New Cryptoasset reporting obligations for businesses

The UK is adopting the OECD’s Cryptoasset Reporting Framework (CARF) and expanding it to include domestic data collection and reporting requirements. Starting from 1 January 2026, businesses operating in the cryptoasset sector will face new obligations to collect and report data to HMRC.

To prepare for these changes, it is essential that businesses understand their collection and reporting responsibilities and take proactive steps to ensure compliance. Early preparation will help safeguard operations and avoid potential penalties.

Which businesses are subject to the new reporting obligations?

All UK-based “Reporting Cryptoasset Service Providers” (RCASPs) must report to HMRC.

A business qualifies as an RCASP if it either:

• transacts cryptoassets on behalf of users, or
• enables users to transact cryptoassets.

A business is considered UK-based if it meets any of the following:

• tax resident in the UK
• incorporated in the UK
• managed in the UK, or
• has a branch or regular place of business in the UK.

If the above criteria apply to the UK and another jurisdiction that follows the CARF rules, the above criteria should be used as a hierarchy, with tax residency taking precedence. Where jurisdictions are at the same level, the business may choose where to report.

What are the new obligations?

From 1 January 2026, UK-based RCASPs must begin collecting user and transaction data. Depending on the data collected, businesses may be required to submit a report to HMRC, with the first submissions due by 31 May 2027.

RCASPs will also be responsible for verifying the accuracy of the information they report through due diligence, although HMRC has not yet published guidance on what this will involve.

By 31 January 2027, all UK-based RCASPs must register with HMRC’s online reporting service and notify users that their information will be reported.

What information must be collected?

For individual users, the following information must be collected:

• name
• date of birth
• home address
• country of residence
• for UK residents, their National Insurance number or Unique Taxpayer Reference, and
• for non-UK residents, their tax identification number (TIN) (if they have one) and the country where it was issued.

For entity users, the following information must be collected:

• legal business name
• primary business address
• for UK companies their company registration number, and
• for non-UK companies their TIN (if they have one) and issuing country.

For transactions, the following information must be collected:

• value
• type of cryptoasset
• type of transaction, and
• number of units.

What needs to be reported to HMRC?

RCASPs must collect information on all users, but are only required to report on users who are tax resident in the UK or in jurisdictions that apply CARF rules.

Where reporting is required, RCASPs must submit both user details and a summary of their transactions to HMRC.

Reports must be submitted annually by 31 May, covering the period 1 January to 31 December.

How are reports submitted to HMRC?

Reports will be submitted through an online service currently being developed by HMRC and must follow the OECD’s XML schema.

What are the consequences for not complying with the new obligations?

RCASPs that fail to collect and report in accordance with these new obligations can be subject to penalties of up to £300 per user. Situations in which penalties might be charged include:

• a failure to report
• submitting a report late
• submitting a report that is inaccurate, incomplete or unverified.

What do I need to do?

Cryptoassets are a priority target for HMRC, with compliance activity in this sector on the increase. The introduction of these new data collection and reporting requirements marks another significant step towards tighter oversight by HMRC. Businesses operating in the cryptoasset sector must ensure that they understand their obligations and take action to ensure they are fully prepared to comply with those obligations by 1 January 2026.

Our team combines in-depth knowledge of HMRC’s evolving policy on cryptoassets with extensive experience in managing complex tax enquiries, investigations, and disputes with HMRC. If you are facing challenges, or simply wish to ensure that you are fully prepared for these new legal requirements, contact Adam Craggs, Michelle Sloane or Liam McKay.