Understanding DAC8 requires more than a surface-level reading of its provisions. The directive is built upon a complex legal architecture that connects EU treaty law, the existing DAC framework, international tax cooperation standards, and the MiCA regulation. This article examines the legal foundations that give DAC8 its shape and force.
Treaty Basis: Article 115 TFEU
DAC8, like its predecessors, is based on Article 115 of the Treaty on the Functioning of the European Union (TFEU). This article authorizes the Council to adopt directives for the approximation of laws, regulations, and administrative provisions of the Member States that directly affect the establishment or functioning of the internal market.
The use of Article 115 means that DAC8 was adopted unanimously by the Council of the EU — all 27 Member States agreed to the directive. This unanimity requirement, while making the legislative process more complex, ensures that every Member State has consented to the obligations imposed by the directive, strengthening its legitimacy and enforceability.
The Council formally adopted DAC8 on October 17, 2023, following a proposal from the European Commission published on December 8, 2022, and consultations with the European Parliament and the European Economic and Social Committee.
Amending Directive 2011/16/EU
DAC8 does not create a standalone legal instrument. Instead, it amends Council Directive 2011/16/EU (DAC1), which serves as the foundational text for EU tax cooperation. All subsequent amendments (DAC2 through DAC8) have been incorporated into this single directive, creating a comprehensive and unified framework.
This approach has practical implications. When interpreting DAC8's provisions, practitioners must read them in the context of the broader DAC framework, including the general principles of administrative cooperation established by DAC1, the procedural rules for automatic exchange of information, the existing definitions and concepts that have been developed through earlier amendments, and the institutional framework, including the role of the European Commission and national tax authorities.
The CARF Alignment Principle
DAC8's recitals make clear that the directive was designed to be consistent with the OECD's Crypto-Asset Reporting Framework (CARF). This alignment serves two purposes: it ensures that EU Member States' implementation of DAC8 also satisfies their CARF commitments, avoiding the need for parallel compliance systems, and it positions the EU as a leader in implementing the global standard for crypto-asset tax transparency.
However, the alignment is not perfect. The recitals acknowledge that certain adaptations were necessary to fit CARF into the EU's legal and institutional context. These adaptations create the differences between DAC8 and CARF that are explored in detail elsewhere on this site.
The MiCA Integration
One of DAC8's most innovative legal features is its integration with Regulation (EU) 2023/1114 (MiCA). Rather than creating independent definitions of crypto-assets and service providers, DAC8 cross-references MiCA's definitions, creating a regulatory ecosystem where the licensing framework (MiCA) and the tax reporting framework (DAC8) are inherently connected.
This integration has several legal consequences. The scope of DAC8 evolves automatically as MiCA is interpreted and applied by regulatory authorities and courts. Changes to MiCA's definitions or classifications could indirectly affect DAC8's reporting obligations. CASPs that are exempt from MiCA may also be outside the scope of DAC8, though this requires careful analysis on a case-by-case basis.
Transposition into National Law
As an EU directive, DAC8 is not directly applicable in Member States. Each Member State must transpose it into national law by December 31, 2025. Transposition involves adopting national legislation that achieves the results required by the directive while allowing each Member State some flexibility in how those results are achieved.
This flexibility means that DAC8 will not be implemented identically across all 27 Member States. Differences may arise in the penalties for non-compliance, the administrative procedures for filing reports, the designation of the competent tax authority, additional national reporting requirements that go beyond DAC8's minimum standards, and the interaction with existing national tax laws and administrative practices.
For CASPs operating across multiple Member States, these differences create additional complexity. A compliance program that meets the requirements in one Member State may not be sufficient in another.
Interaction with Data Protection Law
DAC8 operates within the constraints of the EU's data protection framework, particularly the General Data Protection Regulation (GDPR) and the Law Enforcement Directive. The directive includes specific provisions addressing the legal basis for processing personal data, the limitation of processing purposes, the retention periods for reported data, the rights of data subjects (users) whose information is reported, and the security measures that must be applied to protect reported data.
The legal basis for data processing under DAC8 is the performance of a legal obligation (Article 6(1)(c) GDPR). This means that CASPs do not need to obtain user consent to collect and report the data required by DAC8. However, they must still comply with GDPR's other requirements, including transparency obligations (informing users about the reporting), data minimization (collecting only what is necessary for DAC8), and security (protecting reported data against unauthorized access).
Enforcement Architecture
DAC8's enforcement operates on two levels. At the EU level, the European Commission monitors Member States' transposition and implementation of the directive. It can initiate infringement proceedings against Member States that fail to transpose DAC8 on time, transpose it incorrectly, or fail to ensure adequate enforcement.
At the national level, each Member State's tax authority is responsible for supervising CASPs' compliance with DAC8 reporting obligations. This includes verifying the accuracy and completeness of reports, investigating non-compliance, and imposing penalties. The specific enforcement tools available to national tax authorities will vary depending on how each Member State transposes the directive.
Constitutional and Fundamental Rights Considerations
DAC8 must comply with the EU Charter of Fundamental Rights, including the right to respect for private life (Article 7), the right to protection of personal data (Article 8), and the right to an effective remedy (Article 47). These rights set limits on the scope and intrusiveness of DAC8's data collection and reporting requirements.
In practice, CASPs and their users could potentially challenge specific aspects of DAC8's implementation if they believe it exceeds what is necessary and proportionate for the legitimate aim of tax transparency. Such challenges would be adjudicated by national courts, with the possibility of referral to the Court of Justice of the European Union (CJEU) for authoritative interpretation.
Conclusion
DAC8 is not an isolated regulatory requirement — it is a legally sophisticated instrument embedded within the broader architecture of EU law. CASPs that approach DAC8 compliance purely as a technical exercise risk overlooking the legal nuances that could affect their obligations, their liability, and their users' rights. A thorough understanding of DAC8's legal foundations is essential for building a compliance program that is both effective and legally sound.
Preparing for DAC8?
Our team helps CASPs with gap analysis, transposition tracking, TIN validation, and XML report generation.