New reporting obligations for Cryptoasset users

The UK is adopting the OECD’s Cryptoasset Reporting Framework (CARF) and expanding it to include domestic data collection and reporting requirements. From 1 January 2026, users of cryptoasset service providers will be required to provide identifying information to those providers, which may then be reported to HMRC.

The UK is adopting the OECD’s Cryptoasset Reporting Framework (CARF) and expanding it to include domestic data collection and reporting requirements. From 1 January 2026, users of cryptoasset service providers will be required to provide identifying information to those providers, which may then be reported to HMRC.

In order to prepare for these changes, it is essential that users understand the information that may be collected about them and the consequences they may face if information is not provided to the cryptoasset service providers they use.

What is a cryptoasset service provider?

Cryptoasset service providers are businesses that enable cryptoassets to be bought, sold, transferred or exchanged. Common examples of cryptoasset services include:

• wallet apps
• online marketplaces
• services that manage cryptoasset portfolios.

What information must be provided to cryptoasset service providers?

From 1 January 2026, users will be required to provide the following information to the cryptoasset service providers they use:

• name
• date of birth
• home address
• country of residence
• for UK residents, their National Insurance number or Unique Taxpayer Reference
• for non-UK residents, their tax identification number (TIN) (if they have one) and the country where it was issued.

Where the user is an entity, they will be required to provide the following information:

• legal business name
• primary business address
• for UK companies, their company registration number
• for non-UK companies, their TIN (if they have one) and issuing country.

What happens to the information provided to cryptoasset service providers?

From 1 January 2026, cryptoasset service providers must begin collecting detailed information on their users and their transactions. If a user is tax resident in the UK, or in another jurisdiction that applies the CARF rules, that information must also be reported to HMRC.

HMRC will use this data to review users’ tax positions and to support HMRC’s compliance efforts, including initiating tax enquiries and investigations.

What are the consequences of not providing information?

Users who fail to provide information to their cryptoasset service providers, or provide inaccurate information, can be subject to a penalty of up to £300.

What do I need to do?

Cryptoassets are a priority target for HMRC, with compliance activity in this sector on the increase. The introduction of these new obligations marks another significant step towards closer oversight by HMRC and, when combined with HMRC’s broader information gathering powers, may have significant consequences for taxpayers who hold cryptoassets and use the services of cryptoasset providers. Taxpayers should therefore take steps to ensure that they understand their obligations and take appropriate action to ensure they will be fully compliant with the new regime from 1 January 2026.

Our team combines in-depth knowledge of HMRC’s evolving policy on cryptoassets with extensive experience in managing complex tax enquiries, investigations, and disputes with HMRC. If you are facing challenges, or wish to ensure you are fully prepared for these new obligations, contact Adam Craggs, Michelle Sloane or Liam McKay.