Crypto Asset Reporting Framework (CARF) & EU DAC 8 Explained

In 2023, the OECD published its Crypto Asset Reporting Framework , a global reporting standard developed in coordination with the G20, to extend automatic exchange of tax information to the crypto asset sector. The Crypto Asset Reporting Framework (CARF) is an OECD global tax transparency framework that requires crypto-asset service providers to collect, verify and report user and transaction data to tax authorities for automatic exchange between jurisdictions.

The OECD reported in December 2025 strong political commitment to CARF, with 76 jurisdictions signing up to commence exchanges under the CARF between 2027-2029. In the EU, a directive referred to as DAC 8 implemented CARF, with a transposition deadline of 31 December 2025. In the following article we take a look at the parameters of CARF and DAC 8.

What is the Crypto Asset Reporting Framework?

CARF vs CRS

CARF is an extension of the OECD’s Common Reporting Standard (CRS) to crypto assets, driven by the rapid growth of the crypto assets sector and concerns that investments may increasingly move from the traditional financial sector to crypto assets. The CRS was introduced in 2014 to address the risk of tax evasion in respect of income and wealth held abroad. Under the CRS, participating jurisdiction tax authorities automatically exchange information collected from financial institutions in respect of their non-tax resident account holders. CARF builds on the CRS frameworks and requires crypto asset service providers to collect and report detailed information on crypto asset users, and transactions that they facilitate, to tax authorities. This information is then automatically exchanged with tax authorities in other participating jurisdictions, under a combination of international multilateral and bilateral agreements concluded between such jurisdictions.

As an OECD reporting standard, participating jurisdictions must transpose CARF’s provisions into domestic law. The EU adopted CARF via a directive (DAC 8), with a transposition deadline of 31 December 2025, and reporting starting thereafter, with the first reporting deadlines due in 2027 for the 2026 calendar year. Implementation timing in other jurisdictions varies but most participating jurisdictions have committed to start reporting and exchanging information by 2027-2028, although notably the US by 2029. However, some jurisdictions that have sizeable crypto asset markets have not yet formally committed, including India, El Salvador, Vietnam, Georgia and Argentina, and there is still some ground to make until commitments under the CARF matches that under the CRS (currently 115 jurisdictions exchange information). The OECD has emphasised that for the exchange of information to be effective, all jurisdictions that host a relevant crypto asset sector must participate.

Who must comply with CARF?

CARF has a wide application to any individual or entity that as a business provides a service carrying out transactions in crypto assets for and on behalf of users, including by acting as counterparty or as an intermediary, or by making available a trading platform (each an RCASP). This potentially captures mainstream financial service firms that offer crypto assets, as well as crypto businesses such as wallet providers, brokers and exchanges.

CARF contains nexus hierarchy rules that determine where a RCASP is required to report information to a tax authority, which apply in the following order of priority:

•  where the RCASP is tax resident

•  where the RCASP is incorporated

•  the jurisdiction from where the RCASP is managed

•  where the RCASP has a regular place of business

What crypto assets does CARF apply to?

CARF captures crypto assets that can be held and transferred in a decentralised manner, without the intervention of traditional financial intermediaries, including stablecoins, derivatives issued in the form of a crypto asset and certain non-fungible tokens. This expressly excludes central bank digital currencies. DeFi is a grey area, as CARF imposes obligations on the RCASP as the identifiable intermediary, a role that may not exist in many decentralised DeFi structures.

What are RCASPs’ obligations under CARF?

RCASPs must collect detailed information about their users (Reportable Users) and their crypto asset related activity, including:

•  their identification (name, date of birth, address, for individuals)

•  their tax residency and identification numbers

•  aggregated details of crypto asset transactions (including exchanges and transfers of crypto assets) facilitated by the RCASP for any Reportable User

CARF due diligence requirements

RCASPs must carry out due diligence to verify the information they collect about their Reportable Users, based on the self-certification process of the CRS. In respect of Reportable Users that are legal entities, this will extend to determining the identity and tax residence of natural persons that are controllers of the entity. RCASPs must also monitor for changes in circumstances that might affect a Reportable User’s reportable status (such as a change of tax residency/change of address).

RCASPs are required to report, on an annual basis, information about their Reportable Users to the relevant tax authority, along with aggregated details of the crypto asset transactions conducted with or on behalf of those users. These reports will then be exchanged internationally between tax authorities in participating jurisdictions that have transposed CARF, on an annual basis.

EU DAC 8 reporting requirements

DAC 8 is the EU directive implementing CARF, with a transposition deadline of 31 December 2025 and first reporting due in 2027 for the 2026 calendar year. In January 2026, the European Commission opened infringement procedures in relation to 12 Member States for failure to implement DAC 8, including Belgium, Bulgaria, the Czech Republic, Estonia, Greece, Spain, Cyprus, Luxembourg, Malta, the Netherlands, Poland and Portugal. These states have two months to respond and comply.

While the EU has largely implemented CARF as provided for by the OECD, DAC 8 goes further than CARF in some respects. Under DAC 8 RCASPs must prevent a Reportable User from entering into further crypto asset transactions (effectively freezing their account) where that user has failed to provide the information requested. This is an extra step that is missing from the CARF framework.

DAC 8 draws on the Markets in Crypto-Assets Regulation (MiCA) definition of a CASP to partly define RCASPs, likely to prevent any MiCA-authorised CASP from claiming it falls outside tax reporting obligations. However, because the OECD concept of an RCASP is broader than MiCA’s CASP definition, the DAC 8 RCASP category also captures other crypto asset operators that do not meet the MiCA criteria. As an EU directive there is some Member State discretion when transposing DAC 8 and Member States retain discretion in respect of penalties and enforcement approach.

Crypto AML and CARF- how they interact

CARF overlays existing regulatory frameworks for crypto asset service providers by imposing additional data collection and reporting requirements.

Globally, crypto asset service providers are already subject to anti-money laundering/counter-financing terrorists (AML/CFT) regimes. As noted by the OECD, most RCASPs fall within the scope of the FATF standards for virtual asset service providers, which have been implemented in many jurisdictions through domestic AML/CFT regimes, such as the EU AML directives and travel rule requirements.

While CARF adopts compliance mechanisms commonly associated with AML/CFT regimes, including customer identification, due diligence, and transaction reporting, it repurposes these tools for a different regulatory objective. Transaction reporting under the EU AML Directives is risk-based, centred on the detection of suspicious activity, and accordingly event-driven. CARF reporting, by contrast, is rules-based and declaratory, operates on a periodic (annual) basis, and mandates the reporting of complete and granular transaction data for subsequent automatic exchange between tax authorities in order to enhance tax transparency.

Final thoughts

CARF is actively being implemented across many jurisdictions, with significant milestones on the horizon. Within the EU, DAC 8 applies from 1 January 2026, with the first reporting deadlines due in 2027 for the 2026 calendar year. Beyond the EU, over 50 jurisdictions have committed to implementing CARF and commencing automatic information exchanges by 2027. Tracking where these frameworks have been transposed and understanding domestic deadlines is therefore essential for firms preparing to comply in global markets.

Jurisdictions covered

ADGM, Argentina, Australia, Austria, Bermuda, Brazil, BVI, Cayman, Czech Republic, DIFC, Estonia, EU Member States, France, Germany, Hong Kong, India, Indonesia, Ireland, Italy, Japan, Jersey, Lithuania, Luxembourg, Malta, Mexico, Netherlands, Norway, Poland, Portugal, Singapore, South Africa, Spain, Sweden, Switzerland, UAE, United Kingdom and United States.