1) we cannot breach the law and avoid KYC/AML
no, we cannot. Present EU AML directives are quite clear.
He knows very well that european directives don't have direct effect on private relations. Only bind states to adopt internal legislation. https://en.wikipedia.org/wiki/Directive_(European_Union).
I told him that more than a month ago:
You quoted European directives?! You have to know that directives are only binding on State members in order to compel them to approve national legislation. They are completely irrelevant on the relations between private persons, as you well know.
He is invoking european directives (only the 5th AML european directive of 2018 applies to crypto exchanges, but Italy hasn't yet execute it with internal legislation) well aware that they are irrelevant to this case.
But as I said, Italy adopted their Legislative Decree No. 90 of 25 May 2017 on AML and KYC duties, but his article 3, n.º 5, says that crypto exchanges are restrictively ("limitatamente") subject to this duties only on their operations of conversion from crypto to fiat. That is, to customers who ask for fiat withdrawals. I left clear 4 years ago to him on an email exchange that I wouldn't ask for any fiat withdrawal. And he confirmed their TOS: that in this case verification was voluntary.
What they are doing is completely contrary to their own TOS/FAQ and to italian law.
Again I want to thank r34tr783tr78, Mirae and now JollyGood for their attention to this case.