DAC8: new tax obligations for CASPs from 2026 and automatic transaction blocking after 60 days

From 1 January 2026, EU Member States will apply DAC8, with 2026 being the first reporting year. For crypto-asset service providers (CASPs/RCASPs), this marks a fundamental shift towards a tax transparency regime comparable to the Common Reporting Standard known from the banking sector. 

Under DAC8, CASPs will be required to collect users’ tax information, report relevant crypto-asset transactions to local tax authorities and enable the automatic exchange of such information across the EU, within a framework coordinated at the EU level by the European Commission.

Who will be covered by DAC8? Scope of entities and obligations outside MiCA

In practical terms, DAC8 applies to CASPs servicing EU users, including situations where the provider is not authorised under the MiCA regime.

The directive allows for a form of single registration for tax reporting purposes in one Member State, which means that tax transparency obligations may arise independently of MiCA authorisation status.

Self-certification- new documentation requirements for onboarding

Operationally, a cornerstone of DAC8 compliance is the obligation to obtain and validate user self-certifications covering tax residence and tax identification numbers (TINs). 

This requirement applies both at the onboarding stage for new users from 1 January 2026 and, for pre-existing users, by no later than 1 January 2027.

A valid self-certification must include, at a minimum, the user’s name, address, relevant Member State(s) of tax residence and corresponding TINs, as well as the date of birth for individuals. Where the client is an entity, CASPs will also need to identify and document controlling persons, where applicable.

Annual transaction reporting and data retention obligations

DAC8 further introduces annual transaction reporting obligations. CASPs will be required to report aggregated data relating to crypto-to-fiat exchanges, crypto-to-crypto exchanges and transfers of crypto-assets, including amounts calculated on a fair market value basis.

All due diligence and reporting records must be retained for at least five years, with a maximum retention period of ten years.

“Kill switch” after 60 days- unconditional transaction block

The most stringent feature of DAC8 is its mandatory enforcement mechanism. Where a user fails to provide the required tax information despite two reminders, and 60 days have elapsed since the initial request, the CASP must prevent that user from carrying out reportable transactions.

This “kill switch” is not discretionary; it is a statutory obligation and will form part of the supervisory and audit expectations placed on CASPs.

How to prepare for DAC8? Practical steps for CASP

From a timing perspective, CASPs must start collecting relevant data from 1 January 2026. Reporting will take place in the following calendar year, meaning that the first submissions, covering data for 2026, will be made in 2027. Tax authorities will then exchange the reported information within nine months after the end of the reporting year, i.e. by the end of September 2027 for the first reporting cycle.

In practice, this leaves CASPs with limited time to prepare. Key priorities include redesigning onboarding processes to accommodate tax self-certifications, implementing automated reminder workflows and transaction-blocking logic, mapping reportable transactions and valuation methodologies, and aligning DAC8 compliance with existing GDPR and data retention requirements.

Do you need support in implementing DAC8 requirements?

Our law firm advises CASPs on compliance with DAC8- from analyzing reporting requirements and onboarding procedures to implementing a kill switch mechanism. We help prepare documentation, model GDPR-compliant processes, and implement tax reporting systems that comply with EU standards. Contact us to secure your business.