Policy Effects
DAC8, MiCA and DORA
Why DAC8 creates tension with Europe's goal of building a regulated, safe and resilient crypto market.
Updated
The European Union built MiCA to draw crypto-assets into a regulated market and DORA to strengthen operational resilience in the financial sector. DAC8 sits uneasily beside those objectives when it makes regulated channels feel more personally risky.
If users conclude that regulated providers automatically create identity-linked data trails that can leak, DAC8 may reduce trust in the very market MiCA tries to legitimize.
Short answer
The EU designed MiCA to bring crypto-assets into a regulated perimeter and DORA to strengthen its security and resilience. DAC8 creates tension with that strategy: by making regulated providers the source of an automatic transfer of sensitive tax data, it sends the opposite incentive.
The most cautious users may seek to avoid the regulated perimeter, which contradicts MiCA’s objective and weakens the trust DORA aims to consolidate. Targeted tax cooperation, through the right of communication, would be more consistent with both frameworks.
Key facts
| Text | Number | Purpose |
|---|---|---|
| MiCA | Regulation (EU) 2023/1114 | Authorization, governance, client protection and supervision of CASPs |
| DORA | Regulation (EU) 2022/2554 | ICT risk management, operational resilience, testing, incident notification, supervision of critical providers |
| DAC8 | Directive (EU) 2023/2226 | Collection, reporting and automatic exchange of crypto tax information |
MiCA: attracting users to the regulated perimeter
MiCA imposes a framework of authorization, governance, client protection and supervision of crypto-asset service providers (CASPs).
The implicit objective is clear: to make the regulated market safer than offshore, opaque or unsupervised channels.
DORA: strengthening resilience
DORA targets ICT risk management, operational resilience, testing, incident notification and the supervision of critical providers.
This framework pushes regulated players to invest in security and robustness.
DAC8: an opposite incentive
If using a regulated CASP means the automatic transmission of sensitive data to tax authorities and an international network, some rational users will seek to avoid these actors.
The result can contradict MiCA: the most cautious users leave the regulated perimeter, while ordinary users remain exposed.
The contradiction
Europe cannot simultaneously encourage regulated crypto services and make those services the default source of mass sensitive reporting without considering the security consequences.
This contradiction bears directly on DORA: a framework designed to reduce operational risk is paired with an identity-linked database that can leak or be misused. Trust in the very market MiCA tries to legitimize can then decline.
A more coherent path
Targeted tax cooperation, through the right of communication, would be more consistent with MiCA and DORA. It would preserve the appeal of the regulated sector while giving the administration proportionate investigative tools.