On 16 May 2023, the Economic and Financial Affairs Council of the EU (ECOFIN) reached an agreement on the proposal to extend the Directive on Administrative Cooperation (DAC) to cover the exchange of information on crypto-assets, as well as certain tax rulings for individuals (DAC8). In addition, DAC8 introduces or amends other provisions related to the previous DACs. We highlight hereunder the salient provisions of DAC8.

Reporting of transactions in relation to crypto-assets and e-money

DAC8 primarily extends the EU tax transparency rules to cover crypto-assets and e-money and will apply to all crypto-assets service providers (CASPs) providing a service in the EU. Reporting crypto-asset service providers (RCASPs), i.e. in-scope CASPs and crypto-assets operators, will be required to carry out due diligence procedures to identify whether their clients are reportable or not.

Subsequently RCASPs will be required to report certain information on reportable transactions and transfers involving crypto assets and e-money to the relevant competent authorities. This information would be exchanged by the recipient's Member State with the tax authorities of the Member State where the reportable user is tax resident. The information to be exchanged includes identification details of reportable user / entity / person, identification details of the RCASP and details of the reportable transaction. The rules contained in DAC8 are largely consistent with the OECD's Crypto-Asset Reporting Framework (CARF). The CARF is a global tax transparency framework that provides for the automatic exchange of tax information on crypto-asset transactions. By agreeing on DAC 8, the EU took a forefront role in transposing the CARF.

During the same ECOFIN meeting, there was also formal adoption of the Markets in Crypto-Assets Regulation (MiCA), as well as the Transfer of Funds Regulation (TFR). Both Regulations are relevant for the application of DAC8, which refers to the two Regulations for definitions and authorization requirements.

Exchange of information related to non-custodial dividends

DAC8 extends the scope of the mandatory automatic exchange of information between Member States of certain categories of income and capital (i.e. of DAC1) to include non-custodial dividends, these being dividends or other income treated as dividend paid or credited to an account which does not hold the financial asset for the benefit of another person. Exempt dividends in terms of the Parent-Subsidiary Directive are specifically excluded from reporting.

Exchange of information on cross-border rulings related to individuals

DAC 8 extends the automatic exchange of advanced cross-border rulings to cover rulings involving the tax affairs of individuals when:

  • the amount of the transaction or series of transactions included in the ruling exceeds EUR 1,500,000; or
  • the scope of the ruling is to determine the tax residence of the individual.

The rules would only cover rulings issued, amended, or renewed after 1 January 2026. Rulings issued prior to this date would fall outside scope despite being still valid.

Penalties

Member States were not able to agree on the framework of minimum penalties proposed by the Commission. Therefore, to ensure a proper enforcement of this Directive, Member States are required to lay down rules on the penalties applicable to infringements of national provisions following the transposition of DAC8. The choice of penalties will remain within the discretion of Member States, but should be effective, proportionate and dissuasive.

Reporting of the Tax Identification Number

DAC 8 stresses the importance of collecting and exchanging the Tax Identification Number (TIN) of the reported entities and individuals as it increases Member States' capability of identifying the relevant taxpayers and correctly assessing the related taxes.

As a result, Member States are required to ensure:

  • the reporting of the TIN in the context of the exchanges related to certain categories of income and capital subject to mandatory automatic exchange of information (DAC1) – applicable from 1 January 2030;
  • the collection of the TIN and its inclusion in the exchanges of information in the context of advance cross-border rulings and advance pricing agreements (DAC3), country-by-country reports (DAC4) and reportable cross-border arrangements (DAC6) – applicable from 1 January 2028.

DAC 6 already required the reporting of the TIN for intermediaries and relevant taxpayers, but the amendments extend this requirement to cover the TIN of any other person in a Member State likely to be affected by the reportable cross-border arrangement.

Amendment to DAC 6

In addition to the TIN requirements mentioned above, the requirement for intermediaries, who are subject to legal professional privilege, to notify other intermediaries of their reporting obligations under DAC6 were amended in light of the Court of Justice of the European Union (CJEU) decision in case C-694/20. The CJEU had invalidated the article which had the effect of requiring an intermediary acting as such (a lawyer in the case at hand) that is subject to legal professional privilege to notify any other intermediary – who is not his or her client, of their reporting obligations. DAC8 now spares the intermediaries from such waiver notifications to persons who are not their 'client' as defined. In addition, DAC8 no longer requires the identification of non-disclosing intermediaries as one of the items to be submitted to the tax authorities in the DAC6 report.

In Malta certain professionals are indeed covered by legal professional privilege and have a waiver from filing DAC6 reports. Soon after the judgement was published, the Commissioner for Revenue issued a Guideline explaining amongst others that the waiver notification obligation shall not apply in the case of advocates, notaries and legal procurators except where the notification is to be made to the client of the said advocates, notaries and legal procurators.

Other amendments

Member States are required to put in place effective mechanisms to ensure the use of the information acquired through the reporting and exchange of information under DAC8. These mechanisms could include voluntary compliance programs, notifications to generate disclosure, awareness campaigns, prefilling tax returns, risk assessments, limited audits, general audits, tax coding, tax estimation, assimilation into domestic systems and other tax-related measures.

Another amendment extends the use of the information communicated between Member States for the assessment, administration and enforcement of the national law of Member States concerning customs duties and anti-money laundering and countering the financing of terrorism.

Moreover, Member States are required to retain records of the information received through the automatic exchange of information pursuant to the DAC for no longer than necessary but in any event not shorter than least five years from date of receipt to achieve the purpose of the DAC.

Effective Date

With the exception of the TIN related provisions referred to above, Member States would need to transpose the Directive by 31 December 2025. The rules would become applicable as of 1 January 2026.

Final Comments

The Directive will be formally adopted once the European Parliament have given their non-binding opinion. However, the EU Council has already agreed on the final text and any changes potentially proposed by the Parliament would not be considered.

From a Malta perspective, one expects DAC8 to be transposed through an amendment to the Cooperation with Other Jurisdictions on Tax Matters Regulations, S.L.123.127. It is early days to comment on the Revenue's practical and interpretational approach towards DAC8, yet we will keep monitoring local developments to be of service to you.

Nonetheless, although 2026 may sound far off, reportable crypto-asset service providers in particular should start thinking about the possible DAC8 implications in terms of, but not exclusively, extent and quality of data in hand, systems and processes needed to be in place, possible validation of data, review of contractual relationships, data protection, data retention, and much more.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.