From its earliest days, crypto’s most defining trait has been its complete indifference to borders. In the crypto world, value moves across jurisdictions as easily as data, typically without any intermediaries and with little to no regard for where a user is based.
While incredible for users, these types of transactions are a nightmare for tax systems. After all, they are built on the exact distinctions that crypto lacks: residency, source of income, and jurisdictional authority. Therefore, the two systems are entirely mismatched.
For years, this mismatch has left regulators stumped and forced them to play catch-up all the time. But with the introduction of OECD’s Crypto-Asset Reporting Framework (CARF), they have taken the most comprehensive steps yet to close that gap.
Namely, CARF standardizes how crypto transaction data is collected and shared across jurisdictions. As such, it aims to bring transparency to a market that has historically operated with rather limited oversight.
That said, while regulators are indeed doing their best to facilitate alignment, the industry itself is still lagging behind.
“The issue is structural, as many crypto firms lack the data architecture, operational discipline, and cross-border coordination mechanisms that CARF assumes already exist.”
As things stand at the moment, it seems that the vast majority of crypto firms are unprepared for this regulation. In this article, we examine why that is, and what needs to be done for matters to improve in the future.
What Is CARF?
At its core, CARF is a reporting regime. For one, it requires crypto-asset providers to collect detailed information on users and their transactions. Plus, it asks them to report that data to tax authorities who can, in turn, exchange it with their counterparts in other jurisdictions. In that sense, CARF mirrors the concept and logic of the Common Reporting Standard (CRS). It just extends it into a domain that was never really designed for centralized reporting.
Therefore, what makes CARF distinct is its scope. It is not limited to domestic activity or even just to firms incorporated within a given jurisdiction. Instead, it is based on user relationships and transactional flows, meaning that a single platform may face reporting obligations across multiple countries at the same time. In fact, this extraterritorial reach is what gives CARF its power. Unfortunately, it is also what makes it a pain to implement.
It is important to mention that CARF does not attempt to harmonize how crypto is taxed. In reality, it sidesteps that complexity by focusing on the data itself. The assumption is that, once tax authorities have consistent, high-quality data, enforcement can easily follow. Of course, whether that assumption holds depends on how well firms can operationalize the framework.
The Infrastructure Gap
Though legal interpretation is indeed a big issue with CARF, it is not nearly the biggest. Namely, the main problem is infrastructure.
Most crypto platforms were built to facilitate trading and liquidity. So, producing audit-grade reporting was never really the goal. As a result, the data these platforms collect is often insufficient for regulatory purposes.
We will use user identity as a clear example of the issue at hand. While many platforms implement KYC processes, the depth and consistency of that data can vary significantly depending on when and where users were onboarded. For instance, legacy accounts may lack key information, while cross-border users can present conflicting data on their residency. The problem is that CARF requires firms to make definitive determinations about who their users are and where they live, and these firms usually cannot provide that.
In the same vein, it is also necessary to mention transaction data. In traditional finance, transactions are relatively standardized and occur within controlled systems. But in crypto, a single user journey can involve multiple wallets, external protocols, and on-chain interactions that are not easy to categorize. In such circumstances, distinguishing between a taxable event and a simple transfer becomes rather difficult.
The real issue is that these are not simple outliers. Both of them are core features of how crypto operates. So, bringing that activity into a structured reporting framework requires a complete redesign of how data is captured, normalized, and stored.
The Cross-Border Data Problem
Now, even if firms can improve their internal data quality, CARF introduces yet another layer of complexity: cross-border coordination. Namely, crypto transactions typically require the exchange of information between multiple tax authorities, each with its own legal and technical requirements.
One immediate challenge is determining tax residency. Users can hold multiple residencies, relocate frequently, or interact through legal entities that obscure their ultimate tax position. At the same time, firms are expected to resolve these ambiguities with a level of certainty that their current systems are not equipped to provide.
All the while, data privacy laws impose constraints on how information can be collected and shared. Requirements tied to user consent, data storage, and cross-border transfers can conflict with the broad disclosure obligations envisioned by CARF. This, in turn, creates a tension that is not easy to resolve. After all, how are firms supposed to be both transparent and restrictive with the same data?
To add insult to injury, CARF is a framework rather than a single, uniform law. That means that jurisdictions will implement it differently, therefore introducing further variations in scope, timing, and enforcement. For global platforms, this creates even larger issues.
DeFi, Self-Custody, and the Reporting Blind Spots
We also have to note that CARF always assumes the presence of intermediaries. However, crypto increasingly operates without them. On the one hand, self-custodied wallets allow users to transact directly on-chain. On the other hand, decentralized exchanges and DeFi protocols facilitate trading and lending without a central operator, as their name suggests.
These structures create significant reporting blind spots. For one, if there is no identifiable service provider, it becomes unclear who bears the responsibility for reporting. Plus, even more legal and practical challenges arise when there are attempts to extend obligations to developers or interface providers.
The result is an incredibly uneven compliance landscape. Thanks to the fact that they are easiest to regulate, centralized exchanges will bear the bulk of the reporting requirements. Meanwhile, activity that migrates to decentralized or peer-to-peer channels will remain, at least partially, outside the system.
Operational Burden and Cost Pressure
From all the sections above, it is clear that CARF represents a significant operational burden for all firms within its scope. After all, compliance requires building or upgrading systems that can handle large volumes of sensitive data and produce standardized reports across multiple jurisdictions.
Obviously, doing so requires a lot of effort, as well as continuous improvements in the future. At the end of the day, regulatory requirements will evolve, and firms will need to adapt over and over again. So, maintaining compliance will become an ongoing operational function rather than a one-off project.
The cost implications of this are substantial. While larger platforms might have the resources necessary to make these changes, smaller firms will definitely struggle. This creates the risk of market consolidation, where only the richest players can meet the required standards.
Why Many Firms Are Still Behind
In the face of this huge challenge, many crypto firms remain underprepared.
Part of the reason behind this is timing. Namely, CARF is still in the process of implementation, and firms are still waiting for clearer guidance at the jurisdictional level before committing significant resources to making changes.
However, there is also a deeper issue. Historically, the industry has tended to prioritize growth and innovation over compliance. As a result, it operated in an environment where regulatory expectations were uncertain or inconsistently enforced. That legacy is reflected in today’s systems that are optimized for flexibility rather than control.
In some cases, firms might also be underestimating CARF and its scope. They see it as an extension of existing reporting obligations rather than a fundamental shift in how data must be managed. By the time that the realization of what the reality is sets in, the gap between current capabilities and regulatory expectations will be even more difficult to close.
What Does CARF Readiness Require?
From everything we have covered so far, it is clear that becoming CARF-ready requires rethinking core aspects of how a crypto business operates.
For starters, it’s necessary to standardize data architecture and establish clear definitions and consistent formats that support reliable reporting. Plus, it would be smart to ensure that identity systems identify jurisdiction-relevant information from the outset instead of attempting to reconstruct it later. Transaction monitoring must also undergo changes to go beyond simple record-keeping.
Second, it’s important to remember governance. If CARF is to succeed, compliance can no longer be treated as a peripheral function. Instead, firms must integrate it into product design, engineering decisions, and all their strategic planning. Though this shift will undoubtedly be uncomfortable for firms used to operating with menial constraints, it is entirely unavoidable.
Aside from reducing regulatory risk, companies that move early and start implementing changes on time will also build stronger relationships with users—especially those that value transparency.
Conclusion
In all the ways that matter, CARF marks a turning point in the relationship between crypto and the global tax system. For the first time, we have a coordinated effort to bring a borderless asset class within a structured reporting framework, and the task is as difficult as it is ambitious.
The main challenge CARF faces is that the industry it targets was not built with that framework in mind. That is why bridging the gap between decentralized, fast-moving systems and standardized, jurisdiction-based reporting will require a lot of effort.
Some firms will adapt to these new circumstances easily by investing in the infrastructure and processes needed to meet the new expectations. Others will definitely struggle, particularly if they lack the necessary funds to redesign their systems or simply do not see compliance as that important.
Therefore, what CARF ultimately forces is a shift in perspective. In a world where transparency is no longer optional, the ability to operate across borders comes with more obligations than ever before. Whatever the future holds, it is clear that the firms that recognize this fact early will be better positioned to successfully navigate it.
Organisation for Economic Co-operation and Development, Crypto-Asset Reporting Framework. 2023 https://www.oecd.org/en/publications/international-standards-for-automatic-exchange-of-information-in-tax-matters_896d79d1-en.html
Organisation for Economic Co-operation and Development, Crypto-Asset Reporting Framework: Frequently Asked Questions. 2025 https://www.oecd.org/content/dam/oecd/en/topics/policy-issues/tax-transparency-and-international-co-operation/faqs-crypto-asset-reporting-framework.pdf
CRS 2.0 and CARF: shaping global tax transparency in a digital age, available at https://www.ey.com/en_sg/technical/you-and-the-taxman/crs-2-0-and-carf-shaping-global-tax-transparency-in-a-digital-age
Pfister R., Birrer T., Extended application of the automatic exchange of information to crypto assets: what board members and trustees need to know about the OECD’s Crypto Asset Reporting Framework, Trusts & Trustees, Volume 31, Issue 6, July 2025, Pages 242–247, https://doi.org/10.1093/tandt/ttaf050
Luo, J. (2025). The Second Annual Blockchain Tax Conference on January 24, 2025: Ensuring Widespread Implementation of the Crypto-Asset Reporting Framework (CARF). The Contemporary Tax Journal, 14(1), 9. https://scholarworks.sjsu.edu/cgi/viewcontent.cgi?article=1265&context=sjsumstjournal
This site may reference or link out to external websites operated by third parties. These sites are independent from ADABA, and ADABA has no control over their content or activities. A link or mention should not be interpreted as an endorsement, partnership, approval, or recommendation of any third-party provider, nor does ADABA take responsibility for any of the products, services, or information they offer.
All content provided here is for general informational purposes only. Nothing in this material constitutes legal, tax, financial, or investment advice. Readers should seek guidance from qualified professionals before making decisions in any of these areas. ADABA accepts no liability for actions taken—or not taken—based on the use of the information provided here.
ADABA makes no representations or warranties regarding the accuracy, completeness, timeliness, or reliability of the information presented. We disclaim any responsibility for losses or claims arising from errors, omissions, or other issues contained in this material.