German Crypto Asset Tax Transparency Act (KStTG) enters final stretch

DAC8, MiCAR and CARF – the new triad 

The DAC8 builds on European crypto legislation and follows on from the Regulation on Markets in Crypto Assets (MiCAR). The German draft also refers to the OECD's Crypto Asset Reporting Framework (CARF). The CARF and the OECD interpretation act as an interpretation aid for practical implementation. The legislature has adopted key terms from MiCAR, CARF and the automatic exchange of information (CRS), but added national clarifications for closing. This compatibility simplifies practice, but brings with it the risk of divergent interpretations in the internal market. 

Timetable and milestones 

Germany must transpose the DAC8 by 31 December 2025. The German Crypto Asset Tax Transparency Act (KStTG) is set to come into effect on 1 January 2026. The legislation provides tax authorities with structured access to information on income from crypto asset transactions. The Federal Central Tax Office (BZSt) will bundle reports and coordinate the sharing of them internationally, speeding up the evaluation and making audits more targeted. 

Who is affected: providers, service providers, operators 

The persons to whom the law applies consist of providers: These include crypto asset service providers and crypto asset operators that perform trades for or on behalf of users to be reported. 

Obligations apply to providers that have their registered office or business activities in Germany, with the exception of listed companies, state legal entities, international organisations and central banks. 

Crypto asset service providers are legal entities or companies that provide one or more crypto asset services on a commercial basis and are authorised to do so in accordance with Article 59 MiCAR. Crypto asset operators provide similar services but do not fall under the MiCAR definition and do not hold a MiCAR licence (operators must register with the Federal Central Tax Office (BZSt) on time). 

The German Crypto Asset Tax Transparency Act (KStTG) thus also expressly covers staking and lending, although MiCAR does not specifically define these under supervisory law; the Federal Ministry of Finance (BMF) intends to clarify these terms in administrative provisions. 

What must be reported: services, users, transactions 

Crypto asset services include MiCAR services as well as staking and lending. These include in particular custody, trading platform operation, exchange, execution of contracts, placement, acceptance and transmission of orders, consultation, portfolio management and transfer services. 

The scope of application only opens up if trades are carried out for or on behalf of a user who is to be reported. Transactions to be reported include trades for fiat or other crypto assets and certain transfers. 

A trade is any exchange between crypto assets and fiat or between crypto asset types that is to be reported; records are to be made of movements between addresses or accounts in the equivalent amount of fiat or other crypto assets. 

Due diligence obligations: self-disclosure, plausibility checks, enforcement 

Providers are subject to the obligations if they fulfil the condition of a provider and are based in Germany or if their home Member State according to MiCAR is Germany; domestic residency applies to operators. Providers will treat users as needing to be reported from the moment they are identified. 

For existing customers with a business relationship before 31 December 2025, providers do not have to obtain a valid self-disclosure and confirm its plausibility until 1 January 2027. 

Valid self-disclosures will contain the company name, address, countries of residence, tax identification numbers, details of active legal entities or exempt persons and functions of controlling persons; if necessary, self-disclosures of controlling persons must be provided. 

Enforcement takes place in three stages: reminder, formal warning, blocking of transactions that need to be reported after sixty to ninety days if the self-disclosure is not provided. 

Reporting obligations and procedures 

Providers will report annually to the Federal Central Tax Office (BZSt) by 31 July at the latest for the previous calendar year. They are to report the master data and detailed transaction information for each user to be reported and for each controlling person. Reports will be transmitted electronically in accordance with the officially prescribed data set via official interfaces. 

Sanctions regime and law enforcement 

Administrative offences include violations of self-disclosure, plausibility checks, identification of controlling persons, enforcement obligations including blocking, reporting obligations and record-keeping obligations as well as registration. The maximum fine is EUR 50,000. 

To-do list for traders, financial managers, tax managers 

• Define governance: responsibilities, escalations, dual control principle. 
• Consolidate data record: master data, transaction data, mapping to reporting formats, traceability of processing. 
• Use AML/KYC bridges: connect KYC data for self-disclosure and plausibility checks for productive effect. 
• Existing customers by 1 January 2027: request self-disclosure, schedule reminders and formal warnings, configure blocking logic. 
• Set up IT interfaces: data set according to official specifications, secure transmission, error management, logging of records. 
• Check registration: Operators without a MiCAR licence must register with the Federal Central Tax Office (BZSt) on time. 
• Manage risk of fines: implement control framework for core obligations and records. 

Conclusion 

The German Crypto Asset Tax Transparency Act (KStTG) provides a coherent, practical set of rules that is compatible with European standards. With the law set to go into effect on 1 January 2026, every month of preparation counts towards implementing the subsequent notification efficiently. By setting up governance, data, processes and interfaces now, providers will minimise sanction risks and ensure compliance right from the start.