CARF/DAC8 Compliance – The End of Crypto-Asset Opacity
Poland’s Implementation of DAC8 and the Global Architecture of Tax Transparency
On December 17, 2025, the Polish Council of Ministers adopted draft legislation amending the Act on the Exchange of Tax Information with Other States—a seemingly technical measure that nonetheless represents a fundamental transformation in the regulatory treatment of crypto-assets. This legislative initiative implements Directive (EU) 2023/2226, commonly denominated DAC8, which constitutes the eighth amendment to the European Union’s administrative cooperation framework in tax matters. For holders of Bitcoin, Ethereum, stablecoins, non-fungible tokens, and other crypto-assets who transact through exchanges or intermediaries, the implications are profound and warrant careful examination.
I. The Regulatory Impetus: DAC8 and the Dissolution of Crypto-Asset Anonymity
The draft legislation transposes into Polish law the DAC8 Directive, whose principal objective is the extension of automatic tax information exchange mechanisms to encompass crypto-assets. Throughout the preceding decade, while traditional financial accounts achieved comprehensive transparency under the Common Reporting Standard (CRS), crypto-assets remained largely outside the regulatory perimeter. As the legislative explanatory memorandum observes:
The majority of crypto-assets are not subject to reporting obligations under Directive 2014/107/EU, as they do not constitute funds held in deposit accounts or financial assets. Furthermore, crypto-asset service providers and operators are, in most instances, not encompassed by the existing definition of financial institution under Directive 2011/16/EU. Consequently, a problematic situation has emerged from the perspective of tax information exchange, wherein crypto-assets—serving as alternative payment or investment instruments—may be transferred and held without interaction with traditional financial intermediaries and without any central administrator possessing comprehensive visibility into both transactions conducted and the location of held crypto-assets.
This regulatory asymmetry is now being addressed. DAC8 implements the Crypto-Asset Reporting Framework (CARF) developed by the Organisation for Economic Co-operation and Development—the same institutional architecture that effectively dismantled Swiss banking secrecy in the traditional financial sector.
II. Reporting Entities: Defining the “Reporting Crypto-Asset Service Provider”
The draft legislation introduces a critical taxonomic category: the “reporting crypto-asset service provider.” This designation encompasses several distinct categories of market participants.
MiCA-Licensed Exchanges. Platforms such as Binance, Coinbase, Kraken, and all other entities holding Union authorization for crypto-asset services under the Markets in Crypto-Assets Regulation fall within this category.
Crypto-Asset Operators. This novel classification captures entities not directly subject to MiCA but nonetheless providing functionally equivalent services. The category includes platforms operating under reverse solicitation arrangements and operators facilitating NFT transactions.
Staking and Crypto-Lending Service Providers. The draft legislation expressly extends reporting obligations to staking services and crypto-asset lending arrangements—services not directly regulated under MiCA.
Crypto-Asset ATM Operators and Select DeFi Platforms. To the extent such entities exercise effective control over transactions, they fall within the reporting framework.
The legislation establishes a hierarchy of nexus rules determining the jurisdiction in which a given provider must discharge its reporting obligations. For Polish tax residents, the operative principle is clear: regardless of whether one utilizes an exchange registered in Malta or Estonia, user data will be transmitted to the Head of the National Revenue Administration through automatic exchange mechanisms between Member States.
III. Scope of Reportable Information
The informational requirements imposed under annual reporting leave minimal scope for ambiguity.
A. Identification Data
Reportable identification information encompasses: full legal name; residential address; state or states of tax residence; all tax identification numbers (in Poland, PESEL or NIP); and date and place of birth.
B. Transactional Data
For each category of crypto-asset, the following must be reported separately: aggregate gross amounts paid for acquisitions in fiat currency; aggregate gross amounts received from dispositions in fiat currency; fair market value of crypto-to-crypto exchanges; value of retail payment transactions where crypto-assets are used for goods and services; aggregate value and number of incoming and outgoing transfers; and unit counts and transaction volumes across each category.
C. Transfers to Self-Custody Wallets
Of particular significance is the provision concerning transfers to external addresses. Where a user withdraws crypto-assets from an exchange to a personal cold wallet, such transactions will be reported as transfers to addresses “with respect to which there is no information that they are associated with a natural person or an entity conducting business activity.”
The fiscal authorities will thus possess knowledge of crypto-assets withdrawn from the regulated ecosystem. Upon any subsequent conversion to fiat currency, questions regarding acquisition basis and the timing of income realization will inevitably arise.
IV. The Tax Residency Self-Certification Requirement
Following the entry into force of DAC8-implementing legislation, opening an account on a crypto-asset exchange will necessitate submission of a tax residency self-certification. This constitutes a condition precedent to service utilization rather than an optional formality.
A. Required Declarations
Users must declare: the state or states of tax residence; the TIN issued by each such state; and personal identifying information, submitted under penalty of criminal liability for false statements.
B. Consequences of Non-Compliance
The draft legislation is unequivocal: “the reporting crypto-asset service provider is obligated, upon expiration of 60 days from the initial request, to prevent the crypto-asset user from conducting reportable transactions.”
In practical terms, refusal to submit the required self-certification results in account suspension—precluding purchases, sales, and withdrawals alike.
C. Transitional Provisions for Existing Users
For pre-existing account holders, service providers have until October 31, 2026, to obtain the requisite self-certification. Providers must make two requests. Users failing to respond by year-end will face account suspension commencing January 1, 2027.
V. Reportable Retail Payment Transactions
The draft legislation introduces the concept of a “reportable retail payment transaction,” defined as a transfer of crypto-assets in exchange for goods or services exceeding the equivalent of USD 50,000.
Where a user purchases an automobile, real property, or vessel through a regulated intermediary using crypto-assets, the transaction will be reported, with the provider identifying both vendor and purchaser.
The legislative explanatory memorandum is explicit regarding the underlying rationale: “It is anticipated that information obtained in this manner will enable tax administrations to gather data regarding instances of reportable crypto-assets being utilized for the acquisition of goods and services.”
VI. Exclusions from the Reporting Framework
Not all digital assets fall within the new requirements. The draft legislation excludes:
Central Bank Digital Currencies (CBDCs). These are, by definition, transparent to the issuing sovereign.
Electronic Money. Products constituting digital representations of fiat currency, redeemable at par value, are already subject to CRS.
Closed-Loop Crypto-Assets. Utility tokens, loyalty points, and certain in-game assets that are demonstrably incapable of utilization for payment or investment purposes outside a limited ecosystem fall outside the reporting perimeter.
Notably, the burden of proof rests with the service provider. In cases of doubt, the crypto-asset is treated as reportable.
VII. Sanctions Regime
The draft legislation establishes a dual-track sanctions framework for non-compliant service providers.
A. Administrative Penalties
Administrative sanctions attach to: failure to transmit user information; failure to apply due diligence procedures; failure to register as a crypto-asset operator; and failure to remedy deficiencies identified through supervisory examination.
B. Fiscal Criminal Liability
Persons acting on behalf of non-compliant providers face fines of up to 180 daily rates under the Fiscal Penal Code.
Additionally, re-registration of an operator whose identification number has been revoked requires submission of a guarantee deposit ranging from PLN 100,000 to PLN 1,000,000.
VIII. Implementation Timeline
| Date | Milestone |
|---|---|
| Entry into force | 14 days following publication; providers commence collection of self-certifications and transactional data |
| March 31, 2026 | Registration deadline for crypto-asset operators |
| October 31, 2026 | Deadline for obtaining self-certifications from existing users |
| December 31, 2026 | Account suspension for users who have not submitted self-certifications |
| June 30, 2027 | First transmission of crypto-asset user information for reporting year 2026 |
| September 30, 2027 | Automatic exchange of data between jurisdictions |
Pursuant to Article 13 of the draft legislation, the Act enters into force “14 days following the date of publication.” Having been adopted by the Council of Ministers on December 17, 2025, the precise effective date will depend upon the pace of the legislative process.
IX. Practical Implications: Four Illustrative Scenarios
Scenario One: Regulated Exchange Users. User data will be transmitted to Polish tax authorities—encompassing purchase volumes, sale volumes, prices, balances, and withdrawal destinations. The geographic location of the exchange within the Union is immaterial.
Scenario Two: Self-Custody Transfers. Withdrawals to personal wallets have been or will be reported. The fiscal authorities will be aware that assets have been removed from the regulated ecosystem. Upon any subsequent monetization, the user must demonstrate acquisition basis.
Scenario Three: Peer-to-Peer and DEX Transactions. Peer-to-peer transactions and decentralized exchanges lacking a control element remain outside direct reporting requirements. However, any conversion to fiat currency through a regulated entity will be reported, and receiving banks will inquire as to the source of funds.
Scenario Four: Historical Non-Compliance. Taxpayers who realized gains from crypto-assets in prior years without proper tax treatment should anticipate that, commencing in 2027, tax authorities will begin receiving systematic data. The voluntary disclosure mechanism permits pre-emptive correction of past liabilities before formal proceedings are initiated.
X. Global Context: The Tightening Network
DAC8 represents the European implementation of CARF—an international standard developed by the OECD. Poland, however, does not act in isolation but rather as a constituent of a global coalition systematically eliminating the remaining bastions of crypto-asset anonymity.
A. Sixty-Seven Jurisdictions, One Objective
In November 2024, Poland executed the multilateral CARF Competent Authority Agreement. By year-end 2025, sixty-seven jurisdictions had undertaken corresponding commitments—including traditional “safe harbors” for crypto-assets:
- Switzerland — the legendary bastion of banking secrecy, with full CARF implementation from 2027
- Singapore — Asia’s wealth management center, commencing data exchange in 2027
- Cayman Islands — the archetypal tax haven, achieving full CRS 2.0 and CARF compliance
- United Arab Emirates — maintaining zero income taxation while achieving full transparency from 2027
- Hong Kong — completing CARF consultations in December 2025
B. Remaining Non-Participating Jurisdictions
Certain jurisdictions have not acceded to CARF—including the Philippines, Vietnam, and Argentina. In practical terms, however, relocating assets to such jurisdictions generates more complications than solutions.
First, transfers from such “black holes” back to Poland trigger AML flags within the STIR system—Poland’s bank transaction monitoring infrastructure. Transfers exceeding EUR 15,000 from high-risk jurisdictions constitute a near-certain audit trigger.
Second, these jurisdictions lack financial infrastructure comparable to regulated exchanges. Liquidity is constrained, and operational risk is elevated.
C. J5: Global Enforcement Cooperation
Operating in parallel with CARF is J5—the Joint Chiefs of Global Tax Enforcement—a coalition comprising the United States, United Kingdom, Australia, Canada, and the Netherlands. These jurisdictions actively share data and analytical tools (including AI systems such as Palantir) to identify tax avoidance patterns.
Where a Polish resident utilizes an exchange within a J5 jurisdiction, relevant data is accessible to Polish fiscal authorities under existing information exchange agreements—without awaiting full CARF implementation.
XI. The Evolution of Avoidance Methodologies and Regulatory Responses
The OECD’s 2025 report documents how avoidance methodologies have evolved in response to increasing transparency:
Chain Hopping and Cross-Chain Bridges. Rather than relying on individual privacy coins (such as Monero, now delisted from most regulated exchanges), sophisticated actors employ inter-blockchain bridges to fragment transaction trails. In the first half of 2025, bridges processed over USD 22 billion in suspicious volume.
NFT Wash Trading. This technique involves artificial generation of tax losses through NFT sales to self-controlled wallets at depressed valuations. Approximately 94.5% of volume on certain non-compliant NFT platforms in 2025 was flagged as wash trading. The IRS and J5 have developed specialized detection algorithms.
DeFi Yield Stripping. Taxpayers report initial capital contributions to liquidity pools while “forgetting” staking rewards or yield farming returns. While 74% of DeFi platforms remain non-KYC/AML compliant, forensic accounting tools can now index smart contract interactions and identify wallets receiving rewards.
XII. Poland-Specific Considerations: Precedents and Pitfalls
Polish jurisprudence from 2024-2025 has established several critical principles:
Family Foundations Provide No Shield for Crypto-Assets. The Director of the National Tax Information has confirmed in 2024/2025 interpretations that crypto-asset trading does not qualify for the 0% CIT rate available for other capital gains within family foundations. Such activity is classified as “other business activity” and fully taxable.
Mining Expenses Constitute Indirect Costs. The Supreme Administrative Court, in its judgment of June 18, 2025, held that expenditures on equipment and electricity for crypto-asset mining constitute indirect costs—they cannot be directly deducted as costs of obtaining revenue from the sale of mined crypto-assets.
STIR Monitors Large Transfers. The National Revenue Administration automatically monitors bank transfers exceeding EUR 15,000 and cross-references them against declared income. Large fiat off-ramps—withdrawals from exchanges to banks—represent the primary trigger for crypto-asset audits.
XIII. Recommended Course of Action
First, organize documentation. Compile evidence of crypto-asset acquisition—dates, prices, and sources. This documentation will be essential for calculating taxable dispositions.
Second, prepare for self-certification. From 2026, every exchange will request a tax residency declaration. Consider carefully your tax obligations in Poland and any other relevant jurisdictions.
Third, evaluate voluntary disclosure. For those with unresolved historical liabilities, decisions must be made promptly. Voluntary disclosure prior to the initiation of proceedings substantially mitigates liability exposure.
Fourth, engage professional counsel. The new regulatory framework is complex, and the consequences of non-compliance are severe. Professional guidance may prove invaluable.
Conclusion
The draft legislation adopted by the Council of Ministers does not represent evolutionary change—it constitutes a fundamental transformation in the transparency regime governing Poland’s crypto-asset market. A system that for a decade permitted relative anonymity in crypto-asset transactions is being replaced by comprehensive transparency comparable to traditional banking.
For those who have properly reported crypto-asset investments, little changes substantively—beyond additional administrative burden associated with self-certification requirements. For those who anticipated continued anonymity, a strategic reassessment is now imperative.
Kancelaria Prawna Skarbiec provides comprehensive advisory services regarding crypto-asset taxation, CARF/DAC8 compliance, assistance with voluntary disclosure of tax liabilities, and structuring of crypto-asset investments in accordance with applicable law.
Founder and Managing Partner of Skarbiec Law Firm, recognized by Dziennik Gazeta Prawna as one of the best tax advisory firms in Poland (2023, 2024). Legal advisor with 19 years of experience, serving Forbes-listed entrepreneurs and innovative start-ups. One of the most frequently quoted experts on commercial and tax law in the Polish media, regularly publishing in Rzeczpospolita, Gazeta Wyborcza, and Dziennik Gazeta Prawna. Author of the publication “AI Decoding Satoshi Nakamoto. Artificial Intelligence on the Trail of Bitcoin’s Creator” and co-author of the award-winning book “Bezpieczeństwo współczesnej firmy” (Security of a Modern Company). LinkedIn profile: 18 500 followers, 4 million views per year. Awards: 4-time winner of the European Medal, Golden Statuette of the Polish Business Leader, title of “International Tax Planning Law Firm of the Year in Poland.” He specializes in strategic legal consulting, tax planning, and crisis management for business.
