Centralized cryptocurrency exchanges are among the most clearly defined Reporting Crypto-Asset Service Providers (RCASPs) under the DAC8 directive. As entities that facilitate the buying, selling, and trading of crypto-assets on behalf of users, exchanges should expect to carry significant reporting responsibilities once DAC8 obligations take effect on 1 January 2026.

Why Exchanges Are Squarely in Scope

Centralized exchanges typically act as intermediaries between buyers and sellers. They hold user funds, execute transactions, and maintain order books. This intermediary role places them firmly within DAC8's definition of a Reporting Crypto-Asset Service Provider. Exchanges that are licensed or operating within the EU — including under MiCA — should anticipate that DAC8 reporting will be a core compliance obligation.

Transaction Types That Typically Require Reporting

Exchanges process a wide variety of transaction types, and DAC8 reporting should cover several categories:

  • Exchange transactions: Crypto-to-fiat and crypto-to-crypto trades executed on the platform. These are likely the most straightforward reportable events, as the exchange has full visibility into both sides of the trade.
  • Transfers to external wallets: When a user withdraws crypto-assets to an external address, this may need to be reported, particularly the aggregate value of outgoing transfers.
  • Deposits from external sources: Incoming crypto-asset transfers to a user's exchange account may also fall within reporting scope.
  • Fiat withdrawals and deposits: While fiat transactions are covered by other frameworks, the interaction between fiat and crypto on an exchange platform is relevant for DAC8 aggregate calculations.

Exchanges should carefully map each transaction type against the specific data fields required by DAC8 to ensure nothing is overlooked.

Volume Considerations and Aggregation

Large exchanges may process millions of transactions per day. DAC8 reporting typically requires aggregation of transaction data on a per-user, per-crypto-asset basis for each calendar year. This means exchanges should be prepared to:

  • Aggregate gross proceeds from disposals (sales, swaps) for each user and each type of crypto-asset.
  • Calculate the number of transaction units associated with each reportable crypto-asset.
  • Track fair market values at the time of each transaction, which may require robust pricing infrastructure.

For high-volume exchanges, the data processing requirements can be substantial. Investing in automated reporting pipelines is generally advisable rather than relying on manual aggregation.

User Data and Due Diligence Challenges

One of the most significant challenges for exchanges relates to user identification and due diligence. DAC8 requires that RCASPs collect and verify specific information about their Reportable Users, including:

  • Full legal name
  • Date of birth
  • Country of residence
  • Tax Identification Number (TIN)
  • Address

Many exchanges already collect some of this data as part of KYC/AML procedures. However, DAC8 due diligence requirements may go beyond what exchanges currently gather. For example, obtaining valid TINs for all users across multiple jurisdictions can be challenging, particularly for legacy accounts that were opened before more stringent verification requirements were in place.

Exchanges should consider conducting a gap analysis between their current KYC data and DAC8's due diligence requirements. Remediation campaigns to collect missing TINs or verify outdated information may need to begin well in advance of the reporting deadline.

Multi-Jurisdictional Complexity

Exchanges operating across multiple EU Member States face additional considerations. Under DAC8, an exchange should generally be able to register in a single Member State and report to that state's competent authority, which then shares the information with other relevant jurisdictions. However, exchanges should verify how each Member State implements DAC8 into domestic law, as there may be variations in deadlines, data formats, or supplementary requirements.

Practical Steps for Exchange Compliance

Exchanges preparing for DAC8 should consider the following steps:

  1. Classify all transaction types and determine which fall within reporting scope.
  2. Audit existing user data against DAC8 due diligence requirements.
  3. Build or procure reporting infrastructure capable of aggregating data across high transaction volumes.
  4. Establish data retention policies that align with DAC8's record-keeping requirements.
  5. Monitor Member State transposition to stay informed of any jurisdiction-specific requirements.

Conclusion

Centralized exchanges are at the core of DAC8's reporting framework. Given the volume of transactions and the breadth of user bases that exchanges typically manage, early preparation is essential. Exchanges that proactively address data quality, transaction classification, and reporting infrastructure should be better positioned to meet their obligations when reporting deadlines arrive.

This article provides general information about DAC8 and should not be treated as legal or tax advice. Exchanges should consult qualified advisors for guidance specific to their circumstances.

Need help with DAC8 reporting?

Our team handles XML generation, TIN validation, and submission for CASPs across all 27 EU Member States.

Get Expert Help