OECD Crypto-Asset Reporting Framework (CARF): Requirements for Crypto Businesses

INTRO

Governments are increasing oversight of crypto markets — not by banning activity, but by making it visible.

The core issue is simple:
crypto transactions can be executed globally, often outside traditional financial systems. As a result, tax authorities historically had limited visibility into cross-border crypto activity.

The Crypto-Asset Reporting Framework (CARF) was introduced by the OECD to close this gap. It creates a standardized system where crypto platforms collect user and transaction data — and tax authorities exchange that data internationally. In this guide, we’ll break down: (1) what CARF is; (2) which businesses must comply;(3) what data must be reported; (4) how.

Quick Facts

• 67 jurisdictions have committed to implementing the crypto asset reporting framework, covering all EU member states, the UK, Japan, Brazil, Chile, and others. Source: OECD, 2025.
• The OECD released XML technical schemas for CARF data transmission in October 2024, enabling standardized cross-border reporting. Source: OECD, October 2024.
• First international exchanges under CARF are expected in 2027 for the 2026 data year.

Why the OECD Introduced the Crypto-Asset Reporting Framework

The rise of crypto created a structural problem for tax systems. Traditional financial reporting frameworks, like bank reporting under CRS, were designed for centralized institutions. Crypto introduced: peer-to-peer transfers, global platforms, and non-traditional intermediaries. This made international crypto tax transparency difficult to achieve. Without a unified system: users could transact across borders, platforms were not required to report data, and enforcement depended on voluntary disclosure. CARF was created to solve this. It establishes a global regulatory coordination model.

International Crypto Tax Transparency: The Policy Problem

International crypto tax transparency is the ability of national tax authorities to access data on their residents’ crypto transactions conducted through foreign platforms. Under the pre-CARF framework, individuals could conduct crypto transactions through platforms abroad with no automatic reporting obligation to their home tax authority. Tax obligations existed in law, but enforcement was constrained by the absence of data. The OECD identified a parallel with the offshore banking problem the Common Reporting Standard (CRS) was designed to address. Crypto created a category of potentially unreported financial activity that CRS did not cover.

Global Regulatory Coordination

The multilateral process through which OECD and participating governments agreed on a common standard for data collection, reportable transactions, and information exchange. Without a common framework, countries would implement incompatible rules. CARF establishes shared definitions, data formats, and exchange protocols so participating countries can send and receive tax information consistently.

According to the OECD’s 2025 Monitoring Update, first real data flows are expected in 2027.

What Is the Crypto-Asset Reporting Framework (CARF)

CARF is a reporting standard developed by the OECD defining which entities must report, which transactions are covered, what data must be collected, and how it is exchanged between national tax authorities.

Published in 2022, CARF is built around four elements: the scope of reporting entities, the definition of reportable transactions, the data collection requirements, and the exchange mechanism through automatic information exchange.

CARF is the crypto counterpart to the Common Reporting Standard (CRS) — where CRS covers banks, brokers, and investment vehicles, CARF covers crypto-specific intermediaries and transactions.

Compliance Obligations for Exchanges and Intermediaries

A Reporting Crypto-Asset Service Provider (RCASP) is any entity providing services that facilitate exchange transactions in crypto assets — acting as a counterparty, intermediary, or platform operator.

This covers: centralized crypto exchanges, custodial wallet providers, brokers and dealers, crypto ATM operators, and certain DeFi platforms. The OECD’s October 2024 guidance confirms that non-custodial service providers can also qualify as RCASPs under certain conditions.

Which Crypto Businesses Must Comply with CARF

Any entity facilitating exchange transactions in crypto assets for customers in a CARF-participating jurisdiction, where users are tax residents of a participating country.

Regulatory Oversight of Crypto Markets: Who Is In Scope

CARF’s scope is defined by the Reporting CASP concept, any entity offering exchange services between crypto and fiat, or between different crypto assets, on behalf of customers.

In practice: Centralized Exchanges (spot, derivatives, OTC), custodial wallet providers, crypto brokers and dealers, crypto ATM operators, and DeFi intermediaries maintaining a customer relationship. Non-custodial wallet providers and peer-to-peer networks without a service layer are generally outside current scope, though this boundary may evolve.

What Transactions Are Reportable Under CARF

CARF covers crypto-to-fiat exchanges, fiat-to-crypto exchanges, crypto-to-crypto swaps, and crypto transfers — when facilitated by a Reporting CASP on behalf of a reportable user.

Reportable Crypto Transactions: The Core Categories

Reportable transactions include: selling crypto for fiat, buying crypto with fiat, swapping between crypto assets, and transferring crypto assets to or from the reporting CASP. Effectively all exchange activity on a centralized platform is within scope. This is not limited to taxable events — CARF requires comprehensive transaction reporting, with tax liability analysis left to the receiving tax authority.

Example: A user buys Bitcoin with EUR, swaps it for Ethereum, then transfers Ethereum to an external wallet. All three transactions are reportable. The exchange reports the user’s identity, transaction details, and values to its national tax authority.

What Information Crypto Platforms Must Report

CARF requires two categories: customer identification data (who the user is and where they are tax resident) and transaction data (what they did and what it was worth).

Customer Identification Data

A Reporting CASP must collect and verify each reportable user’s legal name, date of birth, home address, taxpayer identification number(s) (TIN), and jurisdiction(s) of tax residence. Tax residency determines which tax authority receives the information. Without accurate residency data, the exchange mechanism cannot route information to the right country. Data collection must go beyond standard KYC. KYC confirms identity. Tax reporting requires knowing where the user is tax resident, which may differ from nationality or registration country.

Transaction and Asset Data

RCASPs must also report for each user: transaction type (exchange, transfer), amount in crypto, fiat equivalent at transaction time, asset type, and transaction date. This data enables the receiving tax authority to assess whether a taxable event occurred. The format follows the XML schema published by the OECD in October 2024, enabling automated processing by national tax authorities.

How CARF Enables Cross-Border Tax Information Exchange

CARF enables cross-border exchange by requiring national tax authorities to automatically share data collected from domestic RCASPs with the tax authority of each user’s home jurisdiction.

Cross-Border Tax Information Exchange: The Architecture

Each participating country collects RCASP reports, then automatically transmits data about non-resident users to their home jurisdiction’s tax authority — through the same Automatic Exchange of Information (AEOI) network that supports CRS.

An exchange licensed in Country A collects data for a user tax-resident in Country B. Country A’s tax authority transmits that data to Country B’s tax authority, which uses it to assess the user’s tax obligations. Per the OECD’s Implementation Guide, CARF uses the same Common Transmission System (CTS) already operating for CRS.

How CARF Relates to Other Crypto Reporting Regulations

EU DAC8 Crypto Reporting

DAC8 is the EU’s regional implementation of CARF, applying its requirements to all 27 EU member states from 1 January 2026. The DAC8 directive, adopted October 2023, transposes CARF requirements into the EU’s Directive on Administrative Cooperation framework using CARF’s definitions, data categories, and exchange mechanisms.

For detailed analysis, see EU DAC8 Directive Explained: Crypto Tax Reporting Rules for CASPs.

National Crypto Reporting Rules

Participating countries implement CARF through domestic legislation, which may include requirements beyond the CARF baseline. National rules may set earlier deadlines, cover additional asset categories, or impose stricter penalties. The OECD’s Commitment Register tracks jurisdictions that have formally committed and their expected first exchange dates.

What CARF Means for Crypto Businesses

CARF requires crypto businesses to build reporting infrastructure, extend due diligence to include tax residency, and submit annual reports to their national tax authority.

1. User data completeness requires verifying existing customer records include tax residency — not just nationality and address collected for AML. Platforms with large user bases face retroactive collection challenges.
2. Transaction data systems must capture CARF-required data in a format compatible with national templates and the OECD’s XML schema.
3. Multi-jurisdiction coordination applies to platforms serving users across multiple participating countries with different timelines and reporting formats.

For how CARF fits into the broader crypto tax reporting landscape, see Crypto Tax Reporting: What Crypto Businesses Need to Know.

Key Takeaways

• CARF is the international standard for crypto tax transparency, developed by the OECD and committed to by 67 jurisdictions as of early 2026.
• The framework covers RCASPs — exchanges, custodians, brokers, and ATM operators that facilitate crypto transactions for customers.
• Reportable transactions include crypto-to-fiat, fiat-to-crypto, crypto-to-crypto exchanges, and crypto transfers facilitated by a reporting entity.
• Two categories of data must be reported: Customer Identification (including tax residency) and Transaction Data (type, amount, asset, date).
• Cross-Border Exchange occurs automatically between participating tax authorities using the existing CRS transmission infrastructure.
• EU DAC8 is the regional implementation of CARF within the European Union, in effect from 1 January 2026.
• As of March 2026, first CARF data exchanges are expected in 2027 for the 2026 reporting year.

This article is for informational purposes only and does not constitute legal, financial, or tax advice. Regulatory requirements vary by jurisdiction. Consult qualified legal and tax professionals for guidance specific to your business.

-AMLBot Team

FAQ