The EU's DAC8 directive and the OECD's Crypto-Asset Reporting Framework (CARF) are often discussed interchangeably, but they are distinct instruments with important differences. While DAC8 was designed to be consistent with CARF, the EU adapted the OECD framework to fit its own regulatory architecture, creating divergences that CASPs operating across multiple jurisdictions must understand.
Origins and Legal Nature
CARF is an international standard developed by the OECD and endorsed by the G20. It is not legally binding on its own. Instead, it serves as a model framework that individual jurisdictions voluntarily commit to implementing through their domestic legislation. As of 2025, over 50 jurisdictions have committed to implementing CARF, with first exchanges expected by 2027.
DAC8 is a legally binding EU directive adopted by the Council of the European Union on October 17, 2023. All 27 EU Member States are required to transpose it into national law by December 31, 2025. It carries the force of EU law, meaning that non-compliance can result in infringement proceedings by the European Commission against Member States that fail to implement it properly.
Definition of Crypto-Assets
One of the most significant differences lies in how each framework defines the crypto-assets within scope.
CARF uses a broad, technology-neutral definition. A "Relevant Crypto-Asset" is any digital representation of value that relies on a cryptographically secured distributed ledger or similar technology and that can be held or transferred for payment or investment. CARF explicitly includes stablecoins and certain NFTs but excludes central bank digital currencies (CBDCs) and crypto-assets that the reporting CASP has adequate assurance cannot be used for payment or investment.
DAC8 aligns its definition with the EU's Markets in Crypto-Assets Regulation (MiCA). This creates a more specific scope tied to the MiCA classification of crypto-assets: asset-referenced tokens, e-money tokens, and other crypto-assets as defined in the regulation. The MiCA-based definition provides legal certainty within the EU but may create gaps or overlaps when compared to CARF's broader approach, particularly for novel asset types.
Definition of Reporting Entities
CARF defines a "Reporting Crypto-Asset Service Provider" (RCASP) as any entity or individual that, as a business, provides services effectuating exchange transactions on behalf of customers. This includes exchanges, brokers, and certain operators of crypto-asset ATMs.
DAC8 extends this definition to encompass all CASPs licensed or registered under MiCA. This includes not only exchange service providers but also custodians, transfer service providers, and platforms that provide advice or portfolio management for crypto-assets. DAC8's scope of reporting entities is therefore broader than CARF's in some respects.
Additionally, DAC8 introduces a concept of "Reporting Crypto-Asset Operators" that can include entities beyond traditional CASPs, capturing decentralized exchange operators or other intermediaries that facilitate reportable transactions.
Due Diligence Procedures
Both frameworks require CASPs to perform customer due diligence, but the procedures differ in detail.
CARF prescribes a specific due diligence process that includes collecting self-certifications of tax residency, validating TINs, and applying the "reason to know" standard when the CASP has information that contradicts the self-certification. CARF allows alternative due diligence procedures for pre-existing accounts (accounts opened before the implementation date).
DAC8 incorporates CARF's due diligence procedures but adds EU-specific requirements. These include alignment with anti-money laundering (AML) due diligence requirements under EU Directive 2015/849, integration with MiCA's customer identification processes, and specific provisions for handling EU-resident users of non-EU CASPs.
Reporting Requirements
CARF requires reporting of four types of transactions: exchanges between Relevant Crypto-Assets and fiat currency, exchanges between different Relevant Crypto-Assets, transfers of Relevant Crypto-Assets, and retail payment transactions. Reports must include the gross amount of each transaction type, the number of transactions, and the fair market value.
DAC8 follows the same transaction categories but adds specific reporting requirements related to the MiCA classification of the crypto-asset involved. CASPs must identify whether the reported crypto-asset is an asset-referenced token, an e-money token, or another type of crypto-asset under MiCA's taxonomy.
Exchange Mechanism
CARF relies on bilateral or multilateral Competent Authority Agreements (CAAAs) for the exchange of information between jurisdictions. Each pair of jurisdictions must have an agreement in place before information can be exchanged. This creates a network of bilateral relationships that must be individually negotiated and maintained.
DAC8 uses the EU's existing automatic exchange of information infrastructure under the Directive on Administrative Cooperation. Information flows through a centralized EU system, with each Member State's tax authority automatically sharing reported data with the tax authorities of all other Member States where reported users are resident. This is significantly more efficient than CARF's bilateral approach.
Penalties and Enforcement
CARF does not prescribe specific penalties. Each implementing jurisdiction determines its own sanctions for non-compliance, leading to wide variation in enforcement rigor across countries.
DAC8 also leaves penalty determination to individual Member States, but within the EU's established enforcement framework. The European Commission can take action against Member States that fail to implement the directive properly or that do not ensure adequate enforcement. This creates an additional layer of accountability that CARF lacks.
Implications for Multi-Jurisdictional CASPs
CASPs that operate in both EU and non-EU CARF jurisdictions face a dual compliance challenge. They must implement DAC8's EU-specific requirements for their EU operations while simultaneously meeting CARF's requirements in other jurisdictions.
Key areas of divergence that require careful management include the different definitions of in-scope crypto-assets, variations in due diligence procedures, differences in XML schema structures, and varying reporting deadlines across jurisdictions.
Conclusion
While DAC8 and CARF share a common DNA, CASPs should not assume that compliance with one automatically ensures compliance with the other. A thorough analysis of the differences, particularly in asset definitions, entity scope, and due diligence procedures, is essential for any CASP that operates across EU and non-EU jurisdictions. Building a compliance infrastructure that can handle both frameworks simultaneously will be a key competitive differentiator in the coming years.
Preparing for DAC8?
Our team helps CASPs with gap analysis, transposition tracking, TIN validation, and XML report generation.