CRYPTO-ASSETS IN ITALY: THE TAX TRANSPARENCY PHASE BEGINS WITH DAC8 AND CARF REPORTING

team vallettaAlessandro Foti, Publications, Tax

The Italian crypto market is entering a new phase. While some operators are still adjusting their business models to the authorisation requirements introduced under MiCA, the tax side of the regulatory framework is also becoming operational. This is not a marginal development. The measure issued by the Italian Revenue Agency on 22 June 2026 [1]gives practical effect, in Italy, to the reporting architecture introduced by Legislative Decree No. 194 of 10 December 2025, which implemented Council Directive (EU) 2023/2226, commonly referred to as DAC8. It also connects the Italian system to the OECD Crypto-Asset Reporting Framework, or CARF. The result is a clear shift. Crypto-assets will no longer be monitored only through the tax returns of individual taxpayers or through anti-money laundering controls. They will increasingly become part of a structured, recurring and internationally exchangeable reporting system. For taxpayers, intermediaries and advisers, this marks the point at which crypto-assets begin to resemble foreign financial accounts under the Common Reporting Standard: information is collected by reporting operators, transmitted to tax authorities and exchanged across borders.

The broader regulatory context

The timing is significant. MiCA has changed the regulatory perimeter for crypto-asset service providers operating in the European Union. In parallel, DAC8 and CARF address a different but closely connected concern: tax transparency. MiCA is primarily concerned with authorisation, supervision, investor protection and market integrity. DAC8 and CARF, by contrast, are designed to ensure that tax administrations receive information on crypto-asset users and relevant transactions. The two frameworks are not identical, but they point in the same direction. Crypto-assets are being absorbed into the ordinary infrastructure of regulated finance. The market is moving away from a phase in which crypto could be treated as a separate or opaque asset class and towards a framework in which service providers are subject to both regulatory and tax reporting obligations. The recent communications reportedly sent by Binance to Italian users, warning that Binance Italy would no longer be able to open new accounts or provide regulated cryptoasset services in Italy from 1 July 2026 pending MiCA authorisation, provide a practical illustration of this transition. At the same time, the Italian tax authorities have now put in place the operational rules for crypto-asset reporting. The message is straightforward: the compliance environment for crypto-assets is no longer theoretical.

The Italian Revenue Agency measure of 22 June 2026

The measure of 22 June 2026 sets out the implementing rules for the communication of information by reporting crypto-asset service providers. It governs, in particular:
  • the persons required to report;
  • the annual notification mechanism for providers that report in another Member State or qualifying non-EU jurisdiction;
  • the single registration procedure for certain crypto-asset operators;
  • the content and timing of the communication;
  • the technical transmission procedure;
  • the issuance of receipts and rejection notices;
  • the exchange of information with foreign tax authorities; and
  • the office responsible for certain registration-related controls.
The measure therefore does not merely restate the legislative framework. It provides the practical machinery through which the system will operate.
 

Who is required to report?

The reporting obligation applies to the crypto-asset service providers identified under Article 7 of Legislative Decree No. 194/2025. In simplified terms, the rules are aimed at providers that are relevant for Italian reporting purposes, including those authorised or otherwise required to report in Italy under the criteria set out in the legislative decree. The measure also recognises the possibility of avoiding duplicate reporting. Providers that satisfy equivalent due diligence and reporting obligations in another EU Member State or in a qualifying non-EU jurisdiction may be exempted from reporting to the Italian Revenue Agency, provided that they submit the required notification. This exemption is not automatic in practical terms. The provider must notify the Italian Revenue Agency annually, within the deadline for filing the communication, that it fulfils equivalent reporting and due diligence obligations elsewhere. The notification must include identifying data, any Italian tax code where available, foreign tax identification numbers where relevant, and an indication of the jurisdiction in which equivalent obligations are performed. This mechanism is important for cross-border groups and platforms operating across several jurisdictions. It confirms that the Italian framework is designed to integrate with the wider DAC8 and CARF architecture, but it also requires careful monitoring of the jurisdiction in which the reporting obligation is actually discharged.

Registration obligations for CAOs

The measure also addresses the position of CAOs, namely crypto-asset operators identified under Article 7 of Legislative Decree No. 194/2025. Non-resident CAOs that do not already have access credentials for the Italian Revenue Agency’s electronic services must request them online through the Revenue Agency’s website. The procedure is made available in English and is handled through the dedicated DAC8 registration functionality. Once registered, the CAO receives an individual identification number, or IIN. The registration data are then communicated by the Italian Revenue Agency to the secure central register established at EU level. The registration procedure requires the communication of several items of information, including the operator’s name or corporate name, postal address, electronic address, websites, Italian tax code where available, other tax identification numbers, the Member States in which reportable users are resident, and any relevant qualifying non-EU jurisdiction. The rules also deal with amendments, transfers of registration to another Member State and cancellation from the register. This is relevant because crypto-asset operators often change their operating structure or regulatory footprint across jurisdictions. The Italian framework therefore does not treat registration as a static event, but as an ongoing compliance status.

 

What information must be reported?

The reporting communication must include identifying information on the reporting provider and the information required under Article 13 of Legislative Decree No. 194/2025. In practical terms, the system is designed to capture data on reportable crypto-asset users, their tax residence, tax identification number and, for entities, relevant controlling persons. It also covers information relating to crypto-asset transactions. This is the core policy development. The focus is not limited to whether an Italian resident taxpayer has declared a crypto-asset position in his or her tax return. The framework introduces a third-party reporting channel, under which data are collected and transmitted by the service provider. The reporting perimeter is therefore potentially broad. It covers information that can allow tax authorities to connect users, tax residence and transactions. It also brings cryptoassets closer to the reporting logic already familiar from financial account reporting. For taxpayers, this means that inconsistencies between tax returns and data reported by crypto-asset service providers may become easier to identify. For providers, it means that onboarding, due diligence, tax residence collection and transaction data classification will become key compliance processes.

 

Timing: first reporting by 30 June 2027

The calendar is now clear. The first information must be communicated by 30 June 2027. This first filing will relate to the 2026 reporting period. Thereafter, the annual deadline will remain 30 June of the calendar year following the year to which the communication relates. Communications submitted after the deadline are considered late. The measure also provides for the possibility of making a new submission within 30 days of the ordinary deadline, including following a rejection notice. Where a file is rejected, the provider must submit again all positions to be reported. This is a practical point that should not be underestimated. The filing is not merely a formality. Providers will need to ensure that their data extraction, validation, XML preparation and transmission procedures are in place well before the deadline. The Revenue Agency will make available a receipt confirming the outcome of the submission. The receipt may indicate either acceptance or rejection. Unless force majeure applies, the receipt should be made available within five working days following the protocol date of the file.

Transmission procedure

The communication must be transmitted through the Italian Revenue Agency’s electronic channels, namely Entratel or Fisconline, either directly or through authorised intermediaries. The files must be prepared in XML format according to the technical specifications attached to the measure. The Revenue Agency may update the technical annexes through publication on its website if changes are needed to improve the compilation or transmission process. This creates a compliance requirement that is both legal and technological. Reporting providers will need to connect legal classification, tax due diligence, customer data, transaction systems and technical reporting formats. In practice, the most delicate issues are likely to arise not only from the transmission itself, but from the quality of the underlying data. Providers will need to ensure that tax residence information, tax identification numbers, entity classifications and controlling person data are collected and maintained in a manner consistent with the reporting standard.

Exchange of information by 30 September

The information collected by the Italian Revenue Agency will be exchanged with the competent authorities of the Member States and relevant jurisdictions of residence of the reportable users. The first exchange of information will take place by 30 September 2027. Thereafter, the exchange will take place by 30 September of the year following the year to which the reported information relates. This is the step that gives the regime its real force. The system is not purely domestic. It is designed to feed into a cross-border network of automatic exchange of information. For Italian resident taxpayers using foreign platforms, this may mean that information collected abroad will reach the Italian tax authorities through the DAC8/CARF exchange mechanism. Conversely, information collected in Italy may be sent to foreign tax authorities where the reportable user is tax resident elsewhere. This mirrors the evolution already seen in the field of foreign bank accounts. Once a multilateral information network becomes operational, tax compliance moves from a selfreporting model to a data-driven model.

The role of the Centro Operativo di Pescara

The measure identifies the Centro Operativo di Pescara, or COP, as the office responsible for certain control activities relating to registration and communication obligations of CAOs. The COP is competent, among other things, for the issuance of cancellation measures and for the management of disputes concerning acts issued in the exercise of those activities. The measure also provides for a specific escalation mechanism where a registered CAO fails to submit the required communication. Within 30 days from the ordinary deadline, the COP identifies registered CAOs that have not submitted the communication and invites them to comply within 60 days. If they still fail to comply, a second reminder is sent, granting a further 30 days. If the CAO remains non-compliant, the COP proceeds with revocation of the registration. This shows that the regime is not limited to data collection. It includes an administrative control mechanism designed to ensure that registered operators actually comply with their reporting obligations.

Data protection

The measure also addresses the processing of personal data. The Italian Revenue Agency is identified as the data controller for the personal data contained in the notifications, registrations and communications. The processing is carried out for the performance of tasks in the public interest, the exercise of public authority and the implementation of obligations deriving from DAC8 and the domestic implementing legislation. The measure also refers to the involvement of Sogei S.p.A. as technological partner and processor and confirms that a data protection impact assessment has been carried out. This aspect is relevant because DAC8 and CARF reporting necessarily involves significant volumes of personal and financial data. The regime therefore requires a balance between tax transparency and data protection safeguards.

Practical implications for providers

For reporting crypto-asset service providers, the new framework will require a structured compliance project. Key workstreams should include:

  • identifying whether the provider falls within the Italian reporting perimeter;
  • assessing whether reporting will be made in Italy or in another Member State or qualifying non-EU jurisdiction;
  • managing any annual notification to the Italian Revenue Agency;
  • obtaining access to the Revenue Agency’s electronic services where needed;
  • completing the single registration procedure where applicable;
  • reviewing onboarding and tax residence self-certification processes;
  • collecting and validating tax identification numbers;
  • identifying entity users and controlling persons;
  • mapping reportable crypto-asset transactions;
  • preparing XML reporting files in accordance with the Italian technical specifications; and
  • establishing internal procedures for receipts, rejections, corrections and late submissions.

Providers should also consider governance. DAC8/CARF reporting is not simply an IT exercise. It requires coordination between legal, tax, compliance, operations and technology teams.

Practical implications for taxpayers

For taxpayers, the main implication is that crypto-asset information will increasingly be available to tax authorities through third-party reporting and international exchange. Italian resident individuals and entities should therefore review the consistency of their tax positions, including:

  • reporting of crypto-assets for Italian tax monitoring purposes;
  • taxation of capital gains and other income connected with crypto-assets;
  • valuation methods and supporting documentation;
  • historic positions in years of uncertainty;
  • transfers between exchanges and self-custody wallets;
  • records of acquisitions, disposals and exchanges; and
  • alignment between declared positions and information held by service providers.

The new reporting framework does not itself create the substantive tax rules for cryptoassets. Those rules are found elsewhere in Italian tax legislation. However, the reporting framework changes the enforcement environment. Data availability increases, and so does the likelihood that undeclared or inconsistent positions may be identified.

Conclusion

The Italian Revenue Agency’s measure of 22 June 2026 is an important step in the normalisation of crypto-assets within the tax system. The first reporting deadline, 30 June 2027, may appear distant. In practice, however, the 2026 reporting period is already the first period to be captured. Providers need to prepare their systems and procedures now. Taxpayers should also assume that the era of limited visibility is coming to an end. After MiCA, DAC8 and CARF complete another part of the picture. Crypto-assets are no longer outside the ordinary tax transparency framework. They are becoming part of it.

Download the article.