.svg)
The EU Directive on Administrative Cooperation (Directive 2011/16/EU) governs tax cooperation between member states, with DAC8 referring to the eighth amendment of the directive. DAC8 is focused on improving tax transparency and closing any gaps, particularly with respect to crypto-assets.
DAC8 was published in the Official Journal of the European Union on October 24, 2023. EU member states have been provided with the transposition deadline of December 31, 2025, with the application deadline being January 1, 2026.
The bigger picture
The introduction of DAC8 seeks to heighten reporting requirements for crypto-asset service providers (CASPs), which are currently operating within a transitional regime under the Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114) (MiCA). As of December 30, 2024, CASPs have been subjected to an EU-wide authorisation regime, requiring those that operate within the EU to obtain authorisation from their national competent authority, as determined under MiCA.
Prior to MiCA, there was no harmonised EU-level framework for CASPs, and although there may have been licence requirements at national level within specific member states, the landscape was fragmented, with each framework differing in scope, licence requirements and reporting obligations.
When MiCA was in the process of coming into force at the end of 2024, it was clear that member states would spend 2025 focusing on operationalising MiCA at the national level to ensure a smooth transition for CASPs under the regime. Throughout 2025, member states have been setting out licensing regimes for CASPs and managing national transitional "grandfathering" periods.
The majority of EU member states have now implemented MiCA. Portugal, however, has been slower to act, only proposing a law on the implementation on October 30, 2025. This is also the case for Belgium, where the only regulatory action so far has been a draft law on the implementation of MiCA in October 2025.
However, MiCA adoption remains staggered across member states due to factors such as differing levels of national regulatory preparedness and delays and variations in supervisory resources. As some jurisdictions fall behind in establishing a fully functioning CASP regime, variations persist across the bloc, ultimately undermining MiCA’s objective of harmonisation. A more detailed breakdown on the adoption of MiCA across the EU can be found in Mapping EU Legislation: Regulation (EU) 2023/1114 (MiCA).
Reporting Obligations Under MiCA
Under MiCA, there are reporting obligations for CASPs such as providing audited annual financial statements, anti-money laundering/counter-terrorism financing (AML/CTF) transaction reporting obligations (as they are subject to the EU’s AML/CTF regulatory framework), as well as obligations under the EU’s “Travel Rule” framework to collect and transmit information on originators and beneficiaries for certain crypto‐asset transfers.
However, as member states have been given discretion over the length of their transition, some CASPs in certain jurisdictions continue to operate under older national regimes and thus may not yet be subject to full MiCA reporting obligations. This undermines uniformity of reporting across the EU, and therefore ultimately the implementation of reporting obligations for CASPs within member states is unknown.
Introduction of DAC8
CASPs will be responsible for the reporting obligations under MiCA, which are mainly focused on prudential and operational obligations; however, DAC8 is focused solely on tax reporting and imposes an information reporting duty. This duty requires CASPs to collect, verify and report detailed customer and transaction data to national tax authorities. The objective is to ensure tax transparency across the EU and enable tax administrations to detect undeclared or misreported crypto-asset income.
A 2024 report from the Organisation for Economic Co-operation and Development (OECD) noted that tax authorities have found it a challenge to track income/gains or enforce tax law as crypto-assets are borderless and often decentralised. Therefore, to improve tax fairness, prevent tax evasion/avoidance and ensure better administrative cooperation among member states, the EU is responding with the introduction of DAC8.
Prior to DAC8, there was no EU-wide tax reporting regime specifically for CASPs and the landscape was fragmented, with national tax authorities interpreting existing rules differently. Crypto-asset transactions were not captured under established automatic information exchange frameworks because these regimes were designed for traditional financial institutions and did not cover most CASPs. As a result, member states lacked a mechanism to automatically receive cross-border information on taxpayers’ crypto holdings or disposals, leading to significant gaps in tax visibility and enforcement.
The EU’s Directive on Administrative Cooperation (DAC) framework already existed; however, DAC1 to DAC7 did not include crypto-assets within their scope. Although several member states had started developing domestic crypto tax reporting rules before the introduction of DAC8, these were not harmonised and varied widely across the bloc. In Germany, taxpayers have been required to declare taxable crypto-related income or gains in their normal income tax return and maintain detailed transaction records; in March 2025, the German Federal Ministry of Finance published a letter clarifying the income tax treatment of crypto-assets. In Spain, since early 2024, residents holding more than €50,000 in crypto on foreign platforms must have declared these holdings using “Modelo 721”, with penalties for non-compliance. DAC8 provides an opportunity to harmonise these diverse national approaches and align EU rules with international standards, such as the OECD’s Crypto-Asset Reporting Framework (CARF), promoting greater consistency and transparency.
Why should you care?
Member states are required to transpose DAC8 into national law by December 31, 2025 and the rules will take effect on January 1, 2026. Although the first report is not due until early 2027, this will be based on the data collected from 2026, and therefore makes 2026 the first reporting year under DAC8. CASPs will need to report information for 2026 to the national competent authority of the member state in which they are established, registered or otherwise relevant. Reporting deadlines will likely be early in the following year for many jurisdictions.
Those that are obligated to collect, verify and report crypto-asset transactions and user data to their national tax authority include CASPs as defined under MiCA, as well as certain non-EU providers that service EU tax residents. This includes non-EU CASPs that facilitate crypto-asset transactions for EU resident users, even if the CASP is established outside the EU. Under DAC8, these are defined as “reporting crypto-asset service providers” (RCASPs), which include those that are offering the following services:
- Exchange of crypto-assets for fiat or other crypto-assets.
- Custody or wallet management.
- Execution of transactions on behalf of clients.
- Intermediating between holders and exchanges.
Each RCASP must report, annually, user identification data and transactional data for reportable users to their national tax authority. The national authority will then automatically exchange that information with other EU member states. That information is then also shared with the tax authority in the user’s country of residence.
For many CASPs, this represents an entirely new regulatory obligation and an additional authority to report to, on top of existing financial and operational requirements. With no prior precedent for this type of tax reporting at EU level, CASPs may face challenges in establishing compliant processes, ensuring data accuracy and meeting the expectations of multiple regulators simultaneously.
To be able to ascertain whether an individual is a “reportable crypto-asset user”, RCASPs must collect and verify certain data about users to make this identification. This includes information such as the user’s name, address and tax residency. Therefore, it is important for RCASPs to start considering what the best practice would be for gathering such information to ensure they can meet the relevant deadlines. It may be that users could be asked to self-certify their tax residence as part of onboarding, which RCASPs would then have to verify. However, this would require an additional requirement that RCASPs are having to introduce, if not already a part of their workflow, and so is imperative that this be considered imminently.
Add to that the potentially resource-intensive challenge of identifying and verifying pre-existing clients who were onboarded before DAC8 reporting obligations come into effect. RCASPs will need to identify these clients, gather and verify their tax residency information, and potentially follow up multiple times to obtain accurate data. This may produce significant operational challenges, including updating IT systems and implementing new verification processes. Failing to efficiently address pre-existing clients could lead to incomplete reporting, compliance risks and potential penalties, making it imperative that this issue is considered and planned for well in advance.
Whether RCASPs implement self-certification measures or not, prior to reporting, they must carry out due diligence procedures to determine who is reportable. This would include validating any information provided using reliable sources and implementation verification methods and tools.
To avoid non-compliance, RCASPs should also be prepared, if users fail to provide the relevant information, to block or restrict their ability to conduct reportable transactions. Additionally, once this information has been obtained, RCASPs must have processes in place to periodically review if the tax information is correct.
Another consideration for RCASPs is that the data that is being collected is classified as personal data under the General Data Protection Regulation (GDPR), and therefore requires secure handling. RCASPs should consider enhancing their audit trails to ensure data privacy and security requirements are being met and there are no issues of non-compliance with other EU standards. This may require them to build or adapt systems to capture, validate, store and report the necessary user and transaction data.
The cost of non-compliance has been left to the discretion of member states in transposition. DAC8 requires member states to adopt rules on penalties for RCASPs who:
- Fail to register or obtain recognition as a RCASP.
- Fail to collect or report required data.
- Submit incomplete or incorrect information.
- Miss reporting deadlines.
However, DAC8 leaves discretion to each member state regarding the type of sanction and amount or calculation basis of fines. Although the full picture is still unclear, due to ambiguities in transposition, under DAC7, member states have taken to imposing considerable fines, with Germany setting the penalty at up to €50,000 for non-compliance with registration obligations. Therefore, it is a possibility that this approach be replicated in the transposition of DAC8, providing a further reason to consider early preparation of systems to ensure compliance with requirements.
With just weeks left until the transposition of DAC8 is expected to be completed, several member states are still not ready, leaving CASPs to prepare for DAC8 in a regulatory vacuum. It also means that there is not the clarity needed for CASPs to prepare, as there could be variations in implementation across different jurisdictions. This uncertainty does not reduce the obligations but just acts in reducing the preparation window.
Given the varying speeds and approach of member states, CASPs should begin whatever preparations they can and start planning ahead, using 2026 as an opportunity to design data collection forms and implement processes for storing and verifying data. In light of the gaps in implementation of MiCA, they will also need to ensure compliance with both MiCA regulation and DAC8 in overlapping areas to ensure harmony within business practices regarding dual reporting obligations.
