New tax reporting requirements for users and providers of crypto asset services
From 1 January 2026, individuals and entities using cryptoasset service providers, along with certain UK based providers will be required to provide identifying information as part of a new compliance regime aimed at targeting tax avoidance. This will be enforced by the UK’s tax, payments and customs authority, HM Revenue and Customs (HMRC).
The changes form part of the UK’s domestic implementation of the Organisation for Economic Development (OECD) Crypto-Asset Reporting Framework (CARF), a global initiative aimed at improving tax transparency and tackling non-compliance in the digital asset space.
Users: UK-based and international crypto users alike can be affected, with HMRC gaining greater ability to link crypto transactions to taxpayer records and enforce tax obligations.
Providers: Likewise, reporting cryptoasset service providers (RCASPs), will have to amend their systems and procedures to comply with the changes to come. This includes UK based businesses that either transact cryptoassets on users’ behalf or that provide a means for users to transact cryptoassets, inclusive of crypto exchanges, brokers and dealers.
A qualifying cryptoasset under CARF will be:
- a ‘digital representation of value;
- that uses a cryptographically secured distributed ledger (or similar technology) to validate and secure transactions;
- that is used for payment or investment purposes; and
- that is not required to be reported elsewhere under the Common Reporting Standard.
An organisation will be considered UK-based if it is:
- tax resident in the UK;
- the business is incorporated in the UK;
- the business is managed in the UK; or
- it has a regular place of business or branch in the UK.
What’s Changing?
Under the new rules, anyone who buys, sells, transfers, or exchanges cryptoassets through a service provider must provide certain personal or business details. This includes:
For individual users:
- Full name
- Date of birth
- Residential address and country of residence
- Tax identification number (e.g., National Insurance number or Unique Taxpayer Reference)
For user entities (e.g., companies, partnerships, trusts, charities):
- Legal business name
- Main business address
- Company registration number (for UK companies)
- Tax identification number and country of issue (for non-UK entities)
- Details of controlling persons (in some cases)
These requirements aim to ensure cryptoasset activity can be linked directly to users’ tax records.
Cross-Border Implications
These obligations apply not only when using UK-based service providers, but also when engaging with providers based overseas.
Users must provide accurate identifying information to every cryptoasset service provider they use, regardless of where that provider is located.
Whether that information is ultimately shared with HMRC depends on the international cooperation framework in place:
- If you are UK-based and use a provider in a country that has adopted the OECD Crypto-Asset Reporting Framework, your information will be shared with HMRC via that country’s tax authority.
- If you are non-UK based and use a UK provider, HMRC may share your information with your local tax authority, if it is part of the same international agreement.
- If the provider operates in a non-participating jurisdiction, it may not report to HMRC – but you are still legally required to submit your identifying details to the provider.
Tax Considerations
HMRC’s ability to link cryptoasset transactions to individuals and entities is expected to significantly enhance enforcement of existing tax obligations. Depending on how cryptoassets are used or received, users may be liable for:
- Capital Gains Tax – when cryptoassets are sold, exchanged, gifted, or used to purchase goods or services.
- Income Tax and National Insurance – when cryptoassets are received through employment, mining, or other income-generating activities.
Users with previously undeclared crypto-related gains or income may consider making a voluntary disclosure to HMRC through its digital disclosure service.
What will RCASPs Have to Do?
The measures to be brought in from 1 January 2026 will introduce new compliance requirements for UK based RCASPs.
Compliance will require the following:
- Registration: RCASPs must register with HMRC’s online service by 31 January 2027 (this is not live yet)
- Notification: By 31 January 2027, at the latest, CASPs must notify users that their information will be collected and reported.
- Reporting deadline: Reports based on data from 1 January 2026 may need to be submitted by 31 May 2027.
- Mandatory data collection: Starting from 1 January 2026, RCASPs must begin collecting information on users inclusive of:
- the above information for individual users; and
- the above information for all entity users, including companies, partnerships, trusts and charities;
- and associates user transactional data including:
- the value of a transaction;
- the type of cryptoasset;
- the type of transaction; and
the number of units.
RCASPs will have to verify that the information they collect is accurate by carrying out due diligence (further detail on this is due to be published).
HMRC guidance suggests that RCASPs may wish to collect the required information before 1 January 2026 in order to be ready when the new rules come into force.
Enforcement and Penalties
It is essential that the information provided is accurate and complete. Should a taxpayer declare income on their self-assessment tax return that differs from that reported by RCASPs, then HMRC may launch a tax investigation.
Users and RCASPs who fail to comply with these requirements, submit their report late, or who submit incorrect information (inaccurate, incomplete or unverified information), may face a fixed penalty of up to £300 per instance. This underscores the importance of maintaining up-to-date tax records and ensuring consistency across all platforms used.
What Should You Do Now?
Although the reporting obligations take effect from 2026, early preparation is strongly advised:
If you are a cryptoasset user:
- Review your existing records and ensure personal or entity data is accurate and complete.
- Keep clear records of transactions and valuations for tax purposes.
- Seek advice on potential tax liabilities and disclosure obligations.
If you are a UK-based service provider:
- Assess the systems and processes needed to collect, verify, and securely store user information.
- Understand your reporting obligations under HMRC and international frameworks.
- Review compliance with UK GDPR and other applicable data protection laws.
The full Guidance can be found here.
