Crypto is long past being just a hype. As the industry matures and professionalizes, so does regulation. With the introduction of the DAC8 reporting obligation, crypto exchanges, brokers, wallet providers, and digital asset platforms are entering a new phase of accountability. Research by Supplied, an AI-driven platform for onboarding, verification, and compliance, shows that meeting these requirements can increase compliance costs by more than 15%. However, embracing automation and AI-driven technology can turn this administrative burden into an opportunity - reducing costs, improving accuracy, and gaining a competitive edge.
Understanding DAC8: scope, purpose, and global context
DAC8 is an EU directive designed to increase tax transparency in the rapidly growing crypto economy. It is the EU’s implementation of the OECD’s Crypto-Asset Reporting Framework (CARF), which has been adopted by more than 50 countries worldwide. It builds on earlier regulations for administrative cooperation between tax authorities, such as DAC7 for online platforms, and extends them to cover crypto-assets, which have historically operated outside traditional financial reporting systems.
The directive was introduced to ensure that crypto transactions become visible to tax authorities, to combat tax evasion and avoidance, and to create a level playing field between traditional financial institutions and digital asset platforms. This year marks the first reporting year, with data submissions due by January 31, 2027.
Who is affected and what does reporting entail
DAC8 applies to Reporting Crypto-Asset Service Providers, including crypto exchanges, brokers, wallet providers, and digital asset platforms. Importantly, it does not matter where a company is headquartered. Any organization serving EU users falls within scope.
The reporting requirements are extensive and go far beyond what many platforms are used to. Organizations must collect and verify user identity and tax residency, gather wallet addresses, and report detailed transaction data, including transaction types, volumes, and the fair market value of crypto-assets.
In addition, a brand-new requirement has been introduced - one that is not common in other industries: platforms must obtain a self-certification from users. This certification, entailing KYC data, including TIN, introduces additional risks for both users and platforms. If a user fails to provide this information after two reminders within 60 days, the platform is legally required to block that user from performing further transactions. This creates a direct operational dependency between compliance and user activity that many platforms have not previously encountered.
Regulatory and operational consequences of non-compliance
The consequences of non-compliance are significant and should not be underestimated. Financial penalties can range from €20,000 to €500,000, depending on the severity and jurisdiction. And beyond fines, there is a clear operational impact, as platforms must enforce user restrictions when compliance requirements are not met, potentially affecting revenue and customer experience.
There are also reputational risks, as failing to comply with tax regulations can damage trust among customers, partners, and investors. In more severe cases, non-compliance may even jeopardize MiCA passporting rights, effectively limiting or preventing a company’s ability to operate across the European Union.
On top of that, non-compliant organizations are likely to face increased scrutiny and audits from tax authorities, leading to additional costs and operational disruption. Compliance is therefore no longer just an administrative task; it has become a prerequisite for doing business in Europe.
Implementation challenges and cost implications
Implementing DAC8 is both complex, costly, and resource intensive. Organizations must invest in compliance teams, technology, data infrastructure, and ongoing training. These activities are not only time-consuming but also prone to human error, further increasing the operational burden.
Research by Supplied indicates that meeting crypto compliance requirements typically increases costs by more than 15%. Much of this cost is driven by manual processes such as data collection, validation, reconciliation, and ongoing monitoring. One of the biggest challenges is the time required. Data often needs to be collected from multiple platforms and internal systems, unified into a single dataset, and then enriched and corrected - costing up to 120 additional hours.
Automation as a driver of compliance efficiency
Leveraging automation and AI-driven technology fundamentally changes the equation. Organizations that adopt automated solutions for onboarding, verification, and reporting see dramatic improvements in efficiency and accuracy. Error rates can be reduced by up to 90% as various automation platform providers show, while processing time drops to a fraction of previous levels.
In addition, conversations between Supplied and international accounting firms reflect that automation can deliver labor savings of up to 70%, significantly reducing the overall cost of compliance. What initially appears to be a regulatory burden can therefore become an opportunity to streamline operations and improve performance.
From regulatory burden to competitive advantage
DAC8 marks a turning point for the crypto industry. Compliance readiness is no longer optional; it is a defining factor in a market that is becoming increasingly regulated and professionalized. Organizations that invest early in scalable, automated processes will not only be better prepared to meet regulatory requirements but will also benefit from lower costs, higher data quality, and stronger operational resilience.
The January 2027 deadline may seem far away, but the operational requirements are already in effect. Companies that act now will avoid last-minute pressure and stay ahead in a rapidly evolving market.
