Skip to content
Resources

Policy Effects

DAC8, MiCA and DORA

Why DAC8 creates tension with Europe's goal of building a regulated, safe and resilient crypto market.

Updated

The European Union built MiCA to draw crypto-assets into a regulated market and DORA to strengthen operational resilience in the financial sector. DAC8 sits uneasily beside those objectives when it makes regulated channels feel more personally risky.

If users conclude that regulated providers automatically create identity-linked data trails that can leak, DAC8 may reduce trust in the very market MiCA tries to legitimize.

Short answer

The EU designed MiCA to bring crypto-assets into a regulated perimeter and DORA to strengthen its security and resilience. DAC8 creates tension with that strategy: by making regulated providers the source of an automatic transfer of sensitive tax data, it sends the opposite incentive.

The most cautious users may seek to avoid the regulated perimeter, which contradicts MiCA’s objective and weakens the trust DORA aims to consolidate. Targeted tax cooperation, through the right of communication, would be more consistent with both frameworks.

Key facts

TextNumberPurpose
MiCARegulation (EU) 2023/1114Authorization, governance, client protection and supervision of CASPs
DORARegulation (EU) 2022/2554ICT risk management, operational resilience, testing, incident notification, supervision of critical providers
DAC8Directive (EU) 2023/2226Collection, reporting and automatic exchange of crypto tax information

MiCA: attracting users to the regulated perimeter

MiCA imposes a framework of authorization, governance, client protection and supervision of crypto-asset service providers (CASPs).

The implicit objective is clear: to make the regulated market safer than offshore, opaque or unsupervised channels.

DORA: strengthening resilience

DORA targets ICT risk management, operational resilience, testing, incident notification and the supervision of critical providers.

This framework pushes regulated players to invest in security and robustness.

DAC8: an opposite incentive

If using a regulated CASP means the automatic transmission of sensitive data to tax authorities and an international network, some rational users will seek to avoid these actors.

The result can contradict MiCA: the most cautious users leave the regulated perimeter, while ordinary users remain exposed.

The contradiction

Europe cannot simultaneously encourage regulated crypto services and make those services the default source of mass sensitive reporting without considering the security consequences.

This contradiction bears directly on DORA: a framework designed to reduce operational risk is paired with an identity-linked database that can leak or be misused. Trust in the very market MiCA tries to legitimize can then decline.

A more coherent path

Targeted tax cooperation, through the right of communication, would be more consistent with MiCA and DORA. It would preserve the appeal of the regulated sector while giving the administration proportionate investigative tools.