- Crypto companies operating in the EU must report transactions and holdings in a standardized format.
- Regulators will gain broader access to user data, raising privacy concerns.
- ESMA may oversee major exchanges, centralizing crypto supervision in the EU.
The European Union has introduced a new set of rules that will significantly change how crypto-asset service providers operate across the bloc.
These changes take effect on 1 January 2026, representing one of the EU’s most ambitious efforts to tighten control over crypto activity.
The rules introduce standardized reporting requirements designed to give tax authorities deeper visibility into the cryptocurrency market.
Tighter reporting requirements are coming
At the core of the new framework is an expansion of the Directive on Administrative Cooperation, commonly referred to as DAC8.
The update requires crypto exchanges, wallet providers, and other digital asset operators to report customer holdings and transactions in a standardized digital format.
Once submitted, these reports will be automatically shared among EU tax authorities, enabling regulators to more effectively monitor crypto flows and trading activity.
The regulation, formalized under Implementing Regulation (EU) 2025/2263, also mandates the creation of a comprehensive register of Crypto Asset Operators.
Each reporting operator will receive a 10-digit unique identification number, beginning with their ISO country code, to streamline cross-border oversight.
Even when an operator is removed from the register, their information must be retained for up to 12 months, ensuring continuity in regulatory monitoring.
Member states are expected to submit annual assessments to the European Commission using standardized reporting templates.
Privacy under the microscope
Although the rules are framed as measures to combat tax fraud, financial crime, and market abuse, they raise significant privacy concerns for crypto users.
The revised Funds Transfer Regulation, which extends so-called “travel rules” to crypto transactions above €1,000, already requires identification of senders and recipients, including interactions with self-hosted wallets.
Users may also be required to verify ownership of private wallets.
Combined with DAC8, these measures give regulators unprecedented insight into individual trading behavior, wallet flows, and service-provider activity.
The Commission’s broader regulatory package works alongside the Markets in Crypto-Assets framework (MiCA) and upcoming anti-money laundering rules.
Large crypto operators will be expected to perform detailed customer due diligence, report suspicious activity, and disclose energy consumption for their operations.
Supporters of the new rules, including European Central Bank President Christine Lagarde, argue that a unified EU approach will replace fragmented national supervision that has historically hindered consistent enforcement.
However, plans to grant the European Securities and Markets Authority (ESMA) direct supervisory powers over major cross-border exchanges and clearing houses have drawn criticism from smaller financial centers, including Luxembourg, Malta, and Ireland.
They warn that concentrating supervisory power could raise compliance costs and disadvantage operators in smaller jurisdictions.
The Financial Stability Board, the G20’s leading financial regulator, has also recently noted that strict privacy laws worldwide often hinder cross-border cooperation.