- Cryptocurrency firms operating in the EU must report transactions and holdings in a standardized format.
- Regulators will gain broader access to user data, raising privacy concerns.
- ESMA may oversee large exchanges, centralizing crypto supervision within the EU.
The European Union has published a new regulatory package that will significantly change how crypto-asset service providers operate across the bloc.
These measures take effect on 1 January 2026 and represent one of the EU’s most ambitious efforts to tighten oversight of crypto activity.
The rules introduce standardized reporting obligations that give tax authorities deeper visibility into cryptocurrency markets.
Tougher reporting requirements are coming
At the heart of the new framework is an expansion of the Directive on Administrative Cooperation, commonly known as DAC8.
Under the update, crypto exchanges, wallet providers and other digital asset operators must report customers’ holdings and transactions in a standardized digital format.
Once submitted, reports will be automatically shared among EU tax authorities, enabling regulators to more effectively track crypto flows and trading activity.
Formalized under Implementing Regulation (EU) 2025/2263, the package also requires creation of a comprehensive register of crypto-asset operators.
Each reporting operator will receive a unique 10-digit identification number beginning with an ISO country code to facilitate cross-border supervision.
Even if an operator is removed from the register, its data must be retained for up to 12 months, ensuring continuity of oversight.
Member states are expected to provide annual assessments to the European Commission using standardized reporting templates.
Privacy under the microscope
Although framed as measures to combat tax evasion, financial crime and market abuse, the changes raise substantial privacy concerns for crypto users.
The Transfer of Funds Regulation expands the so-called “travel rule” to crypto transactions above €1,000 and already requires identification of both senders and recipients, including interactions with self-custodied wallets.
Users may also be asked to confirm ownership of their private wallets.
Coupled with DAC8, these requirements give regulators unprecedented insight into individual trading behavior, wallet flows and service provider activity.
The Commission’s wider regulatory package will operate alongside the Markets in Crypto-Assets framework (MiCA) and upcoming anti-money laundering rules.
Large crypto operators are expected to carry out detailed customer due diligence, report suspicious activity, and disclose the energy consumption of their operations.
Supporters of the new rules, including ECB President Christine Lagarde, argue that a unified EU approach will replace fragmented national supervision that has historically hindered consistent oversight.
However, the proposal to give the European Securities and Markets Authority direct supervisory powers over large cross-border exchanges and clearing entities has drawn criticism in smaller financial centres such as Luxembourg, Malta and Ireland.
Critics warn that concentrating supervisory powers could raise compliance costs and disadvantage operators in smaller jurisdictions.
The Financial Stability Board, the G20’s leading financial regulatory forum, has also noted that strict privacy laws in some countries often complicate cross-border cooperation.