So far, crypto has always moved faster than regulation. From Bitcoin’s early days to today’s world of DeFi protocols and tokenised assets, innovation has never waited for compliance frameworks to catch up. But the freedom and borderless nature of crypto created a serious gap: tax authorities had very little visibility into what was really happening. People could move large amounts of value across wallets and jurisdictions without involvement of traditional financial intermediaries, and without any consistent reporting to tax administrations.

That gap became too big to ignore. It is now closing with the introduction of the Crypto-Asset Reporting Framework (CARF), aimed at bringing virtual assets into the same reporting system that already applies to financial institutions under the Common Reporting Standard (CRS).

What Is the Crypto-Asset Reporting Framework (CARF)?

CARF is a global tax transparency framework that requires crypto-asset service providers to collect, verify and report tax-relevant data on their users and transactions, which tax authorities then share across borders and between jurisdictions.

Under CARF, businesses are required to report transactions involving crypto assets that have payment or investment potential. This includes activity related to decentralised cryptocurrencies, stablecoins, tokenised financial instruments, and certain NFTs. Crypto asset service providers will be subject to obligations similar to those imposed on traditional financial institutions pursuant to the CRS framework.

In addition, jurisdictions implementing CARF will exchange the reported information with one another, thereby strengthening cross-border oversight and enhancing overall transparency. In this article, we will focus on the practical implications of these requirements for businesses and projects.

Developed by the Organisation for Economic Co-operation and Development (OECD), CARF fits into the broader landscape of international tax reporting alongside the CRS and Directive on Administrative Cooperation (DAC8). While CRS establishes the global standard for reporting traditional financial accounts, CARF extends this approach to crypto assets. DAC8 represents the European Union’s implementation of CARF and updated CRS rules, embedding these global standards into EU law and ensuring consistent reporting across member states. Together, these frameworks provide a coherent, cross-border system for tax transparency, covering both traditional financial assets and crypto.

CARF is not merely a guideline but a comprehensive, standardised system for the automatic exchange of tax information on virtual assets. It marks a pivotal moment, integrating the virtual asset ecosystem into the global tax transparency landscape. For crypto projects and platforms, it is a turning point: tax reporting and compliance is becoming part of the global norm – not an optional extra.

Global Adoption and Timeline

As of November 2025, around 70 jurisdictions (including the EU, UK, US, Canada, Japan, most offshore jurisdictions, and many others) have committed to adopting CARF. Some others are still assessing timelines, but the direction is clear: global adoption is coming. The first international data exchanges under CARF are expected to occur in 2027, based on transaction data from the 2026 calendar year.

Who Counts as a Reporting Crypto-Asset Service Provider (CASP)?

CARF introduces the concept of a Reporting Crypto-Asset Service Provider (reporting CASP). In essence, a CASP – is a business that facilitates crypto asset transactions for customers, either as a counterparty or as an intermediary. The term “business” excludes individuals or entities that provide such services only on a very infrequent basis and for non-commercial reasons.

An entity will be classified as a reporting CASP if it is tax resident, incorporated, managed from, or has a business presence in a jurisdiction that implements CARF, and it provides crypto asset services to customers.

In-Scope Reporting CASPs: Exchanges, Brokers, Dealers and Platforms

Examples of reporting CASPs:

• Crypto exchanges;
• Dealers acting for their own account to buy and sell crypto assets to customers;
• Crypto brokers that act on behalf of clients to execute orders to buy or sell interests in crypto assets;
• Payment processors or crypto ATMs;
• Individuals or entities that subscribe to one or more crypto assets, meaning persons who purchase such assets directly from an issuer for resale or distribution to customers;
• Trading platforms, defined as any software program or application that allows users to carry out, in whole or in part, exchange transactions.

Out of Scope Activities

Certain activities are explicitly excluded from the scope of CARF, either because they do not involve intermediation or because no service provider is engaged in the transaction. The following examples illustrate situations where an individual or entity would not be treated as a reporting CASP.

An individual or entity that merely provides a platform with bulletin-board functionality for posting buy, sell, or conversion prices of crypto assets (e.g., CoinMarketCap, CoinGecko, or similar platforms), or that solely creates or sells software or an application, would not be considered a reporting CASP.

A purely self-custody wallet, where there is no involvement of a service provider, also falls outside the scope of CARF.

The mere creation and issuance of crypto assets is not regarded as acting as a counterparty or intermediary in a reportable transaction, and therefore the issuer is not a reporting CASP. Persons who directly subscribe for such tokens from the issuer without an intention to resell or distribute them to customers also fall outside the scope.

Which Crypto Assets Are Reportable Under CARF?

In-Scope Assets: Cryptocurrencies, Stablecoins, Tokenised Securities and Some NFTs

Not every digital token falls under CARF. The framework targets crypto assets that can be held or transferred in a decentralised manner – meaning those that do not require traditional regulated intermediaries (like banks or brokers) to validate transactions – and have transferability and investment potential, including:

• crypto assets such as Bitcoin and Ether;
• stablecoins, provided they operate on distributed ledger technology (e.g. USDT, USDC);
• tokenised financial instruments or derivatives issued in crypto form; and
• NFTs, if they function as payment or investment assets.

Out-of-Scope Assets: CBDCs, Certain E-Money and Purely Collectible NFTs

The following types of crypto assets are not subject to CARF reporting:

• Central Bank Digital Currencies (CBDCs);
• certain electronic money products that represent a fiat claim and are redeemable on a one-to-one basis;
• crypto assets that cannot be used for payment or investment purposes, for example, crypto assets that cannot be transferred or exchanged in a secondary market outside a closed-loop system, and cannot be sold or exchanged at market value inside or outside that system; and
• NFTs that represent purely collectible digital art or are usable only within a specific game or platform. However, it is worth noting that NFTs may still fall under reporting obligations within traditional regulatory frameworks applicable to works of art or other high-value assets.

What Transactions Are Reportable?

CARF divides reportable crypto activity into three categories:

1. Exchange Transactions: This covers both crypto-to-fiat and crypto-to-crypto trades. For example, swapping Ethereum for USDT on a crypto exchange is a reportable event.
2. Transfers: This includes any movement of crypto assets between accounts or wallets. Transfers to wallets not associated with a virtual asset service provider or financial institution must also be reported. This is a critical provision aimed at tracking the movement of assets off the "visible" grid.
3. Retail Payment Transactions: This involves using crypto to pay for goods or services. When a reporting CASP transfers crypto-assets from a customer to a merchant as payment, such transfers are reportable if they exceed the specified threshold of $50,000, which is intended to reduce the administrative burden of small, everyday purchases.

These categories are intentionally broad, covering most ways people use crypto in practice.

Core CARF Obligations for Crypto Businesses

At its heart, CARF operates on a simple but powerful mechanism: collect, report, and exchange. If your project or platform qualifies as a Reporting Crypto-Asset Service Provider, you’ll have several key obligations:

Customer Due Diligence (KYC)

Reporting CASPs are obligated to gather detailed information about their users and their transactions, and collect a self-certification from each customer to determine their tax residence. This includes verifying:

• Full legal name;
• Residential address;
• Jurisdiction(s) of tax residence;
• Tax Identification Number (TIN) for each relevant jurisdiction;
• Date of birth (for individuals);
• Entity’s controlling persons details (for companies).

Transaction Monitoring and Record-Keeping

Reporting CASPs must monitor and record all reportable transactions. For each type of relevant crypto asset involved in transactions during a given reporting period, you must collect the following details:

• name and type of crypto asset;
• total amount (for fiat currency transactions) or total fair market value (for crypto asset transactions);
• number of units involved;
• number of transactions;
• applicable transaction fees.

This can be quite demanding, especially when the transaction volume is high. All data should therefore be collected and stored automatically to ensure accurate and timely reporting, which can be challenging and may require adapting your internal systems in advance.

Annual Reporting

Once a year, reporting CASPs must compile this information into the OECD’s prescribed XML reporting schema and submit it to their domestic tax authority. The report must include specified data on all relevant transactions categorised by transaction type and asset. The domestic tax authority will then automatically exchange this information with jurisdictions where users are tax resident. The first international data exchanges under CARF are expected to occur in 2027, based on transaction data from the 2026 calendar year.

If a reporting CASP does not collect the required user due diligence data or fails to submit the necessary reports, it may be subject to penalties determined independently by each country.

CARF Readiness Checklist for Projects

CARF is rolling out, and preparation time is limited. Projects that start early will save costs and reduce risks later. With data collection beginning in 2026 and reporting commencing in 2027, businesses and projects have far less time than it may appear. Here’s how to get ready:

1. Gap Analysis: Conduct a thorough review of your business and services. Are you located in any of the jurisdictions listed here and facilitate exchanges, transfers, or payments involving crypto assets? If yes, you are likely reporting CASP.
2. Technology Audit: Can your current systems capture, store, and report the required data? Plan for necessary upgrades now.
3. Update Onboarding and KYC Processes: Start collecting customer due diligence data now. It’s easier to gather data progressively than to rebuild your user base later.
4. Get Legal and Tax Advice: Consult professionals who understand OECD tax reporting standards and crypto asset regulation in your jurisdiction. CARF compliance requires knowing where your project fits within the framework and what obligations apply. At Aurum, we help crypto projects assess whether CARF applies to their activities, map potential reporting requirements, and design the compliance process.
5. Communicate With Your Community: Inform your users that new reporting rules are coming. Transparency builds trust and helps manage expectations when you start collecting additional information and send reports to your tax authority.
6. Product Documentation Review: Update your privacy policy to clearly reflect new data collection and reporting practices under CARF. If you need support aligning your documentation, Aurum can assist in updating your policies and procedures to ensure full compliance.
7. Monitor Regulatory Updates: The OECD continues to refine implementation details. National governments are issuing their own versions of CARF laws, timelines, and penalties. Staying updated is crucial – the rules will evolve as the crypto landscape evolves.

CARF as a Strategic Shift for Crypto: From Experimentation to Integration

The introduction of CARF represents a defining moment in the evolution of digital asset regulation. For years, crypto operated in a largely opaque space, allowing users to transact freely across borders without the same reporting obligations faced by traditional financial institutions. CARF changes that paradigm by embedding crypto within the global tax transparency infrastructure. It signals that digital assets are no longer outside the system but part of a mature, regulated financial environment where accountability and traceability are the new norms.

For crypto businesses, this shift is not merely a compliance exercise – it is a strategic adaptation to a changing world. CARF compliance means redesigning onboarding flows, data architecture and reporting processes so that tax transparency, KYC and audit-ready records are built into the product, not bolted on later. Projects that prepare early can avoid penalties, reduce operational disruption and signal to users, counterparties and regulators that they are credible, long-term players in an increasingly regulated market.

Ultimately, CARF is part of crypto’s evolution from experimentation to integration – a move from the margins into a mature, rules-based environment where responsible innovation and regulatory cooperation go hand in hand. For founders and teams, the question is no longer whether these rules will apply, but how to implement them in a way that protects your community and supports your growth. At Aurum, we help crypto projects and Web3 organisations map how CARF, DAC8 and related rules apply to their specific structures, design practical reporting processes, and update documentation so they can navigate this new era of transparent digital finance with confidence.