If you run a crypto service provider in Spain, 2026 is the year two major regulatory frameworks hit simultaneously. DAC8 — the EU directive on automatic exchange of crypto tax data — took effect on January 1, 2026. MiCA authorization must be obtained from the CNMV by July 1, 2026. They are separate requirements, but they apply to the same firms and create compounding compliance costs.
What DAC8 Requires
DAC8 (Directive on Administrative Cooperation, 8th iteration) extends EU automatic tax information exchange to include crypto assets. In Spain, implementation falls under the AEAT (Agencia Estatal de Administración Tributaria) via Modelo 721 and the new Modelo 172 and 173 crypto reporting forms.
From January 1, 2026, any Reporting Crypto Asset Service Provider (RCASP) operating in Spain must:
- Collect and verify client identity information (including tax identification numbers) for every account holder
- Track transactions — buys, sells, exchanges, transfers — across all crypto assets in scope
- Report annually to the AEAT by January 31 of the following year, covering all transactions from the previous calendar year
- Submit Modelo 721 for clients holding more than €50,000 in crypto assets at December 31
Crypto Assets in Scope for DAC8
DAC8 covers a broad range of crypto assets as defined in MiCA, including:
- Bitcoin, Ethereum, and other fungible crypto assets traded on exchanges
- Asset-referenced tokens (stablecoins backed by assets)
- E-money tokens (stablecoins backed by a single fiat currency)
Out of scope: non-fungible tokens (NFTs) used as collectibles with no investment purpose, and certain closed-loop tokens used only within a specific ecosystem.
How DAC8 and MiCA Interact
Both frameworks apply to Crypto Asset Service Providers. This is not a coincidence — MiCA created the CASP category precisely to give regulators a defined set of entities to subject to additional requirements like DAC8.
The practical interaction:
- MiCA authorization is the license to operate. Without it, you cannot legally provide crypto services in Spain after July 1, 2026.
- DAC8 reporting is an ongoing obligation that runs in parallel. Even firms in the CNMV authorization process must comply with DAC8 from January 2026.
- The CNMV CASP application itself requires evidence of a compliance framework — which includes DAC8 procedures. Firms that have already built DAC8 infrastructure have a stronger application.
Penalties for Non-Compliance
DAC8 Penalties
The AEAT can impose administrative sanctions for failure to file, incorrect filing, or failure to collect required client data. For firms with significant transaction volumes, penalties can reach tens of thousands of euros per year of non-compliance.
MiCA Penalties
Operating without CNMV CASP authorization after July 1, 2026 constitutes a serious infringement under MiCA, with potential sanctions up to 5% of annual turnover or €700,000 — whichever is higher.
What Spanish Crypto Firms Need to Build
Meeting both DAC8 and MiCA requires overlapping but distinct infrastructure:
For DAC8
- Enhanced KYC collection including Tax Identification Numbers (NIF/NIE for Spanish clients)
- Transaction monitoring and ledger that can produce DAC8-compliant reports
- Client residency verification (DAC8 applies based on client tax residency)
- Annual report generation for Modelo 721, 172, and 173
For MiCA
- CNMV CASP authorization application and ongoing regulatory correspondence
- AML/CTF procedures updated to MiCA standards
- Client protection policies (asset segregation, complaints handling)
- Ongoing monitoring of EBA and CNMV guidance
Timeline Summary
- January 1, 2026: DAC8 data collection obligations begin
- January 31, 2027: First DAC8 reports due for 2026 transactions
- July 1, 2026: MiCA full enforcement — CNMV CASP authorization required
- Now (March 2026): CNMV application process takes 3-6 months — start immediately