DAC8 and CARF: The Directive Behind the Standard

DAC8 is the EU's implementation of the OECD's Crypto-Asset Reporting Framework (CARF). While the two are closely aligned, there are important differences that CASPs operating in both EU and non-EU jurisdictions must understand.

CARF Origins

CARF was developed by the OECD and endorsed by the G20 in 2022 as an international standard for crypto-asset tax reporting. It was designed to extend the CRS model to crypto-assets and create a globally consistent reporting framework.

CARF specifies the scope of reporting (which entities, which transactions, which crypto-assets), the due diligence procedures for identifying reportable users, the reporting format (the CARF XML schema), and the framework for automatic exchange of information between jurisdictions.

DAC8 as the EU Implementation

The EU adopted DAC8 as its mechanism for implementing CARF within the European Union. DAC8 incorporates CARF's requirements into the existing DAC framework, which governs automatic exchange of tax information between EU Member States.

While DAC8 is closely aligned with CARF, it includes EU-specific elements such as references to MiCA for crypto-asset classification, integration with the EU's existing DAC exchange infrastructure, specific provisions for non-EU CASPs serving EU clients, and alignment with EU data protection requirements (GDPR).

Key Differences Between CARF and DAC8

Scope of exchange. CARF is a bilateral framework where jurisdictions agree to exchange information with specific partners. DAC8 is multilateral within the EU — all Member States automatically exchange information with all other Member States.

Enforcement. CARF relies on each adopting jurisdiction to implement its own enforcement mechanisms. DAC8 benefits from the EU's enforcement infrastructure, including the Commission's ability to monitor transposition and take infringement proceedings.

Timeline. CARF adoption timelines vary by jurisdiction. DAC8 provides a uniform timeline for all EU Member States.

Data protection. CARF acknowledges data protection but defers to national law. DAC8 operates within the GDPR framework, which provides a comprehensive and uniform data protection standard.

Implications for Multi-Jurisdictional CASPs

CASPs operating in both EU and non-EU CARF-adopting jurisdictions must manage dual compliance requirements. While the core reporting framework is similar, the differences in scope, exchange mechanisms, enforcement, and data protection rules mean that a single compliance approach may not satisfy both sets of obligations without adaptation.

Conclusion

DAC8 and CARF are closely aligned but not identical. CASPs must understand the differences to ensure compliance in all jurisdictions where they operate, while leveraging the significant overlap to build efficient reporting systems.