(1)

Tax fraud, tax evasion and tax avoidance represent a major challenge for the Union and at global level. The exchange of information is pivotal in the fight against such practices.

(2)

The European Parliament has stressed the political importance of fair taxation and of fighting tax fraud, tax evasion and tax avoidance, including through closer administrative cooperation and extended exchange of information between Member States.

(3)

On 7 December 2021, the Council approved an Ecofin report to the European Council on tax issues requesting the Commission to table in 2022 a legislative proposal containing further revisions to Council Directive 2011/16/EU (3), concerning the exchange of information on crypto-assets and tax rulings for wealthy individuals.

(4)

On 26 January 2021, the Court of Auditors published a report examining the legal framework and implementation of Directive 2011/16/EU. That report concludes that the overall legal framework of Directive 2011/16/EU is solid, but some provisions need to be strengthened in order to ensure that the full potential of the exchange of information is exploited and the effectiveness of the automatic exchange of information is measured. The report also concludes that the scope of Directive 2011/16/EU should be enlarged in order to cover additional categories of assets and income, such as crypto-assets.

(5)

The crypto-asset market has grown in importance and increased its capitalisation substantially and rapidly over the last 10 years. A crypto-asset is a digital representation of a value or of a right that is able to be transferred and stored electronically using distributed ledger technology or similar technology.

(6)

Member States have put in place rules and guidance, which differ from Member State to Member State, to tax income derived from crypto-asset transactions. However, the decentralised nature of crypto-assets makes it difficult for Member States’ tax administrations to ensure tax compliance.

(7)

Regulation (EU) 2023/1114 of the European Parliament and of the Council (4) has expanded the Union regulatory framework to issues of crypto-assets that had so far not been regulated by Union financial services acts as well as to providers of services in relation to such crypto-assets (‘crypto-asset service providers’). Regulation (EU) 2023/1114 sets out definitions that are used for the purposes of this Directive. This Directive also takes into account the authorisation requirement for crypto-asset service providers under Regulation (EU) 2023/1114 in order to minimise administrative burden for the crypto-asset service providers. The inherent cross-border nature of crypto-assets requires strong international administrative cooperation to ensure effective regulation.

(8)

The Union’s anti-money laundering and countering the financing of terrorism framework (AML/CFT) extends the scope of obliged entities subject to AML/CFT rules to crypto-asset service providers regulated by Regulation (EU) 2023/1114. In addition, Regulation (EU) 2023/1113 of the European Parliament and of the Council (5) extends the obligation of payment service providers to accompany transfers of funds with information on the payer and the payee to crypto-asset service providers in order to ensure the traceability of transfers of crypto-assets for the purpose of fighting against money laundering and financing of terrorism.

(9)

At international level, the Organisation for Economic Cooperation and Development (OECD) Crypto-Asset Reporting Framework, set out in Part I of the document ‘Crypto-Asset Reporting Framework and Amendments to the Common Reporting Standard’ approved by the OECD on 26 August 2022 (the ‘OECD Crypto-Asset Reporting Framework’), is aimed at introducing greater tax transparency with regard to crypto-assets and their reporting. Union rules should take into account the framework developed by the OECD in order to increase the effectiveness of the exchange of information and to reduce administrative burden. In implementing this Directive, Member States should use the Commentaries on the Model Competent Authority Agreement, set out in the document ‘International Standards for Automatic Exchange of Information in Tax Matters: Crypto-Asset Reporting Framework and 2023 update to the Common Reporting Standard’, released by the OECD on 8 June 2023 (the ‘Commentaries on the Model Competent Authority Agreement’), and the OECD Crypto-Asset Reporting Framework as sources of illustration or interpretation and in order to ensure consistency in application across Member States.

(10)

Directive 2011/16/EU lays down obligations for financial institutions to report financial account information to tax administrations that are then required to exchange that information with other relevant Member States. However, most crypto-assets are not obliged to be reported under that Directive because they do not constitute money held in depository accounts nor in financial assets. In addition, crypto-asset service providers as well as crypto-asset operators are in most cases not covered by the current definition of financial institution under Directive 2011/16/EU.

(11)

In order to address new challenges arising from the growing use of alternative means of payment and investment, which pose new risks of tax evasion and are not yet covered by Directive 2011/16/EU, the rules on the reporting and exchange of information should cover crypto-assets and their users.

(12)

In order to ensure the proper functioning of the internal market, the reporting should be effective, simple and clearly defined. Detecting taxable events that occur while investing in crypto-assets is difficult. Reporting crypto-asset service providers are best placed to collect and verify the necessary information on their users. The administrative burden should be minimised for the industry so that it is able to develop its full potential within the Union.

(13)

The automatic exchange of information between tax authorities is crucial to provide them with the necessary information to enable them to correctly assess the amounts of income taxes due. The reporting obligation should cover both cross-border and domestic transactions in order to ensure the effectiveness of the reporting rules, the proper functioning of the internal market, a level playing field and respect of the principle of non-discrimination.

(14)

This Directive applies to crypto-asset service providers regulated by and authorised under Regulation (EU) 2023/1114 and to crypto-asset operators that are not. Both are referred to as reporting crypto-asset service providers, as they are required to report under this Directive. The general understanding of what constitutes crypto-assets is very broad and includes crypto-assets that have been issued in a decentralised manner, as well as stablecoins, including e-money tokens as defined in Regulation (EU) 2023/1114 and certain non-fungible tokens (NFTs). Crypto-assets that can be used for payment or investment purposes are reportable under this Directive. Therefore, reporting crypto-asset service providers should consider on a case-by-case basis whether crypto-assets can be used for payment and investment purposes, taking into account the exemptions provided for in Regulation (EU) 2023/1114, in particular in relation to a limited network and certain utility tokens.

(15)

In order to enable tax administrations to analyse the information they receive and to use it in accordance with national provisions, for example for matching of information and valuation of assets and capital gains, it is appropriate to require the reporting and exchange of information that is subdivided in relation to each crypto-asset with respect to which the crypto-asset user made transactions.

(16)

In order to ensure uniform conditions for the implementation of the provisions on the automatic exchange of information between competent authorities, implementing powers should be conferred on the Commission to adopt the practical arrangements necessary for the implementation of the mandatory automatic exchange of information reported by reporting crypto-asset service providers, including a standard form for the exchange of information. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council (6).

(17)

Crypto-asset service providers covered by Regulation (EU) 2023/1114 may exercise their activity in the Union through passporting once they have received their authorisation in a Member State. For those purposes, the European Securities and Markets Authority (ESMA) holds a register with authorised crypto-asset service providers. Additionally, ESMA also maintains a blacklist of operators exercising crypto-asset services that require an authorisation under Regulation (EU) 2023/1114.

(18)

Crypto-asset operators that do not fall under the scope of Regulation (EU) 2023/1114 but are obliged to report information on the crypto-asset users resident in the Union pursuant to this Directive should be required to register in one single Member State for the purpose of complying with their reporting obligations.

(19)

In order to foster administrative cooperation with non-Union jurisdictions, crypto-asset operators that meet certain conditions should be allowed to solely report information on crypto-asset users resident in the Union to the tax authorities of a non-Union jurisdiction insofar as the reported information corresponds to the information set out in this Directive and insofar as there is an effective qualifying competent authority agreement in place with such non-Union jurisdiction. The qualified non-Union jurisdiction would in turn communicate such information to the tax administrations of the Member States where the crypto-asset users are resident. Where appropriate, that mechanism should be enabled to prevent corresponding information from being reported and transmitted more than once.

(20)

In order to ensure uniform conditions for the implementation of this Directive, implementing powers should be conferred on the Commission to determine whether information required to be exchanged pursuant to an agreement between the competent authorities of a Member State and a non-Union jurisdiction corresponds to that specified in this Directive. Those powers should be exercised in accordance with Regulation (EU) No 182/2011. Given that the conclusion of agreements with non-Union jurisdictions on administrative cooperation in the area of direct taxation remains within the competence of Member States, the Commission’s action could also be triggered by a request from a Member State. For that purpose, it is necessary that, following the request of a Member State, the Commission also be able to determine the correspondence in advance of an envisaged conclusion of such an agreement. Where the exchange of such information is based on a multilateral competent authority agreement, the Commission should take the decision on correspondence in relation to the whole of the relevant framework covered by such a competent authority agreement. Nevertheless, it should still remain possible for the Commission to take the decision on correspondence, where appropriate, concerning a bilateral competent authority agreement.

(21)

Insofar as the international standard on the reporting and automatic exchange of information on crypto-assets, namely the OECD Crypto-Asset Reporting Framework, is a minimum standard or equivalent, which establishes a minimum scope and content of jurisdictions’ implementation thereof, the determination of correspondence of this Directive and the OECD Crypto-Asset Reporting Framework by the Commission, by means of an implementing act, should not be required provided that there is an effective qualifying competent authority agreement in place between the non-Union jurisdictions and all Member States.

(22)

Although the G20 endorsed the OECD Crypto-Asset Reporting Framework and recommended its implementation, no decision has been taken yet on whether it would be considered as a minimum standard or equivalent. Pending that decision, this Directive includes two different approaches for determining correspondence.

(23)

This Directive does not substitute any wider obligations arising from Regulation (EU) 2023/1114.

(24)

In order to foster convergence and to promote consistent supervision of this Directive and Regulation (EU) 2023/1114, competent authorities are to cooperate with other national authorities or institutions and share relevant information.

(25)

The exemption from the reporting obligations provided for in this Directive, which is dependent upon the determination of corresponding reporting and exchange mechanisms in relation to non-Union jurisdictions and Member States, should apply only in the area of taxation, and in particular for the purposes of this Directive, and should not be considered as a basis for recognising correspondence in other areas of Union law.

(26)

It is crucial to reinforce the provisions of Directive 2011/16/EU concerning the information to be reported or exchanged in order to adapt to new developments of different markets and consequently to effectively tackle identified conducts of tax fraud, tax evasion and tax avoidance. Those provisions should reflect the developments observed in the internal market and at international level, with a view to achieving effective reporting and exchange of information. Consequently, this Directive includes among others the latest amendments to the Common Reporting Standard of the OECD, including the integration of e-money and central bank digital currency provisions, set out in Part II of the Crypto-Asset Reporting Framework and Amendments to the Common Reporting Standard approved by the OECD on 26 August 2022, and the extension of the scope of the automatic exchange of information regarding advance cross-border rulings to certain rulings regarding natural persons. In implementing the latest amendments to the Common Reporting Standard, as included in this Directive, and as already mentioned in the recitals of Council Directive 2014/107/EU (7) with respect to the original version of the Common Reporting Standard, Member States should use the Commentaries on the Model Competent Authority Agreement and the Common Reporting Standard, now including the latest amendments to the Common Reporting Standard, as sources of illustration or interpretation and in order to ensure consistency in application across Member States.

(27)

Electronic money, as defined in Directive 2009/110/EC of the European Parliament and of the Council (8), is frequently used in the Union, and the volume of transactions and their combined value increase steadily. Electronic money is however not explicitly covered by Directive 2011/16/EU. Member States adopt diverse approaches to electronic money. As a result, related products are not always covered by the existing categories of income and capital of Directive 2011/16/EU. Rules should therefore be introduced to Directive 2011/16/EU in order to ensure that reporting obligations apply to electronic money.

(28)

In order to close loopholes that allow tax fraud, tax evasion and tax avoidance, Member States should be required to exchange information related to income derived from non-custodial dividends. Income derived from non-custodial dividends should therefore be included in the categories of income subject to the automatic exchange of information.

(29)

The taxpayer identification number (TIN) is essential for Member States to match information received with data present in national databases. It increases Member States’ capability of identifying the relevant taxpayers and correctly assessing the related taxes. Therefore, it is important that Member States include the TIN of reported individuals and entities in the reporting and communication of information in the context of exchanges related to categories of income and capital subject to the mandatory automatic exchange of information, financial accounts, advance cross-border rulings and advance pricing agreements, country-by-country reports, reportable cross-border arrangements, information on sellers on digital platforms and crypto-assets.

(30)

In order to increase the availability of the TIN to the competent authorities of Member States, each Member State should take the necessary measures to require that the TIN of individuals and entities issued by the Member State of residence be reported with respect to income from employment, director’s fees and pensions and with respect to advance cross-border rulings and advance pricing arrangements, country-by-country reports and reportable cross-border arrangements. Such measures can comprise, but are not limited to, the introduction, by the transposition deadline set out in this Directive, of domestic legal requirements to report the TIN. Moreover, following the entry into force of Council Directive (EU) 2022/2523 (9) and, in the light of the rules on safe harbours set out in that Directive, it is important to ensure proper matching, in the context of the mandatory automatic exchange of information on country-by-country reports pursuant to Directive 2011/16/EU. However, it is also recognised by the Member States that there can be rare situations where it is simply not possible for the reporting entity or the reporting individual to collect and report the TIN, including where, despite best efforts, the reporting entity or the reporting individual has not been able to collect the TIN or where a TIN has not been issued to the taxpayer.

(31)

Each Member State should include, where it has been obtained by the competent authority of the Member State, the TIN of individuals and entities issued by the Member State of residence in the exchanges related to advance cross-border rulings and advance pricing arrangements, country-by-country reports and reportable cross-border arrangements.

(32)

The absence of exchange of rulings concerning natural persons means that the tax administrations of the Member States concerned might not be aware of those rulings. There is therefore a risk that opportunities for tax fraud, tax evasion and tax avoidance will be created. In order to reduce that risk, and in order to reduce the administrative burden, the automatic exchange of advance cross-border rulings should extend to such rulings where the amount of the transaction or series of transactions of the advance cross-border ruling exceeds a specific threshold.

(33)

Advance cross-border rulings that determine whether a person is or is not a resident for tax purposes in the Member State issuing the ruling should also be exchanged automatically. However, in the interest of proportionality, and in order to reduce administrative burden, some common forms of advance cross-border rulings which can include an element of determination of whether a natural person is or is not resident for tax purposes in a Member State should not, solely on that ground, be subject to the exchange of information on advance cross-border rulings. Advance cross-border rulings on taxation at source with regard to non-residents’ income from employment, director’s fees and pensions should not be exchanged, unless the amount of the transaction or series of transactions of the advance cross-border ruling exceeds the threshold.

(34)

A number of Member States are expected to introduce identification services as a simplified and standardised means of identification of service providers and taxpayers. The Member States that wish to make use of that format for identification should be allowed to do so provided that it does not affect the flow and quality of information of other Member States that do not use such identification services. Therefore, the use of identification services should not affect the due diligence procedures or the requirements to collect information. Furthermore, if that approach diverges from the OECD’s corresponding standards on the automatic exchange of information in certain respects, the provisions in this Directive regarding the use of identification services should not impact the determination of whether information reported and exchanged pursuant to an agreement between the competent authorities of a Member State and a non-Union jurisdiction is equivalent to or corresponds to that specified in this Directive.

(35)

It is important that, as a matter of principle, the information communicated under Directive 2011/16/EU is used for the assessment, administration and enforcement of taxes which are covered by the material scope of that Directive. However, uncertainties regarding the use of information have arisen due to an unclear framework. Given the link between tax fraud, tax evasion and tax avoidance, and money laundering, also in terms of enforcement, it is appropriate to clarify that it should also be possible to use information communicated between Member States for the assessment, administration and enforcement of customs duties and for anti-money laundering and combating the financing of terrorism.

(36)

Considering the amount and the nature of the information collected and exchanged on the basis of Directive 2011/16/EU, that information can be useful in certain further areas. While the use of that information in other areas should as a general rule be restricted to areas approved by the Member State communicating the information in accordance with this Directive, there is a need to allow for a broader use of the information in situations presenting particular and serious characteristics and where it has been agreed at Union level to take action. Such situations would in particular be those where decisions have been taken pursuant to Article 215 of the Treaty on the Functioning of the European Union regarding restrictive measures. Information exchanged under Directive 2011/16/EU can be very relevant for the detection of violation or circumvention of restrictive measures. In return, any potential breaches of restrictive measures will be relevant for tax purposes, since avoidance of restrictive measures will in most cases also amount to tax avoidance in relation to the assets concerned. Given the likely synergies and close link between the detection of avoidance of restrictive measures and the detection of tax avoidance, the authorisation of a further use of the information is therefore appropriate.

(37)

It is essential that the information communicated under Directive 2011/16/EU is used by the competent authority of each Member State which receives that information. Therefore, it is appropriate to require the competent authority of each Member State to put in place an effective mechanism to ensure the use of information acquired through the reporting or the exchange of information under Directive 2011/16/EU. Such use of information can include, for instance, voluntary compliance programs, notifications to generate disclosure, awareness campaigns, prefilling tax returns, risk assessments, limited audits, general audits, tax coding, tax estimation, assimilation into domestic systems and other tax-related measures.

(38)

In order to enhance the efficient use of resources, facilitate the exchange of information and avoid the need for each Member State to make similar changes to their systems for storing information, a central directory should be established for information to be communicated on crypto-assets, accessible to all Member States and only for statistical purposes to the Commission, to which Member States would upload and store reported information, instead of exchanging that information by secured email. Member States should only be permitted to access data in that central directory relating to their own residents. All access and restrictions of access to the central directory should be in line with requirements under Regulation (EU) 2016/679 of the European Parliament and of the Council (10). In order to ensure uniform conditions for the implementation of this Directive, implementing powers should be conferred on the Commission to adopt the practical arrangements necessary for the establishment of such central directory. Those powers should be exercised in accordance with Regulation (EU) No 182/2011.

(39)

In order to ensure uniform conditions for the implementation of this Directive, implementing powers should be conferred on the Commission to develop a tool allowing an electronic and automated verification of the correctness of the TIN that has been provided by the taxpayer or the reporting entity or reporting individual. Those powers should be exercised in accordance with Regulation (EU) No 182/2011. The IT tool to be provided to Member States is intended to help increase the matching rates for tax administrations and improve the quality of the exchanged information in general.

(40)

The minimum retention period of records of information obtained through the exchange of information between Member States pursuant to Directive 2011/16/EU should not be longer than necessary but, in any event, not shorter than five years. Member States should not retain information longer than necessary to achieve the purposes of this Directive.

(41)

Reporting financial institutions, intermediaries, reporting platform operators, reporting crypto-asset service providers or competent authorities of Member States are data controllers within the meaning of Regulation (EU) 2016/679. Where two or more of those controllers jointly determine the purposes and means of processing of personal data, they are considered to be joint controllers. For example, competent authorities of Member States are considered to be joint controllers of the central directory, having jointly agreed on the personal data to be processed and the manner of processing.

(42)

In order to ensure proper enforcement of the rules under this Directive, Member States should lay down rules on penalties applicable to infringements of national provisions adopted pursuant to provisions of this Directive on the mandatory automatic exchange of information reported by reporting crypto-asset service providers, and should take all measures necessary to ensure that they are implemented. While the choice of penalties remains within the discretion of Member States, the penalties provided for should be effective, proportionate and dissuasive.

(43)

For the sake of harmonising the timing between the evaluation of the application of Directive 2011/16/EU and the biennial evaluation of the relevance of hallmarks in Annex IV of this Directive, the timing of those evaluation processes should be aligned.

(44)

Taking into account the judgment of the Court of Justice of 8 December 2022 in Case C-694/20, Orde van Vlaamse Balies and Others (11), Directive 2011/16/EU should be amended in such a manner that its provisions do not have the effect of requiring lawyers acting as intermediaries, where they are exempt from the reporting obligation on account of the legal professional privilege by which they are bound, to notify any other intermediary that is not their client of that intermediary’s reporting obligations. However, any intermediaries that are exempt from the reporting obligation because of the legal professional privilege by which they are bound should remain required to notify without delay their client of that client’s reporting obligations.

(45)

The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council (12) and delivered an opinion on 3 April 2023 (13).

(46)

This Directive respects the fundamental rights and observes the principles recognised by the Charter of Fundamental Rights of the European Union (the ‘Charter’). In particular, this Directive ensures full respect for the right of protection of personal data enshrined in Article 8 of the Charter. In that regard, it is important to recall that Regulations (EU) 2016/679 and (EU) 2018/1725 apply to the processing of personal data under Directive 2011/16/EU. Furthermore, this Directive seeks to ensure full respect for the freedom to conduct business.

(47)

Since the objective of Directive 2011/16/EU, namely the efficient administrative cooperation between Member States under conditions compatible with the proper functioning of the internal market, cannot be sufficiently achieved by the Member States but can rather, by reason of the uniformity and effectiveness required, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality as set out in that Article, this Directive does not go beyond what is necessary in order to achieve that objective.

(48)

Directive 2011/16/EU should therefore be amended accordingly,

(1)

Article 3 is amended as follows:

(2)

Article 8 is amended as follows:

(3)

Article 8a is amended as follows:

(4)

Article 8ab is amended as follows:

(5)

in Article 8ac(2), first subparagraph, the following point is added:

(6)

the following Article is inserted:

(7)

Article 16 is amended as follows:

(8)

in Article 18, the following paragraph is added:

(9)

in Article 20, paragraph 5 is replaced by the following:

(10)

Article 21 is amended as follows:

(11)

in Article 22, the following paragraphs are added:

(12)

in Article 23, paragraph 3 is replaced by the following:

(13)

Article 25 is amended as follows:

(14)

Article 25a is replaced by the following:

(15)

in Article 27, paragraph 2 is deleted;

(16)

the following Article is inserted:

(17)

Annex I is amended in accordance with Annex I to this Directive;

(18)

Annex V is amended in accordance with Annex II to this Directive;

(19)

The text set out in Annex III to this Directive is added as Annex VI.