Automatic Exchange of Information on Crypto-Assets
Articles
Tax
Blockchain / Digital Assets
Taxes / Duties
Implementation of the OECD's Crypto-Asset Reporting Framework (CARF) in Switzerland
Thomas Linder
Tax Partner
Annika Lundin
Tax Consultant
Eric Sutter
Senior Tax Advisor
From 1 January 2026, individuals and legal entities offering crypto-asset services will be subject to the Crypto-Asset Reporting Framework (CARF) developed by the Organization for Economic Co-operation and Development (OECD). Switzerland has committed to implementing this international standard – with far-reaching consequences for providers.
1. What is the Crypto-Asset Reporting Framework (CARF)?
The CARF is an international standard developed by the OECD. Its main objective is to increase transparency in the area of crypto-assets and to close existing gaps in tax frameworks, especially in comparison to the Common Reporting Standard (CRS), which focuses on traditional financial assets. CARF is part of a global effort to increase tax transparency.
2. International implementation and Switzerland's position
According to the OECD's current list of March 13, 2025, 50 jurisdictions have signed the multilateral agreement on the automatic exchange of information regarding crypto-assets. These include the EU member states as well as major financial centers such as the United Kingdom, Singapore, the United Arab Emirates and the Cayman Islands. However, the United States of America has not signed the agreement and has announced its own national regulatory approaches.
Switzerland has committed to implementing the CARF - unfortunately without any in-depth political debate on the meaning and purpose of the regulation. The legal provisions are scheduled to enter into force on January 1, 2026. The first automatic exchange of information is planned for 2027 and will affect relevant transactions with crypto-assets from January 1, 2026.
The basis for Switzerland’s participation in the international exchange is, among other things, the dispatch adopted by the Federal Council on June 6, 2025, concerning the approval of data exchange with selected partner states. The planned exchange involves a total of 74 countries that, from Switzerland’s perspective, are considered particularly relevant in the area of crypto-asset transactions — including all EU member states, the United Kingdom, and the majority of G20 countries (with the exception of the United States, China, and Saudi Arabia). However, effective data exchange will only take place with jurisdictions that have implemented the CARF standard and meet the requirements for bilateral cooperation.
3. Who is a reporting crypto-asset service provider (RCASP)?
The reporting obligation under CARF applies to so-called Reporting Crypto-Asset Service Providers (RCASP). This includes individuals or legal entities that commercially offer services facilitating exchange transactions involving relevant crypto-assets (see section 4 below) for or on behalf of customers. A reporting obligation arises when the service is provided pursuant to a legal obligation, or when the provider exercises control over the execution of the exchange transaction, either directly or through sufficient influence - for example via a trading platform or a smart contract.
The following providers, among others, are deemed to be RCASPs if they offer commercial services for the execution of exchange transactions with relevant crypto-assets for or on behalf of customers (not an exhaustive list):
Banks;
Trustees;
Platform Operators: Companies that facilitate trading in relevant crypto-assets (e.g. crypto exchanges, OTC desks, brokers or crypto ATMs);
Intermediaries or Counterparties: Persons or companies that execute crypto transactions for or on behalf of clients (e.g., as commission agents, market makers or brokers);
DeFi Providers with Control or Influence: If smart contracts are controlled, parameterized or managed (e.g., via admin keys or governance tokens).
Providers with purely technical functions that are unrelated to the execution of exchange transactions do not qualify as RCASPs. This includes, for example, the mere transfer, custody, or management of crypto-assets as well as the provision of software or infrastructure that does not enable the independent execution of, or influence over, exchange transactions.
Parties that provide financial services in connection with the offer or sale of crypto-assets by an issuer are also not considered RCASPs.
4. Which relevant crypto-assets are subject to the reporting obligation?
The reporting obligation under CARF applies to so-called relevant crypto-assets. These are broadly defined in the standard as digital representations of a value that relies on a cryptographically secured distributed ledger technology (DLT) or similar technology to validate and secure transactions.
A crypto-asset is considered "relevant" if it can be used for payment or investment purposes. The decisive factor here is not the regulatory classification under financial market law, but the actual economic purpose of use.
The relevant crypto-assets include in particular:
Native tokens such as Bitcoin or Ethereum;
Stablecoins;
Tokenized assets or rights;
NFTs, provided they are tradable and fulfill a payment or investment purpose (e.g., fractional NFTs with market value);
Other tokens with a payment or investment purpose.
However, personal or non-tradable NFTs, such as digital collectibles without market value, or internal utility tokens that serve solely to access platform functionalities are not subject to the reporting obligation. Likewise, electronic means of payment (e-money), including prepaid cards and e-money accounts, as well as central bank digital currencies (CBDCs), are expressly excluded from the reporting scope.
Exchange transactions involving only non-relevant crypto-assets do not give rise to a reporting obligation under CARF. By contrast, if a relevant crypto-asset is exchanged for a non-relevant crypto-asset, the transaction must be reported to the extent that it involves the relevant crypto-asset. The decisive criterion is whether a relevant crypto-asset is part of the exchange transaction.
5. Which transactions must be reported?
The reporting obligation under CARF applies not only to traditional trading in crypto-assets, but also to a range of other transaction types in which relevant crypto-assets are transferred or exchanged. The aim is to provide the tax authorities with a complete picture of the economically relevant activities in connection with crypto-assets.
The following must be reported:
Exchange transactions in which cryptocurrencies are exchanged for other cryptocurrencies or for fiat money (e.g., fiat ↔ crypto, crypto ↔ crypto, crypto ↔ fiat);
Transfers between two RCASPs;
Transfers from an RCASP to an external party (e.g., payout to self-custody wallet) and vice versa;
Internal transfers between different users on the same platform of an RCASP.
Other transactions such as staking income, mining rewards or airdrops may also be reportable - depending on whether they represent an economically relevant increase in assets and whether they are carried out as part of a reportable service (e.g., via a platform or wallet with controlled access).
6. What must be reported?
An RCASP is required to submit structured information on all reportable transactions to the Federal Tax Administration (FTA) on an annual basis. According to the OECD’s User Guide for Tax Administrations, such reporting must be carried out using a standardized set of predefined transaction codes. The submission must include core identifying information, detailed transaction data, and aggregated amounts. Given the international nature of the reporting obligation, it is expected that RCASPs will be required to report in accordance with the OECD's prescribed format and technical specifications.
7. Duty of care and liability risk
RCASPs are obliged to comply with a number of statutory due diligence, reporting and record-keeping obligations. These obligations include the identification of users subject to reporting, the accurate classification of transactions and the timely and complete submission of data to the FTA.
Willful breaches of these obligations may result in fines of up to CHF 250,000, while negligent violations may be sanctioned with fines of up to CHF 100,000. Furthermore, failure to comply with the obligation to provide information to the FTA may lead to additional penalties—up to CHF 100,000 in cases of intent and up to CHF 50,000 in cases of negligence. Individuals who deliberately provide false or incomplete information to the FTA may be fined up to CHF 10,000.
In addition to the RCASP in question, individual members of governing bodies (e.g., boards of directors, foundation boards) may also be held personally liable if a breach of duty results in harm and can be attributed to a failure in their organizational or supervisory responsibilities.
8. What needs to be done?
If there are indications—or if it is already known—that your company falls within the scope of CARF regulation, the following steps and measures are essential to ensure compliance:
Impact Analysis: Begin by assessing the precise implications of CARF on your business model. This includes determining whether your entity qualifies as an RCASP and, if so, evaluating the extent to which your services involve reportable transactions.
Data Collection: As an RCASP, you are required to collect detailed information on your clients and their crypto-asset transactions as of January 1, 2026. This includes identifying customer information, transaction types, and transaction volumes. It is generally advisable to implement appropriate technical solutions to ensure reliable and automated data capture.
Reporting: The information gathered must be submitted to the FTA annually by June 30 of the following year. The FTA will review the data for completeness and accuracy and will exchange the information with relevant partner jurisdictions in accordance with international obligations.
Risk Management: Non-compliance with reporting or due diligence obligations may result in fines of up to CHF 250,000 (or up to CHF 100,000 in cases of negligence), pursuant to the Federal Act on the International Automatic Exchange of Information in Tax Matters (AIAG). Given the number of unresolved interpretative issues under CARF, it is strongly recommended to monitor ongoing regulatory developments, maintain up-to-date documentation, and record all compliance-related clarifications in writing.
The new requirements give rise to many practical questions, especially for VASPs, DeFi providers or established financial intermediaries with crypto exposure.
We are happy to support you in assessing your business activities in light of a potential classification as an RCASP, determining the scope of reportable information, and preparing the annual declaration of the relevant crypto-assets to the FTA.
