For years, crypto platforms in the UK operated much like international airports without passport control – assets moved across borders with little visibility, oversight, or record-keeping. That model is about to be retired.
Starting next year, firms will need to know who their users are, where they live, and what they’re doing with their digital assets – and report it all to HM Revenue & Customs.
When the rules are in effect, firms operating in or serving the UK will be subject to expansive data collection and reporting obligations under the OECD’s Cryptoasset Reporting Framework (CARF) – a shift that brings crypto transactions more firmly into the fold of global tax compliance.
For regulators, this is less about chasing novelty and more about embedding crypto oversight into established administrative systems. The UK’s adoption of CARF signals an intent to integrate cryptoassets into international information-sharing protocols, aligning tax compliance mechanisms with the realities of decentralised digital finance.
Under CARF, any firm classed as a Reporting Cryptoasset Service Provider (RCASP) – including exchanges, wallet providers, and brokers – will be required to identify users and document their full legal name, address, date of birth, tax identification number, and country of tax residence. This applies not only to UK-based users, but also to those in any jurisdiction that has adopted CARF. Foreign firms that deal with UK customers will not be exempt.
In practical terms, the regime requires recording detailed information on each transaction involving covered cryptoassets: asset type, value, quantity, and nature of the transaction. Transfers to self-hosted wallets also fall under the scope (if CARF’s definition of transfer means any movement of cryptoassets between users or wallets). RCASPs must begin collecting this data from January 1, 2026, with initial submissions to HM Revenue & Customs (HMRC) due by May 31, 2027. Annual reports will follow the same pattern in subsequent years.
Industry concerns and calls for clarity
This is not a soft-touch regime. Penalties for non-compliance are fixed at up to £300 per user, applying to failures ranging from late reporting and incomplete data to inaccurate or unverifiable submissions. HMRC’s position is clear: crypto compliance is no longer aspirational, it is operational. The agency has already opened hundreds of cases into potentially non-compliant crypto firms and has issued thousands of letters to individuals believed to owe tax on crypto holdings.
While the government frames CARF as a necessary part of the UK’s tax enforcement strategy, the move has generated concern among industry stakeholders. The self-regulatory body CryptoUK expressed conditional support for the framework, calling for clarity on scope and implementation costs. Its response to the HMRC consultation emphasised the importance of minimising duplicative reporting obligations and proposed a grace period for penalties in the framework’s early years.
The government has not committed to such a phase-in. However, HMRC has acknowledged the need for further technical guidance, with updates expected on areas such as data protection, definitions of reportable transaction types, and nexus criteria for cross-border reporting. An online portal for CARF submissions is under development, but not yet live.
This push towards data standardisation in crypto reporting is consistent with the UK’s broader trajectory in financial services regulation. In effect, the UK is now requiring crypto platforms to operate more like banks – subject to the same standards of customer due diligence, transaction monitoring, and tax reporting that have long applied to traditional financial institutions. Recent enforcement actions by the Financial Conduct Authority, including the £3.5 million fine against a Coinbase subsidiary in 2024, underscore the regulatory direction of travel: tighter compliance, increased transparency, and greater convergence with legacy financial systems.
Part of a global compliance shift
CARF itself is part of a wider international movement to close the reporting gap created by cryptoassets. Initially endorsed through a November 2023 joint statement by over 40 jurisdictions, the framework is designed to enable jurisdictions to exchange tax-relevant crypto data in a manner comparable to the Common Reporting Standard (CRS) for traditional financial institutions.
In the UK, CARF will sit alongside CRS and other existing regimes. While this layered structure has prompted calls for simplification, the government appears committed to a unified approach underpinned by multilateral alignment. Draft legislation to implement CARF and amendments to the CRS were published in late 2024 and are expected to pass in 2025, leaving little time for firms to establish the necessary systems and processes.
Preparing for day one
For firms that have not yet started compliance preparations, the message from HMRC is unambiguous: begin now. Although enforcement will not commence until 2026, early data collection is encouraged to mitigate future risk and ease the transition.
From a regulatory standpoint, CARF marks a maturation of the UK’s crypto oversight architecture. By reframing crypto reporting not as an experimental frontier but as a core component of the tax infrastructure, the UK is reshaping the industry’s compliance landscape. The days of regulatory ambiguity in crypto are quickly coming to an end.
Whether this new clarity brings greater legitimacy and stability to the sector (or burdens that stifle innovation) will depend on how the framework is implemented and enforced. Either way, for regulators and firms alike, the countdown to 2026 has already begun.
