New Tax Reporting Obligations for Crypto-Asset Service Providers

1) What is the CARF?

The Crypto-Asset Reporting Framework (CARF) is a global standard developed by the OECD to ensure tax transparency in the digital asset sector. It functions similarly to the Common Reporting Standard (CRS) and requires crypto exchanges, brokers, wallet providers, and other intermediaries to collect and report tax-relevant client data to the national tax authorities.

CARF aims to prevent cross-border tax evasion and non-declaration of crypto-related income. It covers both traditional crypto-assets (e.g., Bitcoin, Ethereum) and stablecoins, tokenized assets, and certain DeFi transactions that are intermediated through centralized platforms. 

Reported information will be automatically exchanged between participating jurisdictions — similar to CRS, but tailored to crypto-specific transactions. CARF therefore marks the transition from a largely unregulated environment to a structured, international tax-reporting regime with clear compliance, due-diligence, and documentation obligations.

2) Timeline & Status in the UAE

• Signature: The United Arab Emirates signed the Multilateral Competent Authority Agreement (CARF-MCAA) on 21 July 2025.
• Go-Live: Data collection begins in 2027; the first automatic exchange will occur in 2028.
• Public Consultation (2025): The Ministry of Finance (MoF) launched a public consultation on domestic implementation (open until 8 November 2025).
• Global Context: The OECD released the CARF XML Schema and FAQs in 2024/2025, setting technical reporting standards and correction mechanisms.

3) Who Is in Scope?

Reporting Crypto-Asset Service Providers (RCASPs) — including exchanges, brokers/dealers, custodial-wallet providers, and other intermediaries executing transactions on behalf of customers. Such entities must:

• perform tax due-diligence to determine clients’ tax residency,
• obtain valid Self-Certifications (including TIN and tax domicile), and
• report annual, transaction-level data to the competent UAE authority.

4) What Information Must Be Reported?

• User Identification Data: Name, address, jurisdiction(s) of tax residence, TIN, and (for individuals) date of birth.
• Transaction Data: Purchases, sales, swaps, transfers, volumes, fair market value, and fees; retail payment transactions reported separately.
• Technical Format: Reports follow the CARF XML Schema, filed via a UAE authority portal (MoF or FTA).
• Recordkeeping: Wallet addresses are not reportable but must be retained for at least five years.

5) Compliance Implications in the UAE

Beyond CARF, UAE crypto-asset service providers are already subject to local supervisory frameworks under VARA, FSRA, and SCA. These regimes must align with upcoming CARF tax-reporting requirements.

6) Core Compliance Components

• Governance & Accountability: Appoint a Tax Reporting Officer and establish internal audit and control structures.
• Tax Due-Diligence: Collect Self-Certifications, verify residency indicators, monitor changes of circumstances.
• Data Architecture: Map all client and transaction data to the CARF XML data model.
• Reporting Processes: File annual reports to MoF/FTA, including corrections and amendments.
• Recordkeeping & Data Protection: Retain records for ≥ five years; comply with data protection laws.
• AML/CFT Integration: Align KYC and Travel Rule requirements with CARF due-diligence obligations.
• Client Communication: Notify clients of tax-reporting duties and obtain valid certifications.

7) Expected National Implementation (Outlook)

• Legal Framework: A federal regulation will define RCASP obligations and penalties for non-compliance.
• Technical Infrastructure: A centralized CARF reporting portal will likely be established within the Ministry of Finance, modelled on the existing CRS system.
• Transition Period: Implementation and testing during 2025–2026, data collection from 2027, first exchange in 2028.

8) Roadmap for UAE Crypto-Service Providers (2025 – 2027)

• Gap Analysis: Assess systems and controls against CARF and local supervisory requirements (VARA / FSRA / SCA).
• Data Remediation: Complete missing Self-Certifications, TINs, and transaction classifications.
• Technical Enablement: Develop a CARF XML reporting engine and error-handling workflow.
• Policies & Controls: Establish written procedures, QA testing, and staff training.
• Cross-Functional Coordination: Ensure alignment across Tax, Compliance, Legal, and Technology functions.

CONCLUSION

CARF will fundamentally reshape the tax-compliance landscape for UAE crypto-asset service providers. Firms should begin implementation in 2025 to ensure full readiness for 2027, through an integrated Tax – Compliance – Legal – Technology approach.