DAC8 directive: the standard for crypto-asset tax transparency in the EU from 2026

Introduction

The landscape of digital asset rules in the European Union is changing quickly. The Markets in Crypto-Assets (MiCA) rule has set the basics for business licenses and keeping the market honest. The Eighth Directive on Administrative Cooperation (DAC8) stands out as its strong tax companion.

At its core, DAC8 aims to close the “visibility gap” that tax authorities have long faced. The directive expands the framework for automatic exchange of information. It requires Crypto-Asset Service Providers (CASPs) to report detailed EU client transaction data to tax administrations. This move aligns the crypto industry with the traditional financial sector. It ensures digital wealth faces the same scrutiny as bank deposits or dividends.

For CASPs, DAC8 is more than just a reporting rule. It marks a big change in how they handle user data, check where users pay tax, and deal with cross-border rules. As the EU nears full implementation, getting ready is now a must. This article examines how DAC8 works, how it aligns with global rules such as the OECD’s Crypto-Asset Reporting Framework (CARF), and the actions providers must take to remain compliant in a more transparent system.

Timeline of DAC8 implementation

DAC8 is being implemented in stages, moving from its original legislative idea to a functioning system for tax transparency. This started when the directive became law across the EU and set a single reporting standard. Next, each Member State updated its laws and systems to align with the new rules, ensuring that local tax authorities and penalties were consistent with the EU directive.

Currently, the process is in the “Go-Live” and Data Collection stage. This is when Crypto-Asset Service Providers (CASPs) identify users, verify tax residency, and log all reportable transactions. The cycle will end with the Reporting and First Automatic Exchange stage. There, collected data is submitted to national authorities and shared across borders. This final step turns the information into a tool for tax enforcement and completes the shift to a transparent, regulated digital asset ecosystem.

To ensure a synchronized rollout across the European Union, the directive follows a strict chronological path. There are several hard deadlines:

1. November 13, 2023 – Entry into Force. The directive officially became part of EU law. This started the clock for Member States to prepare their domestic legislation.

2. December 31, 2025 – Transposition Deadline. This is the final date for all 27 EU Member States to adopt the directive into national law. It is also the deadline to finalize the technical infrastructure for data reception.

3. January 1, 2026 – Official Commencement. This is the mandatory start date for data collection. From this day forward, all RCASPs must track and record every reportable transaction. They must also verify their users’ tax identities.

4. December 31, 2026 – End of First Reporting Period. This is the cutoff date for the first year of data collection. It creates the ‘2026 Dataset’ that will be subject to the first exchange.

5. January 31, 2027 – Reporting Deadline for CASPs. This is the deadline for crypto-asset service providers to submit their consolidated 2026 reports to their local tax authorities.

6. March 31, 2027 – First Automatic Exchange. This is the deadline for tax agencies to automatically share collected data with tax offices in other EU countries.

7. December 31, 2027 – Due Diligence Grace Period. This is the final deadline for CASPs to complete enhanced identification. They must obtain TINs and residency status for all ‘pre-existing’ users who were onboarded before 2026.

Scope of DAC8 – who falls under the regulation?

The reach of DAC8 is broad. It aims to close loopholes that allowed crypto-assets to stay ‘invisible’ to tax authorities. The regulation identifies specific entities and assets that must now operate under full transparency.

1. Reporting Crypto-Asset Se

Service Providers (RCASPs). The primary burden of the Directive falls on RCASPs, a category closely aligned with the definitions established in MiCA but that extends to any entity providing crypto-services to EU residents, regardless of size or location. This broad classification encompasses Centralized Exchanges (CEXs), which include any platform that allows users to buy, sell, or trade crypto-assets, as well asvCustodial Wallet Providers that offer services to hold or manage crypto-assets on behalf of users. Furthermore, the scope includes Crypto-to-Fiat Gateways, such as brokers or “kantors” (exchange offices) that facilitate the movement between traditional money and digital assets. Finally, NFT Marketplaces are also covered, specifically those platforms that facilitate the secondary sale or exchange of NFTs for investment or payment purposes.

2. DAC8’s territorial reach is guided by a “target market” principle. This ensures a provider’s location does not exempt it from regulatory obligations. The regulation applies to all EU-based providers, including any CASP registered or authorized in an EU Member State. It also covers non-EU providers, such as platforms in the United States, Asia, or offshore jurisdictions, if they serve EU-resident customers. To operate legally in the Union’s digital market, these foreign entities must register in one Member State to fulfill EU-wide reporting duties.

3. The regulation focuses on ‘Reportable Persons.’ This ensures fiscal oversight across different market participants. It primarily includes individual investors who are residents of any EU Member State. It also includes legal entities like companies, trusts, or foundations registered in the Union. The directive closes potential loopholes by including passive entities.

Entities: Under the “look-through” rule, if an entity is controlled by an EU resident, the provider must report the actual Beneficial Owner. This requirement ensures complex corporate structures cannot obscure tax liabilities.

Transactions subject to reporting under DAC8 include:

Crypto-to-fiat and fiat-to-crypto exchanges;
Exchanges between different crypto-assets;
Transfers (e.g., from an exchange to a wallet);
Crypto-asset payments.

Core obligations imposed by the DAC8 directive

The implementation of DAC8 brings a major change for Crypto-Asset Service Providers (CASPs). It moves them from overseeing themselves to acting as key middlemen in the EU’s tax system. CASPs are no longer just exchange platforms; they are now legally required to report to tax authorities and act in their interests.

This new role is institutionalized through a series of stringent legal requirements enshrined in specific articles of the Directive:

– The Mandatory Reporting Obligation (Article 8g(1) of DAC8.) . It legally requires every Reporting CASP to collect and annually report information regarding “Reportable Transactions” to the competent tax authority of their Member State. This removes the “voluntary” nature of tax transparency in the crypto sector.

– Due Diligence Requirements (Article 8g(2) & (3) of DAC8). These paragraphs require providers to use strict “Know Your Customer” (KYC) checks for tax reasons.

– Single Registration for Non-EU Operators (Article 8g(4) of DAC8). Foreign (non-EU) entities—meaning businesses or organizations based outside the European Union—that provide services to EU residents must register in a single Member State (an EU country of their choice). This process prevents regulatory arbitrage (the avoidance of stricter rules by exploiting regulatory differences between countries) and fulfills reporting obligations across the whole Union.

– TIN Collection and Entity Identification (Annex VI, Section III

of DAC8). This section establishes the specific obligation to obtain the Tax Identification Number (TIN) from every reportable user. Furthermore, for corporate clients, it mandates the identification of Beneficial Owners to prevent the use of shell companies for tax evasion.

The “retroactive” question: will past profits be visible?

Many investors are concerned that DAC8 might expose transactions made before its start date. The directive follows standard legal principles of non-retroactivity. However, practical reality is more complex.

DAC8 legally takes effect on January 1, 2

026. Reporting entities (CASPs) are not mandated to retroactively report transactions that occurred in 2023 – 2025. The first automated data exchange in September 2027 will specifically cover the 2026 tax year. For example, when an investor sells an asset purchased in 2023 in 2026, the CASP must report the transaction. To calculate the capital gain, tax authorities will need to know the acquisition price. This effectively forces a look-back into the user’s history to establish the “source of funds” and the original purchase value.

Under similar anti-money laundering rules, tax offices can request past information if they see a significant difference between what a user reports in 2026 and earlier tax returns.

The penalty regime.

While DAC8 establishes the regulatory framework, Article 25b ensures its enforcement. The Directive mandates that Member States implement a penalty system that is “effective, proportionate, and dissuasive.”

Unlike regulations with fixed pan-European fines, DAC8 grants EU Member States the autonomy to determine their own penalty levels. However, these must meet a minimum severity threshold to prevent “jurisdiction shopping”—a practice in which firms might seek residency in countries with more lenient financial sanctions.

Penalties are primarily imposed for the following infractions:

Failure to Report – missing the statutory deadlines for annual data submission.
Data Integrity Issues – submitting incomplete, inaccurate, or false information to tax authorities.
Due Diligence Failures – neglecting the mandatory verification processes, such as the failure to collect and verify Tax Identification Numbers (TINs).

The mechanism of Automatic Exchange of Information (AEOI).

AEOI is a systemic process that allows tax authorities to share data across borders without the need for individual, manual requests. Under DAC8, it transforms Crypto-Asset Service Providers (CASPs) into data conduits, ensuring that income generated in the digital asset space is as visible to tax offices as traditional bank interest.

How it works step – by – step :

1. Data Collection – a CASP (e.g., an exchange) monitors all reportable transactions (crypto-to-fiat, crypto-to-crypto, and transfers) for each user.

2. Annual Reporting – by the end of each reporting period, the CASP compiles this data—including the user’s Tax Identification Number (TIN) and total transaction volumes—and sends it to the tax authority in its “Home” Member State.

3. The EU Hub – the Home tax authority uploads this data to a centralized EU “Common Communication Network” (CCN).

4. Automatic Redistribution – the system automatically routes the information to the tax authorities of the countries where the users are residents.

At Manimama Law Firm

At Manimama, we have been closely monitoring the evolution of EU digital asset regulations since their inception. The transition to the DAC8 framework represents a significant operational challenge for both crypto-asset service providers and individual investors. Our team of legal and tax experts specializes in bridging the gap between innovative technology and rigid regulatory requirements. Whether you are a CASP restructuring your reporting protocols or an investor formalizing your crypto-portfolio history, we provide tailored solutions to ensure a seamless transition into the new era of tax transparency.