As the digital asset space rapidly evolves, so too does the global regulatory landscape trying to keep pace. At the Digital Asset Summit, a highly anticipated panel “Demystifying CARF and DAC8 Regulations” moderated by Erin Fennimore, VP of Tax Solutions, Taxbit – brought together tax experts, policymakers, and institutional leaders:
- Paul Hondius, Head of Unit Harmful Tax Practices, OECD Secretariat
- Layla Majed, Head of Tax, Société Générale Securities Services
- Dion Seymour, Crypto and Digital Asset Technical Director, Andersen in the UK
to unpack two of the most significant international crypto reporting regimes: the OECD’s Crypto-Asset Reporting Framework (CARF) and the EU’s DAC8 directive.
The panel served as a crucial touchpoint for industry participants trying to understand how these frameworks will reshape compliance obligations, particularly around data collection, customer onboarding, and transactional reporting.
Understanding CARF and DAC8: A Two-Tiered Approach to Crypto Tax Reporting
The discussion opened by outlining the foundation: CARF, or the Crypto-Asset Reporting Framework, finalized in 2022 by the OECD, is a global standard for the automatic exchange of tax information on crypto transactions. DAC8 is the European Union’s implementation of CARF, finalized a year later. “CARF in a nutshell is a global automatic exchange of information framework between tax administrations on crypto assets transactions,” explained Paul.
DAC8 takes CARF a step further by mandating implementation across all EU member states: “With DAC8, the European Commission says European jurisdictions — you have to participate. So they are in, whether they like it or not,” said Dion.
CARF, on the other hand, is opt-in. “We’re up to 67 jurisdictions at the moment,” Dion noted, “most going live from the 1st of January 2026,” with some — notably the U.S. — pushing implementation out to 2027.
Why Existing Models Like CRS Fall Short
One of the major insights from the panel was that legacy frameworks like the Common Reporting Standard (CRS) were never designed to handle crypto.“You could not take traditional financial reporting models and just fit them into crypto,” said Erin.
Unlike CRS, which uses year-end account balances to assess tax data, CARF and DAC8 require aggregate transaction reporting over time. This approach helps prevent users from manipulating data by shifting assets between wallets right before a reporting cut-off.
Dion illustrated the problem well: “With crypto… it would be very simple to withdraw it from Coinbase, put that into your cold, self-hosted wallet… and that wouldn’t be a relevant crypto asset service provider. So there would be no reporting obligations.”
Hence, CARF mandates the aggregation of all transactions — in and out — across the reporting year, categorized by asset type.
Institutional Impact: Challenges for TradFi
Traditional financial institutions may be used to tax reporting under CRS, but CARF and DAC8 are a different beast. Layla emphasized that these aren’t minor upgrades — they are structural overhauls. “They are really targeting new actors… many of whom have never been subject to any automatic exchange of information or tax reporting regime.”
Even for seasoned institutions, complications arise — especially when it comes to tokenized traditional assets. “It’s just the fact that this bond is tokenized — we’re still dealing with financial instruments that have all the characteristics of a financial instrument. So it’s hard for us to understand the rationale behind additional tax reporting.”
Paul confirmed that duplication was considered during negotiations: “We have the switch-off possibility between CRS and CARF… to avoid duplicative reporting. It’s on an optional basis — that was an ask from the business community.”
But it’s still far from straightforward. Firms are struggling to determine how to classify assets and entities — are they custodial institutions under CRS, or RCASPs under CARF? Can they be both?
The Self-Certification Requirement: A Quietly Massive Shift
While reporting under CARF starts in 2027, onboarding rules begin in January 2026. That means RCASPs (Reporting Crypto-Asset Service Providers) must begin collecting self-certifications from customers — essentially tax-related identity declarations.
“This is a formal, tax-specific data collection that includes residence information and tax identification numbers,” said Fennimore. “It differs in a variety of ways from your general KYC process.” Dion warned that failing to collect a valid self-cert has hard consequences under DAC8: “If you don’t get the information on the self cert… you have to stop having the engagement, [you have to stop] being able to do the transactions.”
Layla added that the timing and triggers of due diligence are ambiguous in the crypto context: “Is it at the moment of the wallet creation? When the customer engages in a transaction? Subscription of a product? We’re asking all these questions because within CRS, it was really straightforward — account opening.”
This lack of clarity means institutions must make judgment calls and build flexible onboarding systems — a challenge for both fintech startups and multinational banks.
DeFi and the Limits of Regulation
One of the most provocative questions from the audience came from Max Bernt, who pressed the panel on whether CARF applies to decentralized finance (DeFi) platforms — especially those with no legal entity or centralized team.
Paul acknowledged the complexity: “We are not currently working on a separate set of reporting rules for decentralized finance.” However, determining whether a DeFi platform qualifies as an RCASP hinges on whether there’s “control, supervision, or influence” — a concept borrowed from FATF’s guidelines.
Dion pointed out the difficulty in drawing the line: “Where does DeFi start, and where does DeFi stop? What is decentralized in name only? Strapping the word ‘DeFi’ on something doesn’t make it immune.”
The consensus: this will be a matter of interpretation — and possibly litigation — until global standards evolve further.
The Role of the Industry in Shaping the Rules
One thing the panel made clear: industry feedback is not only welcomed but essential. Both the OECD and DAC8’s implementation processes include feedback mechanisms, and businesses are encouraged to raise practical issues now.
Paul emphasized this point: “We always rely on you to tell us what is happening here and whether this is becoming an issue… there is certainly an openness to re-evaluate this.”
Dion added that the OECD’s Business Advisory Group, which he co-chairs, is actively gathering real-world input: “If you’ve got questions or things that relate to onboarding… send the stuff to Paul to answer — that’s how it works.”
To learn more, watch the full panel discussion on demand today.
