Journalist
Hassan Shittu
Journalist
Hassan Shittu
Share
The European Union has introduced a sweeping set of crypto data-sharing rules that will reshape how exchanges, wallet providers, and other crypto-asset service providers operate across the bloc.
The new framework, published on November 26 under Implementing Regulation (EU) 2025/2263, establishes strict requirements for how crypto firms collect, store, and report user information to tax authorities.
It represents one of the EU’s most far-reaching attempts to tighten oversight of digital assets, and it will apply from January 1, 2026.
New DAC8 Rules Force Standardised Crypto Reporting Across the EU
At the centre of the changes is the expansion of the Directive on Administrative Cooperation (DAC8), which mandates the automatic exchange of information between EU member states.
The updated rules require crypto-asset service providers to report customer holdings and transactions in a standardised digital format.
These reports will then be shared among tax authorities across the EU, giving regulators a much clearer view of crypto activity.
The Commission says the goal is to “facilitate the communication of information” and ensure that all member states report the same level of detail.
The regulation lays out technical rules, including new standard forms, a unified computerised reporting format, and the creation of a detailed Crypto-Asset Operator register.
Every reporting crypto operator will be assigned a 10-digit identification number, beginning with an ISO country code, to streamline cross-border supervision.
Under the amendments, information deleted from the operator register must still be retained for up to 12 months, showing the EU’s focus on continuity in regulatory oversight.
Member states will also be required to update the Commission annually on their assessments using the newly issued reporting templates.
EU’s Incoming Crypto Data Rules Spark Fresh Privacy Debate
The new framework sits alongside other major rules coming into force. The Transfer of Funds Regulation (TFR), which extends the “travel rule” to crypto, takes effect on December 30, 2024.
It requires exchanges and wallet providers to identify both senders and recipients for transfers, including interactions with self-hosted wallets.
For transactions above €1,000, users may be asked to verify ownership of their private wallets.
The broader regulatory package also works in tandem with MiCA, the EU’s flagship crypto framework, and the bloc’s upcoming anti-money laundering rules.
Large crypto operators will need to carry out customer due diligence, report suspicious activity, and provide energy-consumption disclosures.
The European Commission is also pushing for deeper integration of supervisory powers. According to recent proposals, the European Securities and Markets Authority (ESMA) could soon take direct oversight of major cross-border exchanges and clearing houses.
Supporters, including ECB President Christine Lagarde, argue that fragmented national supervision has weakened the EU’s ability to enforce consistent rules.
ESMA chair Verena Ross noted that every member state had to build its own crypto supervision framework, calling the duplication “a heavy burden” on regulators and industry.
However, the plan faces resistance. Luxembourg, Malta, and Ireland have warned that shifting power to a central authority may disadvantage smaller financial hubs and raise compliance costs for firms operating under MiCA’s passporting regime.
The privacy debate extends far beyond Europe. The Financial Stability Board (FSB), the G20’s top financial watchdog, recently warned that strict privacy laws around the world are limiting cross-border cooperation.
In its latest review, the FSB said regulators from different jurisdictions often struggle to access the data they need to assess risks in the crypto market.
It added that confidentiality rules delay information requests and, in some cases, halt cooperation entirely.
For EU users, the new rules mean greater visibility for regulators into trading behaviour, wallet flows, and even changes in operator registration.
While the measures are framed as tools to fight tax fraud, market abuse, and financial crime, they also raise questions about how much data governments should collect from crypto participants.
