The Directive on Administrative Cooperation in the field of taxation (Directive on Administrative Cooperation — DAC) has undergone continuous development since its introduction. The eighth iteration, known as DAC8 (Council Directive (EU) 2023/2226, adopted on 17 October 2023), introduces a revolutionary change for the crypto sector: mandatory automatic exchange of tax information on crypto-asset transactions between the tax authorities of EU Member States. For crypto-asset service providers and e-money operators serving EU clients, this means a new, demanding compliance category. This text is for informational purposes only and does not replace individual legal advice.
Context: Why the EU Is Introducing DAC8
Crypto-assets have long been outside the scope of automatic exchange of tax information — a mechanism that had functioned for traditional financial accounts through FATCA (Foreign Account Tax Compliance Act) and CRS (Common Reporting Standard). The anonymity or pseudonymity of crypto transactions, combined with the absence of centralised custodians reporting to regulators, created a serious potential for tax evasion.
The OECD (Organisation for Economic Co-operation and Development) developed the Crypto-Asset Reporting Framework (CARF), and the EU transposed and integrated this framework into DAC8, adapting it to the specificities of the European market and regulatory landscape. In parallel, DAC8 also expands and updates reporting requirements for e-money and certain central bank digital currencies.
The fundamental objective is the same as for previous DAC iterations: to ensure that tax authorities have the data necessary for the proper taxation of income and assets of their residents, regardless of where those assets are held or through which channels they are traded.
Who Are the Reporting Entities Under DAC8
DAC8 reporting obligations fall on so-called Reporting Crypto-Asset Service Providers, which include:
Crypto-Asset Service Providers (CASPs) within the meaning of the MiCA regulation (Markets in Crypto-Assets Regulation, Regulation (EU) 2023/1114) that serve clients who are tax residents of the EU. It is important to note that the reporting obligation relates to the tax residency of the user, not the domicile of the CASP itself — meaning that CASPs headquartered outside the EU that serve EU residents also fall under this obligation.
E-money operators who control transactions involving e-money tokens.
All such entities must establish identification procedures to determine the tax residency of their users, collect relevant transaction data, and submit annual reports.
Which Transactions and Data Are Reported
The DAC8 reporting framework requires the submission of data on:
Exchanges of crypto-assets for fiat currency — every transaction in which a user sells crypto-assets for national currency or purchases crypto-assets with fiat must be recorded and reported.
Exchanges of one crypto-asset for another — these transactions, whose tax implications are in practice often overlooked, also fall within the reporting framework.
Transfers of crypto-assets — in certain circumstances, transfers between different addresses/accounts must also be recorded, particularly when they indicate a potential realisation of income.
The information collected about each user includes: full name or legal entity name, address, date and place of birth (for natural persons), tax identification number, registration number, and, for legal entities, identifying information about controlling natural persons.
For each category of reportable transactions, the total amounts and number of transactions during the reporting year are stated.
Reporting Procedure and Data Exchange
EU Member States were required to transpose DAC8 into national legislation by 31 December 2025, and the new provisions apply from 1 January 2026. A CASP collects the required data over the calendar year and submits an annual report to the tax authority of the EU Member State in which it is registered (for EU-based CASPs) or in one of the EU Member States of its choosing (for entities outside the EU using the registration mechanism). The deadline for submitting the report for the previous reporting year is set by each Member State within the limits of the Directive and varies in practice (for example, 31 May in Ireland, 30 June in Luxembourg).
The tax authority of the Member State in which the CASP is registered automatically exchanges the received data with the tax authorities of the states in which the reportable users are resident. This process takes place through the appropriate IT infrastructure for inter-administrative exchange.
Users must be notified that their data is subject to reporting, which is typically embedded in the terms of service and privacy policy.
Obligations for CASPs Outside the EU
One of the most significant aspects of DAC8 is its extraterritorial reach. CASPs that are not headquartered in the EU but serve users who are tax residents of EU Member States must either:
- Register in one of the EU Member States and submit reports through that channel, or
- Use an equivalent data exchange mechanism if their jurisdiction has a bilateral exchange agreement that the EU recognises as equivalent.
This means that global crypto exchanges with an EU user base cannot simply ignore DAC8 by citing their non-EU domicile. Failure to comply may result in a ban on providing services to EU users and in significant sanctions.
DAC8’s Interaction with CARF and the Global Standard
DAC8 and the OECD’s CARF are fundamentally the same framework, with CARF being the global standard intended for bilateral application between various jurisdictions, while DAC8 is the EU-specific implementation. For global CASPs, compliance with one standard in practice means progress towards compliance with both.
What distinguishes the EU implementation is a somewhat broader scope (including certain aspects not covered by CARF), mandatory application across all EU Member States, and procedural details that follow the EU institutional structure.
Frequently Asked Questions (Q&A)
From when must CASPs collect data and submit their first reports under DAC8? Under the provisions of the Directive, the obligation to collect data applies from 1 January 2026. The first reports cover transactions from calendar year 2026 and are submitted to national tax authorities during 2027 — by the date prescribed by each Member State, which varies in practice (for example, 31 May 2027 in Ireland, 30 June 2027 in Luxembourg) — while the first automatic exchange of data between tax authorities is expected by 30 September 2027. For precise deadlines, the regulations of the relevant Member States in which you operate should be consulted, as implementation variations are possible.
Does DAC8 require reporting on all crypto users or only on suspicious ones? DAC8 is an automatic system that requires reporting on all users who are EU tax residents — not only on suspicious cases. This fundamentally distinguishes it from AML (Anti-Money Laundering) reporting (where suspicious transactions are reported) and from the manual exchange of information on request. The automatic and comprehensive nature of the reporting is a key feature of the system.
What happens if a CASP misses the reporting deadline? Late or inaccurate filing may result in financial penalties, which each Member State prescribes within its implementing legislation. The EU Directive requires that sanctions be “effective, proportionate, and dissuasive.” In addition to financial penalties, there is also reputational risk, as well as the risk of losing a MiCA licence.
How does DAC8 affect users who trade crypto-assets? Users should be aware that transaction data regarding their crypto activities is automatically transmitted to the tax authority in their country of residence. This means that properly declaring income from crypto-assets in tax returns is not merely a recommendation but a legal obligation that can now be automatically verified.
Conclusion
DAC8 closes one of the last regulatory gaps in tax transparency for the crypto sector. For CASPs and e-money operators, this means a new, demanding category of compliance obligations that are significant in scope and technical complexity. Preparing the technological infrastructure for data collection and reporting, aligning KYC (Know Your Customer) procedures with DAC8 requirements, and training staff cannot be left until the last moment.
If your company has or plans to build an EU crypto user base and wishes to understand the specific obligations and steps that DAC8 imposes, our team specialising in digital asset tax regulation is available for a consultation.
Sources: – https://eur-lex.europa.eu/eli/dir/2023/2226/oj – https://ec.europa.eu/taxation_customs/tax-policy/administrative-cooperation/dac8-new-reporting-rules-crypto-assets_en – https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52022PC0707 – https://www.oecd.org/tax/exchange-of-tax-information/crypto-asset-reporting-framework-and-amendments-to-the-common-reporting-standard.htm