Crypto transactions become reportable under the DAC 8

The EU Commission has released its draft amendment to the Directive on Administrative Cooperation (DAC) regarding crypto assets (the DAC 8). The DAC 8 will extend the automatic exchange of information obligations to crypto transactions from 2026. Obligations under the DAC 8 will apply to EU and, most likely non-EU crypto-asset service providers and operators. Crypto-asset service providers and operators should be assessing the implications for their businesses now in order to be ready in time.,

Additionally, the proposals would amend the Common Reporting Standard (CRS) to include within-scope electronic money products and digital currencies issued by central banks. The overall aim of the DAC series is to exchange information between tax authorities to fight tax evasion and tax fraud. The DAC 8 is just another step in completing the scope of information exchange amongst authorities to enable verification of declarative obligations by crypto-users.  The EU Commission estimated that the DAC 8 could generate additional tax revenues of up to €2.4bn.

The DAC 8 follows the OECD’s Crypto-Asset Reporting Framework (CARF) and will operate in conjunction with the Markets in Crypto-Assets (MiCA) Regulation, pending EU Parliament approval.

Who is impacted and needs to report?

Based on the draft DAC 8, crypto-asset service providers and operators will have reporting responsibilities.

There is also an extra-territorial aspect to this, as not only EU but also non-EU entities selling to EU customers may have reporting obligations, regardless of whether the reporting entity is EU regulated. 

Reporting entities will need to document their crypto-asset users through appropriate self-certification. This includes pre-existing users who became customers within one year of the DAC 8 coming into effect. In respect of reportable individuals, notifications must be issued in advance of reporting, taking into account General Data Protection Regulation (GDPR) rules. Reporting should also be conducted promptly to the competent authorities.

Reporting entities may consequently not only include traditional financial intermediaries but also, for example, non-regulated crypto platforms within and outside the EU.  With certain exceptions, non-EU crypto-asset operators will have to register in the EU Member State of their choice for reporting purposes.

The impact on crypto-asset users

Crypto-asset users resident in the EU will be reportable. For the purposes of carrying out reportable transactions, individuals and entities that are customers of a reporting entity are targeted.

There are nevertheless a few exemptions, such as government entities, international organisations, central banks, certain financial institutions and quoted entities.

Broad scope of reportable transactions

The reportable transactions include the broad scope of exchange transactions and transfers of reportable crypto assets. Reporting obligations will also cover non-fungible tokens (NFTs).

Both cross-border and domestic transactions must be reported. This contrasts with  the DAC 6 reporting for cross-border tax arrangements, where domestic arrangements are, in principle, only reportable if an EU Member State opts to include them.

Reporting deadline

According to the draft DAC 8, reporting to the relevant tax authorities will be required by 31 January of the year following the year of a reportable transaction. The first reporting year is likely to be the calendar year beginning 1 January 2026

The exchange between the tax authorities would then occur one month later.

Modification of the CRS

The definition of financial institutions, notably the depositary institution notion, under the CRS will be updated to cover electronic money products and central bank digital currencies.  Additionally, the CRS definition of in-scope investment entities will also be extended to include those entities investing or managing reportable crypto assets. Certain reporting and due diligence requirements will also be strengthened.

Penalties

In respect of non-compliant crypto-asset operators, the choice of penalties is under the control of EU Member States. Reporting crypto-asset service providers will, under certain circumstances, be obliged to prevent a user from performing exchange transactions.

The DAC 8 also sets minimum penalties for several existing reporting requirements under Automatic Exchange of Information (AEOI) provisions relevant to CRS, Country-by-Country Reporting (CbCR) and DAC 6 under certain circumstances. EU Member States will also need to introduce penalties for false CRS and DAC 8 self-certifications.

Next steps

While the draft DAC 8 provisions are not expected to apply until 1 January 2026, in-scope entities should start assessment and implementation projects as soon as possible, especially if IT systems need to be set up, altered or upgraded. 

Once the final DAC 8 text is approved, or there is reasonable certainty the text will not be significantly modified, impacted organisations will need to implement processes, procedures and compliance programmes enabling correct application of the DAC 8 due diligence and reporting obligations.

Steps will need to be taken to classify reportable users, reporting and advance notifications of protected reportable persons. In-scope organisations will also need to consider training relevant personnel.

Finally, post-implementation health checks are advised to ensure non-compliance is detected and remediated on time.