Directive (EU) 2023/2226 (DAC8) requires crypto-asset service providers serving EU tax residents to collect user identities, Tax Identification Numbers and detailed transaction histories — including crypto-to-fiat trades, crypto-to-crypto swaps and transfers that include withdrawals to external/unhosted (self‑custody) addresses. Data must be gathered through 2026 with the first full-year reports due in 2027. Platforms may suspend accounts only after two reminders and a 60‑day grace period for missing TINs. The European Commission estimates roughly €1.7bn in additional annual tax revenue (parliament estimate €1bn–€2.4bn) and notes one‑time and recurring compliance costs; the framework enables cross‑border matching and some aggregated reporting but does not ban self‑custody.

The directive mandates collection and reporting of identities, TINs and detailed transaction histories — explicitly including withdrawals to external/unhosted addresses — with fixed start (Jan 1, 2026) and first-report timing (2027), and allows platforms to suspend noncompliant accounts after reminders. These concrete obligations increase tax visibility and impose measurable compliance costs and enforcement steps. All points are drawn from the summary.