EU DAC8 Directive Explained: Crypto Tax Reporting Rules for CASPs
INTRO
The EU DAC8 Directive requires Crypto-Asset Service Providers (CASPs) operating in the European Union to collect customer identification and transaction data and report it to national tax authorities starting from 1 January 2026. While the directive is officially in force, approximately 12β13 Member States faced formal infringement procedures from the European Commission in early 2026 for failing to transpose the rules into national law by the deadline. First reports for the 2026 calendar year are due between January and September 2027. DAC8 aligns with the OECD's Crypto-Asset Reporting Framework (CARF) and extends the EU's existing tax information exchange system to cover crypto assets.
Quick Facts
- DAC8 was adopted by EU member states on 17 October 2023 and published in the EU Official Journal on 24 October 2023. Source: EUR-Lex, Council Directive (EU) 2023/2226. As of March 2026, most states have implemented it, with Luxembourg formally adopting its transposition law on 19 March 2026.
- Reporting obligations apply from 1 January 2026. First reports are due between 1 January and 30 September 2027 depending on the jurisdiction. Source: European Commission.
- DAC8 scope is extraterritorial: crypto exchanges outside the EU must comply if they serve EU-resident users.
- DAC8 covers all MiCA-defined crypto assets plus stablecoins, e-money tokens, and qualifying NFTs used for investment or payment.
Why the EU Is Expanding Crypto Tax Transparency
The EU's Tax Transparency Framework was built to close the gap between assets held cross-border and the information available to tax authorities in residents' home countries.
Since 2011, the Directive on Administrative Cooperation (DAC) has progressively expanded the categories of financial information that EU member states automatically exchange. Crypto assets were the remaining significant category, and DAC8 closes that gap to prevent an estimated β¬1.4 billion in annual lost tax revenue.
For example, tax authorities across EU member states faced a structural problem: a German resident using a crypto exchange licensed in Malta generated transaction data that German authorities could not automatically access. The European Commission identified this as a situation where crypto assets enable transactions that are difficult for tax authorities to monitor, creating systemic under-reporting risk across the bloc. The policy response follows the same logic applied to traditional financial accounts over the previous decade: require the platform facilitating transactions to collect and report what banks and brokers have reported for decades.
DAC8 is not a new tax on crypto. It is a data collection obligation that makes existing tax rules enforceable.
Understanding the DAC8 Directive
EU DAC8 Crypto Reporting takes the form of Council Directive (EU) 2023/2226, the eighth amendment to the EU's Directive on Administrative Cooperation. The DAC Framework governs how EU member states share financial information about each other's residents automatically through the Automatic Exchange of Information (AEOI) mechanism. Each DAC amendment adds a new category of financial data to the scope of mandatory exchange β DAC8 adds crypto-asset transactions, treating CASPs similarly to banks and brokers for reporting purposes.
The directive builds on definitions from the EU's MiCA Regulation, ensuring consistency between the licensing framework and the tax reporting framework. DAC8 also deliberately aligns with the OECD's Crypto-Asset Reporting Framework (CARF), enabling EU member states to participate in both the EU exchange network and the broader global CARF mechanism.
Which Crypto-Asset Service Providers Fall Under DAC8
A Crypto-Asset Service Provider (CASP) under DAC8 follows the MiCA definition: any legal person providing crypto-asset services professionally on behalf of clients. The services covered include custody, operation of a trading platform, exchange of crypto assets for fiat or between crypto assets, transfer services, and advice on crypto assets.
Notably, NFT Marketplaces are specifically included if they facilitate the sale or exchange of NFTs for investment or payment purposes, even if they are not subject to MiCA.
In practice, this means centralized exchanges, custodial wallet providers, crypto brokers and OTC desks, crypto payment processors, and certain platforms with an identifiable service layer. The scope is determined by the tax residency of the users being served, not by where the CASP is incorporated. A CASP outside the EU serving EU-resident users falls within DAC8's reporting obligations under its extraterritorial reach provisions. This is deliberate: limiting scope to EU-incorporated entities would have created an incentive to route EU users through offshore entities to avoid reporting. Non-EU CASPs serving EU residents may be required to register with a designated EU member state's tax authority for reporting purposes.
Which Crypto Transactions Are Reportable Under DAC8
Reportable crypto transactions under DAC8 cover four categories: the exchange of crypto assets for fiat currency, the exchange of fiat currency for crypto assets, the exchange of one crypto asset for another, the transfer of crypto assets to external addresses, and the use of crypto assets as consideration in retail payment transactions.
The scope is intentionally broad, covering not only classic taxable events such as selling crypto for profit but all exchange and transfer activity conducted through regulated platforms. The asset types within scope extend to crypto assets issued in a decentralized manner, stablecoins and e-money tokens, and certain NFTs where they function as investment or financial instruments β not only the narrowest MiCA-defined categories. This broader asset scope reflects the EU's intent to close definitional loopholes. The determination of tax liability remains with the national tax authority receiving the data; the CASP's obligation is to report comprehensively.
Reportable Transactions Include:
(1) Exchange of crypto assets for fiat currency.
(2) Exchange of fiat currency for crypto assets.
(3) Exchange of one crypto asset for another.
(4) Transfer of crypto assets to external addresses (including self-custody wallets).
(5) Retail payment transactions: Transfers for goods or services are reportable only if the value exceeds $50,000.
What Data CASPs Must Collect and Report
Customer Identification Information
Customer Tax Residency Identification goes beyond what standard AML/KYC processes typically require. For each reportable user, CASPs must collect and verify: the user's legal name, date of birth, primary address, taxpayer identification number (TIN) for each jurisdiction of tax residence, and all jurisdictions of tax residence. A user may have multiple jurisdictions of tax residence β all must be captured and reported.
The distinction between AML Identity Verification and DAC8 Tax Residency verification is operationally significant. AML confirms who the user is; DAC8 requires knowing where the user is tax resident, which may differ from their nationality or country of account registration.
For new users, the self-certification requirement applies at onboarding from 1 January 2026. For pre-existing users β those who opened accounts before 1 January 2026 β platforms have until 1 January 2027 to obtain the required self-certifications, creating a retroactive data collection program for established platforms with large user bases.
Transaction and Asset Reporting Data
For each reportable transaction, CASPs must submit: (1) the transaction type (exchange, transfer, payment), (2) the crypto asset type, (3) the amount in both native asset units and (4) fiat equivalent at transaction time, and (5) the transaction date. This data structure follows the format aligned with the OECD's XML schema, enabling automated processing and exchange between member states' tax authorities.
The regulatory reporting infrastructure required for DAC8 compliance involves technical systems capable of capturing the required data fields, calculating fiat equivalents at transaction time, and producing annual reports in formats compatible with national tax authority submission requirements. Each EU member state specifies its own submission process, meaning platforms serving users across multiple EU jurisdictions manage submissions to multiple national portals or use intermediary reporting services.
How DAC8 Expands Tax Data Sharing Between EU Member States
Cross-border tax data exchange within the EU under DAC8 operates through the AEOI infrastructure already used for CRS. A CASP licensed in one member state collects and reports transaction data for all its EU-resident users. The CASP's home member state tax authority receives the full report and automatically transmits data about users resident in other member states to those states' tax authorities annually.
The practical architecture is a routing function: an exchange licensed in Ireland submits a consolidated report to the Irish Revenue Commissioners, which transmits data about German-resident users to the Bundeszentralamt fΓΌr Steuern, data about Spanish users to the Agencia Tributaria, and so on. Because DAC8 deliberately aligns with CARF, alignment with global crypto reporting standards extends this further: EU member states can also participate in CARF's global exchange mechanism, transmitting data about non-EU resident users to those countries' tax authorities through the international CARF network.
What DAC8 Means for Crypto Businesses Operating in the EU
Compliance obligations for crypto platforms under DAC8 require simultaneous changes to Customer Due Diligence (CDD) processes, data management systems, and annual reporting workflows. The operational workload involves: updating onboarding to capture tax residency and TINs for new users, running retroactive certification processes for pre-existing users, and building systems to produce annual transaction reports in the required format. Platforms that onboarded large user bases before DAC8 obligations were established face the most intensive retroactive data collection effort.
In addition, non-compliance carries material consequences. EU member states implement penalty regimes under EU Minimum Penalty Standards, often calculated as a percentage of annual turnover. For MiCA-licensed platforms, non-compliance with DAC8 reporting obligations can also be used by national regulators to restrict or revoke passporting rights β making tax compliance a condition of licensure.
Under Council Directive (EU) 2023/2226, member states were required to transpose DAC8 into domestic law by 31 December 2025, with reporting rules applying from 1 January 2026. Reports for calendar year 2026 must be submitted between 1 January and 30 September 2027. TIN validation obligations take effect from 1 January 2028. For compliance teams managing DAC8 alongside MiCA and AML obligations, sequencing these work-streams against applicable deadlines is the near-term priority.
Key Takeaways
EU DAC8 Crypto Reporting is the EU's regional implementation of the global trend toward mandatory crypto tax transparency, bringing to crypto-asset service providers the same automatic exchange obligations that apply to banks and brokers.
The directive entered into force on 1 January 2026, meaning platforms are already in the first reporting year with no preparatory window remaining. The scope of DAC8 is broader than a narrow reading might suggest. Extraterritorial application to non-EU CASPs serving EU residents, wide asset coverage including stablecoins and qualifying NFTs, and comprehensive transaction scope mean that most platforms with significant EU user bases will be within scope regardless of where they are incorporated. For compliance teams, DAC8 introduces obligations distinct from AML and KYC: collecting tax residency and TINs, managing self-certification for pre-existing users, and producing annual reports in OECD-aligned formats.
The connection between DAC8 and MiCA licensing makes this a business-critical obligation β not a tax matter that can be handled separately from the broader compliance function.
This article is for informational purposes only and does not constitute legal, financial, or investigative advice. Recovery outcomes depend on specific factual and legal circumstances.
-AMLBot Team
FAQ
What Is the DAC8 Directive in the European Union?
DAC8 is the eighth amendment to the EU's Directive on Administrative Cooperation, formally adopted as Council Directive (EU) 2023/2226 on 17 October 2023. It extends the EU's Automatic Exchange of Information framework to include crypto-asset transactions, requiring CASPs to collect user transaction data and report it to national tax authorities. The directive aligns with the OECD's CARF standard, enabling EU member states to participate in the broader global crypto tax information exchange network.
Why Did the EU Introduce DAC8 for Crypto Assets?
The EU introduced DAC8 to close a tax data gap: crypto transactions fell outside the existing DAC/CRS framework, meaning tax authorities could not automatically verify whether residents correctly declared crypto income and gains. As crypto adoption grew across EU member states, unreported or under-reported crypto activity became a material enforcement concern. DAC8 applies the same logic used for bank accounts β require the intermediary facilitating transactions to report what tax authorities cannot otherwise observe.
Why Did the EU Introduce DAC8 for Crypto Assets?
The EU introduced DAC8 to close a tax data gap: crypto transactions fell outside the existing DAC/CRS framework, meaning tax authorities could not automatically verify whether residents correctly declared crypto income and gains. As crypto adoption grew across EU member states, unreported or under-reported crypto activity became a material enforcement concern. DAC8 applies the same logic used for bank accounts β require the intermediary facilitating transactions to report what tax authorities cannot otherwise observe.
Which Companies Must Comply with DAC8 Reporting Rules?
DAC8 applies to Reporting CASPs facilitating reportable transactions for EU-resident users β exchanges, custodians, brokers, and payment processors. The obligation is determined by user tax residency, not CASP location: a crypto exchange incorporated outside the EU that serves EU-resident users may fall within scope and may need to register with a designated EU member state's tax authority for reporting purposes.
What Types of Crypto Transactions Are Reportable Under DAC8?
DAC8 covers exchanges between crypto and fiat in both directions, crypto-to-crypto exchanges, transfers of crypto assets to external addresses, and use of crypto as retail payment β when facilitated by a Reporting CASP for a reportable user. Scope extends to all MiCA-defined assets, stablecoins, e-money tokens, and qualifying NFTs. The CASP reports comprehensively; the receiving tax authority determines taxability.
What Information Must Crypto Platforms Report Under DAC8?
Platforms must report customer identification data β full name, date of birth, address, TINs, and all jurisdictions of tax residence β and transaction data covering each reportable transaction: type, crypto asset, amount in native units and fiat equivalent, and date. Customer data must capture all jurisdictions of tax residence, not only the primary one, formatted to align with the OECD XML schema.
How Does DAC8 Enable Tax Data Exchange Between EU Countries?
A CASP submits its annual report to its home member state's tax authority, which automatically transmits data about users resident in other EU member states to those states' tax authorities through the existing AEOI infrastructure. This happens annually, using the same mechanism already operating for CRS data on bank accounts. Receiving authorities use the data to verify crypto income declarations.
How Is DAC8 Related to the OECD CARF?
DAC8 is the EU's legal implementation of CARF, using CARF's definitions and data categories within the EU's DAC framework. This deliberate alignment allows EU CASPs to fulfill both DAC8 and CARF obligations through a single integrated reporting process. Data collected under DAC8 for non-EU users also feeds CARF's global exchange mechanism, connecting EU CASPs to the international tax information exchange network.
Does DAC8 Apply Only to Companies Located in the EU?
No. DAC8 applies based on where users are tax resident, not where the CASP is incorporated. A crypto platform outside the EU serving EU-resident users may fall within DAC8's scope under its extraterritorial provisions, potentially requiring registration with a designated EU member state's tax authority. Specific legal analysis is required to determine applicability for non-EU platforms.
When Will DAC8 Reporting Requirements Come Into Force?
Data collection obligations apply from 1 January 2026 β the first reporting year. Reports for calendar year 2026 are due between 1 January and 30 September 2027. Pre-existing users must provide tax residency self-certifications by 1 January 2027. TIN validation obligations apply from 1 January 2028. EU member states were required to transpose DAC8 into domestic law by 31 December 2025.
Does DAC8 Apply Only to Companies Located in the EU?
No. DAC8 applies based on where users are tax resident, not where the CASP is incorporated. A crypto platform outside the EU serving EU-resident users may fall within DAC8's scope under its extraterritorial provisions, potentially requiring registration with a designated EU member state's tax authority. Specific legal analysis is required to determine applicability for non-EU platforms.
What Does DAC8 Mean for Compliance Teams in Crypto Companies?
DAC8 requires compliance teams to extend beyond AML/KYC into tax reporting: collecting TINs and tax residency, managing self-certification programs for existing users, building systems to produce DAC8-formatted annual reports, and submitting those reports to national tax authorities. For MiCA-licensed platforms, non-compliance risks passporting rights alongside financial penalties β making DAC8 a licensing condition rather than a secondary compliance obligation.