Global CARF
CARF reporting requirements
Reportable providers, users, transactions and data under the OECD Crypto-Asset Reporting Framework.
Updated
Short answer
CARF requires reporting crypto-asset service providers to collect due-diligence information about reportable users and report covered crypto-asset transactions to their domestic tax authority. Tax authorities can then exchange the information with participating jurisdictions where the user is tax resident.
CARF does not stop at flagging the existence of a crypto account. It organises the structured collection of information about users, their tax residence and their transactions.
CARF is the global reporting model. DAC8 is the European Union legal implementation path for a similar crypto tax reporting architecture.
Key facts
| Question | Answer |
|---|---|
| Who reports? | Reporting crypto-asset service providers under the implementing jurisdiction’s rules |
| Who is reportable? | Users whose tax residence or status makes them reportable under CARF |
| What is reported? | Identity (name, address, date of birth), tax residence, TINs, crypto-asset types, values, units, transactions and transfers |
| Where does data go? | Provider to domestic tax authority, then to partner tax authorities where relevant |
| Why it matters | CARF turns crypto reporting into a global automatic exchange network |
Transactions
CARF can cover exchanges between crypto-assets and fiat currency, exchanges between crypto-assets, transfers of crypto-assets and certain retail payment transactions.
Providers
The reporting duty falls on service providers that effectuate reportable transactions. The exact domestic implementation may vary, but the core model is that providers become the first collection point for tax-residency and transaction data.
Data collected
Reporting providers must collect information that identifies the user and their tax residence. Depending on the case, this can include the name, address, date of birth, tax residence and taxpayer identification number. These identification data determine which tax administrations will receive the information.
Reported data can also include the transaction type, crypto-asset type, number of units, total value, acquisitions, disposals and transfers.
Transfers and wallets
Transfers are particularly sensitive because they can link a user to on-chain activity. Even when the standard seeks to aggregate certain information, reporting can create correlation points between identity, flows and economic value.
Why this data is different
A banking data point is generally locked inside a closed system. A blockchain address or transfer can open onto a public history or an analysable transaction graph.
The CARF risk therefore comes from the combination: civil identity, tax residence, crypto activity, economic value and international sharing.
Exchange between authorities
CARF is not merely a domestic reporting rule. Its purpose is cross-border automatic exchange. A provider reports locally, and the local authority exchanges information with other participating jurisdictions when the user is reportable there.
That is why the CARF countries list matters: each additional participating jurisdiction expands the potential reporting network.
Risk
The global nature of CARF creates the same core risk as DAC8: sensitive crypto data moves across administrative networks and becomes harder for users to control.
Bull Bitcoin position
Bull Bitcoin opposes CARF for the same reason it opposes DAC8: mass automatic reporting creates a global crypto-data honeypot. International cooperation should exist, but it should be targeted and justified instead of normalising default surveillance of ordinary users.