the heart of the change is XLS-0070 (“Credentials”), a specification designed to let issuers attest facts about an XRPL account—such as identity verification or sanctions status—in a way that other participants can rely on without exposing private documents to the ￰2￱ the XRPL documentation puts it, “The Credentials feature is a set of tools for managing authorization and compliance requirements using the XRP Ledger blockchain, while respecting privacy and decentralization.” The design “draws from the W3C Verifiable Credentials standard,” adapting it so that the subject of a credential is an XRPL address rather than a URL.

Ripple’s open-source spec site captures the institutional rationale succinctly: “Credentials provide a set of tools for managing authorization and compliance requirements on the XRP Ledger, while respecting privacy and decentralization”—a framing that makes the feature legible to regulated actors who need attestations without building proprietary allow-lists. Functionally, the amendment introduces new protocol-level objects and transactions so attestations can be issued, accepted, referenced and revoked ￰3￱ XRPL’s Known Amendments registry enumerates the changes: three new transactions—CredentialCreate (issuer provisions a credential), CredentialAccept (subject validates it), and CredentialDelete (revocation/cleanup)—plus a new Credential ledger entry ￰4￱ also extends the existing DepositPreauth feature so deposit authorization can be expressed in terms of credential requirements, and adds a CredentialIDs field to several transactions (including Payment, EscrowFinish, PaymentChannelClaim, and AccountDelete) so a sender can present a set of credentials when interacting with a destination that enforces compliance gates.

Crucially, the concept docs emphasize that personal documents never touch the ￰5￱ a canonical flow, a business that must restrict interactions to KYC’d accounts names trusted issuers off-chain; the issuer verifies the user privately and then writes only a signed credential to the ledger. “The documents that the user sends… are never published or stored on the blockchain,” yet multiple counterparties can rely on the same credential, avoiding redundant ￰6￱ balance—on-chain attestations, off-chain evidence—mirrors the W3C Verifiable Credentials model while keeping attestations portable across the XRPL’s ￰7￱ activation also slots into a broader roadmap aimed at institutional-grade ￰8￱ are a prerequisite and companion for other permissioned constructs under consideration, such as Permissioned Domains and a Permissioned DEX , which expect participants to present valid credentials to access controlled liquidity or domain-scoped ￰9￱ documentation for those proposals explicitly ties enforcement back to Credentials, underscoring that the identity layer is designed to be reusable across product surfaces rather than a one-off ￰10￱ an implementation standpoint, the feature has been visible to developers for months: Ripple’s reference server ( rippled ) releases highlighted Credentials among new amendments, the doc set shipped end-to-end guidance and code samples for testing on Devnet, and explorers tracked validator votes toward the 28/35 threshold.

Today’s mainnet enablement flips the feature from “open for voting” to production reality, allowing issuers, exchanges, and fintechs to build credential-gated flows that settle atomically on XRPL. Technically, the change is conservative but ￰11￱ CredentialIDs can now ride alongside standard Payment semantics, an institution can—at the protocol layer—only accept deposits when the presented set of credential hashes matches a policy it has configured via ￰12￱ enforcement happens without bespoke middleware and is recorded in transaction metadata, improving auditability for regulated ￰13￱ with existing primitives (trust lines, AMM , DEX, escrow), the path is open to programmatic policies like “accept euro-stablecoin from counterparties with an up-to-date KYC credential from issuer X, and route cross-currency through a permissioned market if both sides meet domain requirements.” At press time, XRP traded at $2.82.