Go back to the Euro Tax Flash homepage.

Proposal to extend the scope of the DAC: crypto-assets and cross-border rulings to high-net-worth individuals (DAC8)

Directive on Administrative Cooperation – Automatic Exchange of Information – Crypto assets – Tax rulings to high-net-worth individuals

On December 8, 2022, the European Commission (EC or Commission) issued a proposal for an extension of the Directive on Administrative Cooperation (DAC) to cover the exchange of information on crypto-assets, as well as tax rulings for individuals (DAC8). The rules also aim to introduce a common system of minimum penalties for serious non-compliance offences, applicable both to existing and proposed disclosure requirements. 

In the case of crypto-assets, the proposed revision includes rules on due diligence procedures and reporting requirements for crypto assets service providers, based on the OECD’s Crypto-Asset Reporting Framework (CARF). The proposal is aligned with the definitions included in the Markets in crypto-assets (MiCA) Regulation, that regulates the issuance and trading of crypto-assets within the EU. 


In its Action Plan for fair and simple taxation supporting recovery, the Commission identified the need to further expand the Directive on Administrative Cooperation (2011/16) (DAC) to crypto-assets. Between November 2020 and June 2021, the Commission collected stakeholders' views on a future revision of the DAC, with the aim to include alternative means of investment and payment (e.g. crypto-assets, e-money) in the scope of exchange of information. 

The proposal was initially expected by the end of September 2021, but the deadline was postponed likely with a view to allowing alignment with the CARF, which was approved by the OECD in August 2022. The CARF is designed as a global initiative that aims to ensure transparency with respect to crypto-asset transactions and contains model rules that can be transposed into domestic legislation, as well as commentary to help administrators with implementation. For more details please refer to a tax alert prepared by KPMG in the UK.

Proposed changes under DAC8

Revision of the DAC to cover crypto assets

DAC8 aims to extend EU tax transparency rules to cover crypto-assets. As a first step, in-scope crypto-asset service providers would be required to collect and verify – in line with specific due diligence procedures (prescribed in Annex VI of the proposal), information from EU clients. Subsequently, certain information would be reported to the relevant competent authorities. Under a third step, this information would be exchanged by the recipient Member State with the tax authorities of the Member State where the reportable user is tax resident. 

The aim is to increase the ability of tax authorities to determine whether income derived from crypto-asset transactions is correctly declared.  


The proposal builds on the provisions of the MiCA in terms of definitions and authorization requirements, as follows:  

  • crypto-assets refer to any digital representation of a value or a right which may be transferred and stored electronically, using distributed ledger technology or similar technology; 
  • crypto-asset service providers are defined as legal entities or undertakings that provide crypto-asset services1 to third parties on a professional basis and which are authorized to provide these services under the MiCA; 
  • crypto-asset operators are any individuals or legal entities providing crypto-asset services to third parties on a professional basis, but falling outside the scope of the MiCA.  

Reporting crypto-asset service providers 

The rules will impact crypto-asset service providers and crypto-asset operators facilitating transactions for EU residents, irrespective of the size and location of the providers, i.e. whether based in the EU or in a third country.

Reportable users   

A crypto-asset user is an EU-resident individual or an entity that is a customer of a reporting crypto-asset service provider for the purposes of reportable transactions. The proposal prescribes who the reportable user is in cases where: 

  • an individual or a legal entity, other than a financial institution or a reporting cyrpto-asset service provider, act for the benefit or on the account of another individual or company – the latter individual or company would be considered as being the user, or
  • the service provider facilitates payments in crypto-assets for or on behalf of a merchant – the customer that is the counterparty to the merchant must be treated as a crypto-asset user.  

DAC8 also provides for specific carve-outs for users that are: companies listed on a regulated stock exchanges and their related parties, governmental entities, international organizations, central banks and certain other financial institutions. Transactions entered into by entities falling within the scope of the carve-outs would not be reportable. 

Reportable information 

The proposal covers both domestic and cross-border exchanges and transfers of reportable crypto-assets. In some cases, reporting obligations will also cover non-fungible tokens (NFTs). The information would need to be reported on an aggregated basis, by type of reportable crypto-asset. 

In line with the MiCA, reportable crypto-assets include any crypto-asset other than a Central Bank digital currency, electronic money, electronic money token, or any crypto-asset for which the reporting crypto-asset service provider has adequately determined that it cannot be used for payment or investment purposes.

Due diligence requirements for in-scope crypto-asset service providers

As mentioned above, in-scope crypto-asset service providers would be required to carry out due diligence procedures, as detailed in Annex VI, Section III of the proposal. The aim of the procedures is to allow providers to identify, through self-certification, whether their clients are reportable or not.  

Specific due diligence procedures are proposed, depending on whether the crypto-asset user is an individual or a legal entity. 

For individual costumers, reporting crypto-asset service providers would need to obtain a self-certification allowing them to determine the individual’s tax residence and confirm the reasonableness of the self-certification based on the information obtained, including any other documents collected based on customer due diligence procedures. 

The proposed rules also prescribe the information that reporting crypto-asset service providers would need to collect in cases when the customer is a legal entity. The procedures apply for the purpose of determining whether the crypto-asset user is a reportable user or a legal entity, other than one benefiting from a carve-out, with one or more controlling persons that qualify as reportable persons. Similar to the above, the process also consists in a self-certification, which would allow the service provider to determine the tax residence of the legal entity or controlling person. The crypto-asset service providers would also need to confirm the reasonableness of the self-certification. As a related note, when determining the controlling persons of an crypto-asset user, service providers may relay on the customer due diligence procedures, provided that such procedures are consistent with Directive (EU) 2015/849. If the reporting crypto-asset service provider is not legally required to apply customer due diligence Procedures that are consistent with Directive (EU) 2015/849, it will be required to apply substantially similar procedures for the purpose of determining the controlling persons.

The processes above should be completed for new customers, but also for pre-existing clients within 12 months after DAC8 enters into force.

The draft directive also prescribes the self-certification requirements for: 

  • individual crypto-asset users. The information to be collected in this case includes: first and last name; residence address; tax residence; the tax identification number (s) (TINs); date of birth. 
  • entity crypto-asset users. Required information includes: legal name; address; tax residence, the TIN(s); the information listed under the first bullet above for each controlling person, if the case; information supporting the applicability of a carve-out (if applicable).  

The rules also accommodate cases where the crypto-asset service providers rely on self-certification of customers through an Identification Service made available by a Member State. 

Reporting crypto-asset service providers that also qualify as financial institutions for the purpose of the DAC may rely instead on the due diligence procedures completed based on DAC 2 – implementing the OECD Common Reporting Standard (CRS) which prescribes the automatic exchange of information on financial accounts held by non-residents.

Timing and location of reporting

Reporting EU crypto-asset service providers are required to disclose the information in the Member State where they are resident for tax purposes. 

In the case of third-country service providers active in the EU, DAC8 distinguishes two situations, as follows: 

  • non-EU crypto-asset service providers regulated by MiCA. As noted in the Commission’s Q&A, such companies need to be authorized in a Member State. The DAC8 reporting will take place in the Member State where these companies are authorized; 
  • non-EU companies falling outside the scope of MiCA, which will be required to elect a single Member State to register and carry out their reporting obligations. There is an exception to this rule, whereby non-EU service providers would be relieved from the obligation of single registration and reporting insofar as there is an effective qualifying competent authority agreement in place between the jurisdiction of the user and the third country where the provider is resident. The EC is conferred with implementing powers to determine whether the information to be exchanged under a relevant agreement between the foreign jurisdiction and a Member State is equivalent to the one under DAC8. 

Reportable crypto-asset service providers must disclose the reportable information to the relevant authorities no later than January 31 of the following calendar year.

Exchange of information 

The disclosed information would be exchanged automatically, on an annual basis, via the EU common communication network by using an XML schema to be developed by the Commission. The automatic exchange of information will take place within two months of the end of the year for which information was filed. 

Specific sanctions

Where, after two reminders but not sooner than a 60-day period, crypto-asset users fail to provide the information required for the provider to complete their due diligence procedures, the crypto-asset service providers are required to prevent users from performing exchange transactions. 

Except for the newly introduced minimum level of penalties – see section “Sanctions” below for more details, the proposal leaves it to Member States to introduce sanctions for failing to comply with the crypto-assets disclosure requirements. Such penalties must be “effective, proportionate and dissuasive”.

Exchange of information on cross-border rulings to high-net-worth individuals

DAC8 aims to extend the automatic exchange of advanced cross-border rulings to cover high-net-worth individuals, i.e. holding a minimum of EUR 1,000,000 in financial or investable wealth or assets under management, excluding their main private residence. As a related note, tax rulings and advance pricing agreements are already part of the information exchange based on DAC3, but existing requirements exclude cross-border rulings that exclusively concern and involve the tax affairs of one or more individuals.

The rules would cover all tax rulings for in-scope individuals issued, amended, or renewed after December 31, 2025. In the case of tax rulings issued, amended or renewed between January 1, 2020 and December 31, 2025, the information would be exchanged provided they are still valid on January 1, 2026.  

Other DAC8 measures

DAC8 also aims to extend the scope of the mandatory automatic exchange of information between Member States to cover non-custodial dividend income. Moreover, Member State would no longer be allowed to opt-out of receiving information on any category of income and capital. An amendment would oblige Member States to exchange with other Member States all information that is available on all categories of income and capital starting with taxable periods commencing on or after January 1, 2026.

Member State would also be required to report the tax identification number (TIN) of the beneficiary for each income category subject to the mandatory exchange of information (DAC7 only prescribed that Member States should endeavor to include the TIN). The Commission is tasked with developing a tool that would allow Member States to automatically verify and validate the correctness of the TIN. 


DAC8 also includes provisions that would require Member States to introduce a minimum level of penalties for serious non-compliant behavior – i.e. to be applied in cases of non-reporting after two valid administrative reminders or when missing / inaccurate information amounts to more than 25 percent of the data that should have been reported. 

The minimum penalties vary based on the type of infringement, the turnover of the non-compliant reporting entity and on whether the offender is a company or an individual. The new system would apply to the new disclosure requirements under DAC8, but also to cases where in-scope companies and individuals fail to comply with existing reporting requirements – e.g. country-by-country reporting (CbyC) to tax administrations under DAC4, the Mandatory Disclosure Requirements (DAC6) and the reporting requirements for platform operators (DAC7). 

Next steps

The Commission proposes that the provisions of the Directive should apply generally as of January 1, 2026 (with some exceptions). This timeline is aligned to the CARF. 

The EC has launched a public consultation seeking feedback from interested stakeholders on the proposed revisions. The public consultation will run for an eight-week feedback period – starting from December 8, 2022 but extended every day until the proposal is available in all EU languages.  For more information, please refer to the public consultation webpage.

The legal basis for the Commission’s proposal are Article 115 and Article 113 of the Treaty on the Functioning of the EU (TFEU), which require unanimity for Council approval. The legislative proposal will also be submitted to the European Parliament for consultation and the Council will adopt the text once the Parliament and any relevant Committees have given their (non-binding) opinions.

EU Tax Centre comment

The proposed revision to the DAC is the latest in a series of amendments that have significantly expanded the scope of reporting and automatic exchange of information in the EU. In addition to extending reporting and information exchange to crypto-assets, DAC8 aims to close loopholes identified by the European Parliament2 and the European Court of Auditors3 related to advance tax rulings issued for high-net-worth individuals.  

The intention to improve the DAC efficiency by designing a common system of penalties was announced by Commissioner Gentiloni in a written response to a question asked by a Member of the European Parliament – see E-news Issue 135 and re-confirmed in a speech held at the Annual Tax Conference of Chamber of Commerce in Finland. The Commission has been unsuccessful in the past in obtaining unanimous agreement from Member States on a floor for penalties (e.g. under the Minimum Tax Directive proposal). It therefore remains to be seen whether the provisions on penalties will make it through the negotiations process unchanged. 

Lastly, whilst non-binding, it will be interesting to see the opinion of the European Parliament on DAC8. The Parliament has criticized the Council in the past for not considering their recommended changes – most recently on DAC7 (see E-news Issue 128). 

As a side note, DAC7 - introducing disclosure requirements for platform operators, was approved within five months from the publication of the EC’s initial proposal. 

Should you have any queries, please do not hesitate to contact KPMG’s EU Tax Centre (mailto:kpmgeutaxcentre@kpmg.com), or, as appropriate, your local KPMG tax advisor. 

1Crypto-asset services include: the custody and administration of crypto-assets on behalf of third parties; the operation of a trading platform for crypto-assets; the exchange of crypto-assets for funds; the exchange of crypto-assets for other crypto-assets; the execution of orders for crypto-assets on behalf of third parties; placing of crypto-assets; providing transfer services for crypto-assets on behalf of third parties; the reception and transmission of orders for crypto-assets on behalf of third parties; providing advice on crypto-assets; providing portfolio management on crypto-assets. 

2European Parliament resolution of 26 March 2019 on financial crimes, tax evasion and tax avoidance (2018/2121(INI)).

3European Court of Auditors: Exchanging tax information in the EU: solid foundation, cracks in the implementation (January 26, 2021) – see E-news Issue 125

Connect with us