DAC8 FAQ: 25 Most Common Questions Answered

This article answers the 25 most frequently asked questions about DAC8, the EU's crypto-asset tax reporting directive. Whether you are a CASP, a compliance officer, or a tax professional, this FAQ provides clear, concise answers to the questions that matter most.

General Questions

1. What is DAC8?

DAC8 is the eighth amendment to the EU's Directive on Administrative Cooperation (Council Directive 2011/16/EU). Adopted on October 17, 2023, it extends the EU's automatic exchange of tax information framework to cover crypto-asset transactions. It requires crypto-asset service providers to collect and report user transaction data to tax authorities.

2. When does DAC8 take effect?

Member States must transpose DAC8 into national law by December 31, 2025. The directive becomes operational on January 1, 2026. The first annual reports, covering the 2026 calendar year, are due by the deadline set by each Member State — expected to be January 31, 2027, in most jurisdictions.

3. Is DAC8 the same as CARF?

No. DAC8 is the EU's implementation of the principles established by the OECD's Crypto-Asset Reporting Framework (CARF). While closely aligned, DAC8 has EU-specific adaptations, including its link to MiCA definitions, its use of the EU's automatic exchange infrastructure, and variations in scope and due diligence procedures.

4. Which countries are affected by DAC8?

All 27 EU Member States: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, and Sweden.

5. Does DAC8 apply to non-EU countries?

DAC8 itself is an EU directive. However, non-EU CASPs that serve EU-resident clients are subject to DAC8 obligations and may need to register in an EU Member State for reporting purposes. Additionally, many non-EU countries are implementing the OECD's CARF independently, creating similar obligations worldwide.

Scope Questions

6. Which crypto-assets are covered by DAC8?

DAC8 covers crypto-assets as defined by MiCA, including Bitcoin, Ethereum, stablecoins (both asset-referenced tokens and e-money tokens), altcoins, utility tokens, and certain NFTs used for payment or investment. Central bank digital currencies (CBDCs) are excluded.

7. Are NFTs covered by DAC8?

It depends. NFTs that function as a means of payment or investment are within scope. NFTs that are purely collectible or artistic, with no secondary market or payment function, may fall outside the scope. Each case requires individual assessment.

8. Are DeFi transactions covered?

Transactions executed through purely decentralized protocols without any identifiable service provider are currently outside DAC8's direct scope. However, entities that operate front-ends, interfaces, or governance mechanisms for DeFi protocols may have reporting obligations.

9. Is there a minimum transaction amount for reporting?

No. DAC8 has no thresholds. All reportable transactions must be reported regardless of value or frequency.

10. Are mining and staking rewards reportable?

The generation of crypto-assets through mining or staking is not itself a reportable transaction. However, if the rewards are subsequently exchanged, transferred, or used for payment through a CASP, those subsequent transactions are reportable.

Compliance Questions

11. Who must report under DAC8?

Any entity that provides exchange, custody, transfer, advisory, or portfolio management services for crypto-assets and is either registered in an EU Member State or serves EU-resident clients.

12. What information must CASPs collect from users?

Full legal name, date of birth (individuals), address, country of tax residency, Tax Identification Number (TIN) for each jurisdiction of tax residency, and a self-certification confirming tax residency. For entities, additional information about controlling persons is required.

13. What is a self-certification?

A formal declaration by the user confirming their jurisdiction(s) of tax residency. It must be collected at onboarding for new users and retroactively for existing users. The CASP must validate the self-certification against other information it holds about the user.

14. What if a user refuses to provide their TIN?

The user must still be included in the report with an indication that the TIN was requested but not provided. Some Member States may require CASPs to restrict services to non-compliant users.

15. Does DAC8 apply to existing users or only new users?

Both. New users must provide all required information at onboarding from January 1, 2026. Existing users must be reviewed through a look-back process to collect any missing information, typically within the first year of the directive's application.

Reporting Questions

16. What format are reports submitted in?

XML format, following a schema aligned with the OECD's CARF XML standard. The exact specifications are provided by each Member State's tax authority.

17. How often must reports be filed?

Annually. Each report covers one calendar year (January 1 to December 31) and must be submitted by the deadline set by the relevant Member State.

18. Where do CASPs file their reports?

With the tax authority of the EU Member State where the CASP is registered or authorized. That tax authority automatically shares the data with other Member States where reported users are tax residents.

19. Do CASPs need to file in every country where they have users?

No. CASPs file once, in their home Member State. The automatic exchange system distributes the information to all relevant jurisdictions.

20. What happens to the reported data?

The receiving tax authority uses it to verify whether users have accurately reported their crypto-asset income on their national tax returns. Discrepancies may trigger audits or requests for additional information.

Penalty Questions

21. What are the penalties for non-compliance?

Penalties are determined by each Member State individually and may include financial fines, administrative sanctions, and potential impact on MiCA authorization. Specific amounts vary by jurisdiction.

22. Can a CASP lose its MiCA license for DAC8 non-compliance?

While DAC8 non-compliance does not automatically revoke a MiCA license, national supervisory authorities may consider it as part of their ongoing assessment of a CASP's fitness to operate. Persistent non-compliance could ultimately affect licensing status.

23. Are there penalties for users who provide false information?

DAC8's obligations fall on CASPs, not users. However, users who provide false self-certifications or incorrect TINs may face consequences under national tax law, including penalties for tax evasion.

Practical Questions

24. How should CASPs prepare for DAC8?

The essential preparation steps are: conduct a gap analysis of current data collection practices, update onboarding processes to capture TINs and self-certifications, implement or procure a DAC8-compliant reporting system, establish a look-back process for existing users, train relevant staff, and test XML report generation before the first filing deadline.

25. Can CASPs outsource DAC8 compliance?

Yes. CASPs can engage external consultants or use third-party software solutions to assist with due diligence, data collection, XML generation, and report filing. However, the legal responsibility for accurate and timely reporting remains with the CASP itself — outsourcing does not transfer liability.

Conclusion

DAC8 raises many questions, and the answers often depend on specific circumstances. This FAQ covers the fundamentals, but CASPs with complex operations, multi-jurisdictional presence, or borderline activities should seek expert guidance to ensure full compliance with the directive's requirements in every relevant Member State.