- Crypto firms operating in the EU must report transactions and holdings in a standardized format.
- Regulators will gain broader access to user data, raising privacy concerns.
- ESMA may directly supervise major exchanges, centralizing crypto oversight across the EU.
The European Union has introduced a new set of rules that will significantly change how crypto-asset service providers operate across the bloc.
These measures take effect on 1 January 2026 and represent one of the EU’s most ambitious efforts to tighten control over crypto activity.
The rules establish standardized reporting requirements that will give tax authorities far greater visibility into the cryptocurrency market.
Stricter reporting requirements are coming
At the core of the new framework is an expansion of the Directive on Administrative Cooperation, commonly referred to as DAC8.
This update requires cryptocurrency exchanges, wallet providers and other digital asset operators to report customer holdings and transactions in a standardized digital format.
Once submitted, these reports will be automatically shared among EU tax authorities, enabling regulators to monitor crypto flows and trading activity more effectively.
Formalized under Implementing Regulation (EU) 2025/2263, the rules also mandate the creation of a comprehensive register of crypto-asset operators.
Each reporting operator will receive a unique 10-digit identification number, beginning with an ISO country code, to simplify cross-border supervision.
Operators removed from the register must still have their information retained for up to 12 months, ensuring continuity in regulatory oversight.
Member states are expected to submit annual assessments to the European Commission using standardized reporting templates.
Privacy under the microscope
Although presented as measures to combat tax fraud, financial crime and market abuse, the regulations raise significant concerns about the privacy of crypto users.
The Funds Transfer Regulation, which extends the so-called “travel rule” to crypto transactions over €1,000, already requires identification of both senders and recipients, including interactions with self-custody wallets.
Users may also be asked to verify ownership of their private wallets.
When combined with DAC8, these measures provide regulators with unprecedented insight into individual trading behavior, wallet flows and service provider activities.
The broader regulatory package from the European Commission complements the Markets in Crypto-Assets framework (MiCA) and forthcoming anti-money laundering rules.
Major crypto operators are expected to conduct enhanced customer due diligence, report suspicious activity and disclose the energy consumption of their operations.
Supporters of the new rules, including European Central Bank President Christine Lagarde, argue that a unified EU approach will replace fragmented national supervision that has historically hindered consistent enforcement.
However, the plan to grant the European Securities and Markets Authority direct oversight of major exchanges and cross-border clearinghouses has drawn criticism from smaller financial centers such as Luxembourg, Malta and Ireland.
They warn that consolidating supervisory powers could raise compliance costs and disadvantage operators in smaller jurisdictions.
The Financial Stability Board, the G20’s primary financial oversight body, has also recently noted that strict privacy laws worldwide often complicate cross-border cooperation.