- Crypto firms operating in the EU must report transactions and holdings in a standardised format.
- Regulators will gain wider access to user data, raising privacy concerns.
- ESMA may oversee major exchanges, centralising EU crypto supervision.
The European Union has unveiled a new set of rules that will significantly change how crypto-asset service providers operate across the bloc.
These changes are set to take effect on January 1, 2026, marking one of the EU’s most ambitious attempts to tighten control over crypto activities.
The rules will introduce standardised reporting requirements that will give tax authorities deeper visibility into the cryptocurrency market.
Tougher reporting requirements are coming
At the heart of the new framework is the expansion of the Directive on Administrative Cooperation, known as DAC8.
This update requires crypto exchanges, wallet providers, and other digital-asset operators to report customer holdings and transactions in a standardised digital format.
Once submitted, these reports will be automatically shared among EU tax authorities, enabling regulators to monitor crypto flows and trading activity more effectively.
The regulation, formalised under Implementing Regulation (EU) 2025/2263, also mandates the creation of a comprehensive Crypto-Asset Operator register.
Each reporting operator will receive a unique 10-digit identification number, starting with an ISO country code, to simplify cross-border supervision.
Even when an operator is removed from the register, the information must be retained for up to 12 months, ensuring continuity in regulatory oversight.
Member states are expected to submit annual assessments to the European Commission using standardised reporting templates.
Privacy under the microscope
While the regulation is framed as a measure to combat tax fraud, financial crime, and market abuse, it raises significant privacy concerns for crypto users.
The Transfer of Funds Regulation, which extends the so-called “travel rule” to crypto transactions above €1,000, already requires identification of both senders and recipients, including interactions with self-hosted wallets.
Users may also be asked to verify ownership of their private wallets.
Combined with DAC8, these measures give regulators unprecedented insight into individual trading behaviour, wallet flows, and the activities of service providers.
The European Commission’s broader regulatory package works alongside the Markets in Crypto-Assets framework (MiCA) and upcoming anti-money laundering rules.
Large crypto operators will be expected to carry out detailed customer due diligence, report suspicious activities, and disclose energy consumption for their operations.
Supporters of the new rules, including ECB President Christine Lagarde, argue that a unified EU approach will replace fragmented national supervision, which has historically hindered consistent enforcement.
However, the plan to give the European Securities and Markets Authority direct oversight over major cross-border exchanges and clearing houses has drawn criticism from smaller financial hubs, including Luxembourg, Malta, and Ireland.
They warn that consolidating supervisory powers could raise compliance costs and disadvantage operators in smaller jurisdictions.
The Financial Stability Board, the G20’s leading financial watchdog, also recently noted that strict privacy laws worldwide often impede cross-border cooperation.
