- Crypto firms operating in the EU must report transactions and holdings in a standardized format.
- Regulators will gain broader access to user data, raising privacy concerns.
- ESMA could take oversight of major exchanges, centralizing crypto supervision in the EU.
The European Union has introduced a new regulatory framework that will fundamentally change how crypto-asset service providers operate across the bloc.
These measures take effect on January 1, 2026, and represent one of the EU’s most ambitious efforts to tighten control over crypto activities.
The rules introduce standardized reporting requirements that will give tax authorities deeper visibility into the crypto market.
Stricter reporting requirements are coming
At the center of the new framework is an expansion of the Directive on Administrative Cooperation, commonly referred to as DAC8.
This update requires crypto exchanges, wallet providers, and other digital asset operators to report customer holdings and transactions in a standardized digital format.
Once submitted, these reports will be automatically shared with EU tax authorities, enabling regulators to monitor crypto flows and trading activity more effectively.
The requirements formalized by Implementing Regulation (EU) 2025/2263 also mandate the creation of a comprehensive crypto-asset operator registry.
Each reporting operator will receive a unique ten-digit identification number, beginning with an ISO country code, to simplify cross-border oversight.
Even if an operator is removed from the registry, records must be retained for up to 12 months to ensure continuity of regulatory supervision.
Member states are expected to provide annual evaluations to the European Commission using standardized reporting templates.
Privacy under scrutiny
Although the regulation is framed as a tool to combat tax fraud, financial crime, and market abuse, it raises significant privacy concerns for crypto users.
The Transfer of Funds Regulation, which expands the so-called “travel rule” to crypto transactions above €1,000, already requires identification of both senders and recipients, including interactions with self-hosted wallets.
Users may also be required to prove ownership of private wallets.
Together with DAC8, these measures give regulators unprecedented insight into individual trading behavior, wallet flows, and service-provider activities.
The broader regulatory package from the European Commission runs in parallel with the Markets in Crypto-Assets framework (MiCA) and impending anti-money laundering rules.
Large crypto operators will be expected to carry out detailed customer due diligence, report suspicious activity, and disclose the energy consumption associated with their operations.
Supporters of the new rules, including ECB President Christine Lagarde, argue that a unified EU approach will replace the fragmented national supervision that has historically hindered consistent enforcement.
However, the proposal to give the European Securities and Markets Authority direct oversight of major cross-border exchanges and clearinghouses has drawn criticism from smaller financial centers such as Luxembourg, Malta, and Ireland.
These jurisdictions warn that consolidating supervisory powers could increase compliance costs and disadvantage operators based in smaller regulatory regimes.
The Financial Stability Board, the G20’s leading financial oversight body, recently noted that strict national privacy laws around the world often impede cross-border cooperation.