Do Exchange Withdrawals to Self-Custody Get Reported Under DAC8?

TL;DR: Withdrawing crypto from a centralized exchange to a self-custody wallet changes who controls the asset: the private keys are now yours, and the exchange no longer custodies those funds. But it does not erase the exchange’s historical withdrawal records, nor does it remove domestic tax-reporting obligations. DAC8 automatic reporting is not the same as sending every wallet address and transaction hash to the tax authority; it is generally more focused on reportable user and transaction data. However, exchanges may still retain more detailed withdrawal information under AML/TFR rules, and tax authorities may request additional records in specific cases. A safer way to think about this is in layers: custody, exchange records, DAC8 reporting, other information channels, and personal tax obligations. Users should treat this as general information and confirm their own position with a qualified tax adviser.

---

Why this question keeps coming up

We’re DeGate. We make a multichain self-custody crypto wallet. Since DAC8 transposition into EU member-state law became concrete in late 2025, one question has appeared repeatedly in public crypto discussions:

“If I withdraw from an exchange to a self-custody wallet, does DAC8 report it?”

In crypto discussions, people often phrase this as “CEX withdrawals to self-custody” — the same question, different vocabulary. The useful answer is that the question is too compressed. It collapses at least five distinct things — custody, the exchange’s internal record, the automatic DAC8 report, additional access channels the authority may have, and your ongoing tax obligations — into a single yes-or-no. Each layer answers differently. Some published summaries say “yes, your wallet address will be reported”; others say “no, self-custody is private from DAC8.” Both can sound right and both can mislead, because they’re often answering different layers at the same time.

This reference walks through those five layers so you can ask better questions of a qualified advisor in your jurisdiction. We’re not your commercialista, your Steuerberater, or your asesor fiscal. We work on a self-custody wallet, and we want to be straight about what self-custody changes and what it doesn’t.

---

The useful answer has five parts

Most confusion about DAC8 and self-custody comes from treating four or five different questions as one question. Pulling them apart is the single most useful thing a non-specialist can do before talking to an advisor.

1. Self-custody changes control. When you withdraw from an exchange to a wallet you control, the private keys to that asset are now in your hands. The exchange no longer holds those assets on your behalf. They’re no longer entangled in any future exchange bankruptcy, freezing order, or platform-side restriction. This is a real change and it’s what self-custody means.

2. The exchange-side record remains. The withdrawal is an event the exchange recorded when it processed your request. That record lives in the exchange’s books and in any KYC/AML files associated with your account. Moving the asset doesn’t erase the record of the move. From 2026 onward, an in-scope reporting CASP is also required to compile DAC8 reporting data for reportable users.

3. Automatic DAC8 reporting is narrower than CASP-held data. What flows automatically from the exchange to your tax-residence authority under DAC8 is not a copy of everything the exchange holds about you. It’s a specific schema — aggregate transaction data per asset type, with classifications and flags. Automatic reporting should not be confused with every piece of information a CASP retains internally.

4. Authorities may have additional access channels. A tax authority’s automatic DAC8 feed is one route to information. National authorities typically have separate information-request powers, outside automatic reporting, to request additional data that a CASP holds. These channels are jurisdiction-specific and case-specific.

5. National reporting obligations follow the resident, not the venue. Wherever your assets sit — exchange, self-custody hardware wallet, smart-contract wallet — your declaration obligations are obligations of the resident taxpayer. DAC8 changes what the tax authority knows. It does not change what the taxpayer is required to declare under their national rules.

The short version:

Self-custody changes who controls the asset going forward. It does not erase the exchange-side record of how the asset left the platform. Automatic DAC8 reporting should not be confused with every piece of data a CASP may hold. And none of this removes national reporting obligations that apply to the resident taxpayer.

These layers are not in conflict. They sit on top of each other. A statement like “DAC8 reports your wallet address” is too compressed because it doesn’t say which layer it’s talking about. A statement like “self-custody is private from DAC8” is too compressed for the same reason. The honest answer is layered.

---

What DAC8/CARF-style reporting actually captures

DAC8 — formally Directive (EU) 2023/2226 — aligns EU reporting rules for crypto-assets with the OECD’s Crypto-Asset Reporting Framework (CARF). EU member states transposed it into national law by 31 December 2025. Italy transposed it through D.Lgs. 194/2025, published in the Gazzetta Ufficiale on 22 December 2025; Germany, France, Spain and other member states transposed via their own implementing legislation. Data collection began on 1 January 2026. Under the directive timeline, the first cross-border information exchange between EU member states is scheduled for completion by 30 September 2027, covering 2026 calendar-year data.

The reporting obligation falls on Reporting Crypto-Asset Service Providers (RCASPs) — regulated centralized exchanges, custodial wallet providers, broker-dealers, and certain identifiable operators of crypto-asset services. Non-EU CASPs serving EU residents should not be assumed to sit outside the DAC8/CARF reporting perimeter. Depending on their structure and jurisdiction, they may be brought into reporting through an EU registration route or through CARF-equivalent reporting in a partner jurisdiction.

The OECD published the CARF XML Schema User Guide in October 2024 and has updated it since. The schema is built around aggregated transaction data, not raw transaction-level disclosure. For each reportable user, an RCASP reports:

• Identity data — full name, address, jurisdiction(s) of tax residence, tax identification number (TIN), date of birth, and additional KYC fields
• Aggregate transaction data per crypto-asset type — aggregate fair market value in fiat, number of units, transaction count
• Transaction classification by category — including, where applicable, crypto-to-fiat exchanges, crypto-to-crypto exchanges, reportable retail payment transactions above USD 50,000, transfers, and other reportable crypto-asset activity

Platform implementation matters. Low-value rewards, staking income, lending yield, or interest-like credits should not be assumed to sit outside reporting simply because they are small or automated. Depending on the product structure and the RCASP’s reporting implementation, they may be reflected in the aggregated data it compiles.

The transfer category is where a CEX-to-self-custody withdrawal lives. The schema captures it as transfer activity, classified by whether the destination is a wallet inside the regulated CASP ecosystem or outside it. The original CARF proposal published in March 2022 included a requirement to report the specific destination wallet address; that element was removed from the final rules following industry consultation, and the current schema is built around aggregate value plus the regulated-vs-non-regulated classification.

This is the layer where some summaries describe DAC8 as “reporting your wallet address.” That phrase is too compressed. The automatic schema flow is not best described as a wallet-address feed to your tax office.

But — and this is the part that gets lost when the schema is discussed in isolation — the automatic flow is not the only relevant channel. The next two sections cover what else is happening alongside DAC8 reporting.

---

What the EU Travel Rule changes about wallet-address data

The EU Transfer of Funds Regulation — Regulation (EU) 2023/1113, in force since 30 December 2024 — is a separate framework from DAC8 with a different purpose. TFR is an anti-money-laundering rule; DAC8 is a tax-information rule. They operate in parallel, and together they shape what a CASP holds about a customer’s transfers.

Under TFR, CASPs must collect, accompany, and retain originator and beneficiary information for crypto-asset transfers, generally without a de minimis threshold. For transfers involving self-hosted wallets above €1,000, CASPs must also assess, where applicable, whether the address is owned or controlled by the customer involved in the transfer.

What this means in practice for a CEX-to-self-custody withdrawal: for a withdrawal to a self-hosted wallet, the CASP will generally process and retain information that includes the destination wallet address, as part of its TFR/AML record-keeping. This is data the CASP holds, separate from what flows automatically under DAC8. It’s not transmitted to a tax authority by default through DAC8’s automatic schema. But the CASP holds it.

This is why “is my wallet address reported?” doesn’t have a clean yes-or-no answer. The automatic DAC8 feed is structured around aggregate categories. The TFR/AML layer involves CASP-held address-level records. They’re separate channels with separate purposes — and treating either one as the whole picture misreads the regime.

---

What authorities can request outside automatic reporting

Tax authorities generally have information-request powers that operate outside automatic reporting frameworks. The specifics vary by member state, but the general structure is the same across EU jurisdictions: in addition to data the authority receives automatically under DAC8, it can issue targeted information requests to a CASP for additional data the CASP holds — including data not part of the automatic schema.

This is the third channel. It’s not automatic; it’s case-specific. But for a resident whose situation prompts a closer look, the combination of automatic DAC8 data plus targeted information requests can substantially close the gap between what’s reported by default and what the CASP holds in total.

We’re not in a position to summarize how each EU member state’s authority uses these powers in practice for crypto cases. That’s a question for a qualified advisor familiar with the local enforcement environment. The point of mentioning the channel here is that any analysis of DAC8 self-custody data visibility that only discusses the automatic schema is structurally incomplete.

---

Where the report goes

DAC8 reporting works through a CASP’s reporting member state — the EU member state in which the CASP is registered or authorized for DAC8 reporting purposes. From there, the information either reaches the user’s tax-residence authority directly or via cross-border exchange.

Path A — CASP reports in the user’s member state of residence. If the CASP’s reporting member state is the same as the user’s tax-residence member state, the report reaches that authority directly.

Path B — CASP reports in another EU member state. If the CASP reports in a different member state, that authority exchanges the information with the user’s tax-residence member state under DAC8. The first such cross-border exchange must be completed by 30 September 2027 for 2026 data.

Non-EU CASPs. Non-EU CASPs serving EU residents should not be assumed to sit outside the DAC8/CARF reporting perimeter. Depending on their structure and jurisdiction, they may be brought into reporting through an EU registration route or through CARF-equivalent reporting in a partner jurisdiction.

For an individual user, the practical consequence is similar across paths: the user’s tax-residence authority can receive the automatic data, either as the first reporting authority or through cross-border exchange. The path affects timing and procedure, not whether the data arrives.

---

What this means for Italian residents

For Italian residents specifically, the five layers map onto familiar Italian categories.

Custody changes when you withdraw to a self-custody wallet, but that does not exempt the asset from monitoraggio fiscale. Interpello AdE 181/2024 confirmed that cripto-attività held in self-custody fall within Quadro RW obligations regardless of where or how the assets are held. The exchange-side record of your withdrawal remains in the CASP’s books, and transfer activity may be reflected in the CASP’s DAC8 reporting data. The automatic DAC8 flow may surface transfer activity to the Agenzia delle Entrate as part of the 2027 exchange covering 2026 data; the TFR/AML layer means the CASP separately retains address-level information about the withdrawal. Italian reporting obligations — especially Quadro RW for monitoring, and Quadro RT where separate disposal activity creates capital-gains questions — apply to the resident taxpayer, not to the storage venue.

What this means in practice for an Italian resident planning their 2026 declaration: the five-layer model is the framework, but the specifics of how it applies to your situation — which transfers to declare, how to value them, what records to assemble, whether ravvedimento is relevant for past years — is a conversation for your commercialista. The point of separating the layers is so that conversation starts from accurate framing instead of from compressed media summaries.

---

Records to preserve on your side

Whatever your declaration obligations are in your member state, the underlying records you’ll need are similar. From any exchange you’ve used:

• Complete transaction history exports, including for accounts you’ve closed
• Year-end balances per asset, per account, per year
• Deposit and withdrawal records — fiat and crypto, including transaction hashes and destination addresses for outbound crypto transfers
• Trades, swaps, staking, lending, or rewards income within the platform
• The KYC entity and jurisdiction each account was registered under

From the self-custody side:

• Wallet addresses you’ve used, including externally-owned and smart-contract addresses
• Inbound transactions from CASPs you’ve used (these match the CASP-side withdrawal records)
• On-chain activity beyond simple holding — swaps, bridges, DeFi positions
• Year-end token balances per address

These records do two things. They let your advisor reconcile any cross-reference between your declared position and the data your tax-residence authority receives. And they’re useful even if no inquiry ever arrives — declaration accuracy improves when the underlying records are clean.

---

Common misreadings

“Self-custody means the tax authority can’t see it.”

The wallet itself is not directly covered by DAC8 — there’s no automatic reporting obligation imposed on a private key. But the bridge between regulated platforms and self-custody — your withdrawals from a CASP to your own address — sits at a regulated venue and is part of what the CASP records, retains, and may report.

“DAC8 reports my wallet address to the tax office.”

Too compressed. The automatic DAC8/CARF schema is built around aggregate transaction data, not address-level disclosure. But the CASP separately retains address-level information under TFR/AML rules, and authorities have additional information-request channels. Treating any one layer as the whole picture misreads the regime.

“I’ll just move everything off before 2026, and I’m safe.”

Two issues. First, the 2026 data-collection start date is for automatic reporting; authorities may have separate request powers for periods before 2026. Second, withdrawals to self-custody made in 2026 can be part of reportable transfer activity in the following cycle, so a 2026 migration should not be treated as invisible to the 2027 exchange.

“My exchange isn’t EU-based, so DAC8 doesn’t apply to me.”

Non-EU exchanges serving EU residents should not be assumed to sit outside the DAC8/CARF reporting perimeter. Depending on their structure and jurisdiction, they may report through an EU registration route or through a CARF partner-jurisdiction route.

“DAC8 introduces a new tax on crypto.”

It doesn’t. DAC8 is an information-sharing framework. It changes what the tax authority knows, not what is owed. The tax rules that apply to your crypto activity are the existing rules in your member state of residence, unchanged by DAC8.