RSS 
Share
Printer View 
Home >
Tax Information - Individuals/Businesses
>
Double Taxation Relief and Exchange of Information Arrangements
Crypto-Asset Reporting Framework
- Overview
- Scope of crypto-assets covered
- Individuals and entities subject to due diligence and reporting requirements
- Nexus rules
- Transactions subject to reporting
- Reporting requirements
- Due diligence requirements
- Reporting portal and mandatory registration requirement
- Record keeping requirements
- Penalty provisions
- Lists of reportable jurisdictions and partner jurisdictions
- OECD resources
- Contact us
Overview
Crypto-Asset Reporting Framework (CARF) is a new tax transparency standard developed by the Organisation for Economic Co-operation and Development (OECD) in 2023. It provides for the automatic exchange of tax information on crypto-asset transactions with relevant jurisdictions in a standardised manner. Reporting crypto-asset service providers (RCASPs) are required to fulfil due diligence requirements, and collect and report required information to the relevant tax authorities on an annual basis.
To demonstrate its support for international efforts to enhance tax transparency and combat cross-border tax evasion, the Government has committed to conducting the first automatic exchange of tax information on crypto-asset transactions under CARF in 2028, on the condition that the necessary domestic legislation is in place by 2026.
The Inland Revenue (Amendment) (Crypto-Asset Reporting Framework and Amended Common Reporting Standard) Bill 2026 was gazetted on 22 May 2026 and introduced into the Legislative Council for the First Reading on 3 June 2026. Subject to the passage of this Amendment Bill, the legislative amendments concerning CARF and the amended Common Reporting Standard will be implemented from 1 January 2027 onwards and 1 January 2028 onwards respectively. RCASPs that meet any of the criteria in the nexus rules with Hong Kong will be subject to registration, due diligence and reporting requirements under CARF starting from 1 January 2027 and they may engage service providers in carrying out those obligations.
Click here to view the Press Release of 20 May 2026 regarding the gazettal of the Amendment Bill.
Click here to view the legislative amendments concerning the amended Common Reporting Standard.
Scope of crypto-assets covered
Under CARF, crypto-asset refers to a digital representation of value that relies on a cryptographically secured distributed ledger or a similar technology to validate and secure transactions. The crypto-asset must represent a right to value, and that the ownership of, or right to, such value can be traded or transferred to other individuals or entities in a digital manner. The definition of crypto-asset is functional and includes both fungible and non-fungible tokens.
Relevant crypto-assets are crypto-assets in respect of which RCASPs must fulfil due diligence and reporting requirements. Relevant crypto-assets refer to all crypto-assets, except the following:
- central bank digital currencies;
- specified electronic money products; and
- crypto-assets that, as adequately determined by RCASPs, cannot be used for payment or investment purposes.
Individuals and entities subject to due diligence and reporting requirements
Under CARF, any individual or entity that, as a business, provides a service effectuating exchange transactions (i.e. exchanges between relevant crypto-assets, as well as between relevant crypto-assets and fiat currencies) for or on behalf of customers, including by acting as a counterparty or as an intermediary to such exchange transactions, or by making available a trading platform, is an RCASP. RCASPs are in a position to collect and review the required documentation of their customers, including on the basis of anti-money laundering / know-your-customer (AML/KYC) documentation.
According to OECD, examples of RCASPs include:
- dealers acting for their own account to buy and sell relevant crypto-assets to customers;
- operators of crypto-asset automated teller machines (ATMs), permitting the exchange of relevant crypto-assets for fiat currencies or other relevant crypto-assets through such ATMs;
- crypto-asset exchanges that act as a market maker and take a bid-ask spread as a transaction commission for their services;
- brokers in relevant crypto-assets where they act on behalf of clients to complete orders to buy or sell an interest in relevant crypto-assets; and
- individuals or entities subscribing relevant crypto-assets from an issuer for reselling and distributing them to customers (if applicable).
A flowchart is available to assist you in assessing whether you or your entity is an RCASP under CARF. The flowchart is provided for reference only. For a comprehensive understanding of the CARF rules, you should refer to the relevant CARF materials published by OECD. You may also seek legal advice where necessary.
Nexus rules
An RCASP is subject to the due diligence and reporting requirements in a jurisdiction if the RCASP is:
- an individual or entity that is tax resident in the jurisdiction;
- an entity that is incorporated in or organised under the laws of the jurisdiction, and either has legal personality in the jurisdiction, or has an obligation to file tax returns to the tax authority in the jurisdiction with respect to the income of the entity;
- an entity that is managed from the jurisdiction; or
- an individual or entity that has a regular place of business in the jurisdiction, including a branch.
An RCASP is subject to the due diligence and reporting requirements in a jurisdiction implementing CARF with respect to the relevant transactions effectuated through a branch in that jurisdiction.
An RCASP may have nexuses in multiple jurisdictions and therefore be subject to due diligence and reporting requirements in more than one jurisdiction. CARF sets out a cascading hierarchy of the above criteria in the nexus rules to prevent an RCASP from being subject to duplicate reporting requirements in multiple jurisdictions.
Transactions subject to reporting
The following three types of transactions are relevant transactions that are reportable under CARF:
- any exchange between relevant crypto-assets and fiat currencies;
- any exchange between one or more forms of relevant crypto-assets; and
- transfer of relevant crypto-assets (including reportable retail payment transactions, other transfers to and by a reportable user, and transfers to external wallet addresses).
Reporting requirements
For each relevant calendar year or other appropriate reporting period, an RCASP must report the required information to the jurisdiction as determined by the nexus rules, with respect to its crypto-asset users that are reportable users (for individuals and entities) or that have controlling persons that are reportable persons (for entities only). A reportable user / reportable person refers to an individual or entity that is a tax resident in a reportable jurisdiction under the tax laws of that jurisdiction. The required information includes:
- identification information of the RCASP: name, address and identifying number (if applicable);
- identification information of each reportable user / reportable person: name, address, jurisdiction(s) of residence, taxpayer identification number(s), date and place of birth (if applicable), etc.; and
- aggregated transaction information for each type of relevant crypto-asset with respect to which the RCASP has effectuated relevant transactions during the relevant calendar year or other appropriate reporting period, including name of the type of relevant crypto-asset, gross amount paid/received or fair market value (if applicable), number of units and number of relevant transactions in respect of acquisitions and/or disposals against fiat currencies or other relevant crypto-assets, or transfers of relevant crypto-assets, etc.
Due diligence requirements
An RCASP must apply the due diligence procedures for identifying reportable users and reportable persons. The RCASP must obtain self-certifications from the crypto-asset users and controlling persons when taking in new customers and confirm the reasonableness of such self-certifications for identifying their jurisdictions of residence. In respect of pre-existing crypto-asset users, the RCASP must obtain self-certification and confirm its reasonableness by 12 months after the CARF rules have come into operation in the jurisdiction. The RCASP is not expected to carry out an independent legal analysis of the relevant tax laws to confirm reasonableness of the self-certification.
If there is a change of circumstances with respect to an individual or entity crypto-asset user (including its controlling person(s)) that causes the RCASP to reasonably know that the original self-certification is incorrect or unreliable, the RCASP should not rely on the original self-certification and must obtain afresh a valid self-certification, or a reasonable explanation and documentation supporting the validity of the original self-certification.
In the Amendment Bill, the Government proposes that an RCASP may apply the same due diligence procedures to crypto-asset users or controlling persons that are not reportable users or reportable persons.
Reporting portal and mandatory registration requirement
The Department will develop a dedicated portal (i.e. CARF Portal) to provide RCASPs with a secure, efficient and user-friendly channel for submitting CARF returns and information. Besides, the Department will publish the data schema specifying the data structure and format for reporting the required information to the Department. Further details will be announced in due course.
In the Amendment Bill, the Government proposes that all RCASPs meeting the nexus rules are required to register an account in the CARF Portal. The registration requirement applies irrespective of whether the RCASP has any CARF information to be reported to the Department. The registration must be made on or before 31 January of the calendar year following the calendar year in which the RCASP first meets any of the criteria specified in the nexus rules.
Record keeping requirements
In the Amendment Bill, the Government proposes that RCASPs meeting the nexus rules are required to keep sufficient records of:
- the evidence relied on and record of the steps taken for carrying out due diligence procedures in relation to crypto-asset users and controlling persons; and
- the information for ascertaining the correctness and accuracy of CARF information which is required to be reported to the Department.
Such records are to be kept for a period of six years after the due date of the CARF return to which the relevant information relates. The record keeping requirements apply, regardless of whether an individual or entity has ceased to be an RCASP or whether an RCASP has been dissolved. If an entity is dissolved and, at any time during the six years before its dissolution, it was an RCASP, every person who was a director of (or, if there was no director, every person who was a trustee of, or who was responsible for the management of) the entity immediately before its dissolution must ensure that the relevant record keeping requirement is complied with despite the dissolution.
Penalty provisions
In the Amendment Bill, the Government proposes that penalties will be imposed in respect of the offences committed by RCASPs and their service providers, including:
- non-compliance with registration, due diligence, reporting and other requirements;
- provision of incorrect or incomplete information; and
- failure to notify the Department of the discovery of misleading, false or inaccurate return, information or statements.
Penalties for certain offences committed by the RCASPs will be calculated based on the number of days of continuing offence after conviction or the number of crypto-asset users or controlling persons involved.
It is also proposed that any person who knowingly or recklessly provides misleading, false or incorrect information in a material particular in making a self-certification commits an offence.
In addition, an administrative penalty mechanism is proposed to be introduced as an alternative to prosecution for certain offences. Where an RCASP commits a relevant offence without reasonable excuse, the RCASP may be imposed a financial penalty in lieu of prosecution in respect of the same facts for which no prosecution has been initiated. The RCASP concerned has the right to submit written representation and evidence to explain his/her/its case before an assessment of financial penalty is made by the Commissioner personally or Deputy Commissioner personally, and has the right to appeal to the independent Board of Review on the assessment.
Lists of reportable jurisdictions and partner jurisdictions
In the Amendment Bill, the Government proposes that the Commissioner will be empowered to publish in the manner specified by him:
- the list of reportable jurisdictions – for determining whether a crypto-asset user or a controlling person of an entity crypto-asset user is a reportable user / reportable person; and
- the list of partner jurisdictions – for determining the jurisdictions where an RCASP is subject to the due diligence and reporting requirements under CARF.
The lists will be published and updated in due course.
OECD resources
Given that CARF is the International Standard for Automatic Exchange of Information in Tax Matters, OECD’s published materials on CARF are integral to implementation of CARF in Hong Kong. OECD has published the following rules, commentary, guidance on CARF as well as the user guide for the XML schema that supports the automatic exchange of information pursuant to CARF:
International Standards for Automatic Exchange of Information in Tax Matters: Crypto-Asset Reporting Framework and 2023 update to the Common Reporting Standard (published in June 2023)
Crypto-Asset Reporting Framework: Frequently-Asked Questions (updated in December 2025)
Delivering Tax Transparency to Crypto-Assets: A Step-by-Step Guide to Understanding and Implementing the Crypto-Asset Reporting Framework (published in November 2024)
Crypto-Asset Reporting Framework XML Schema: User Guide for Tax Administrations (updated in July 2025)
For more information, please refer to the OECD’s website about CARF.
Contact us
If you have any questions regarding CARF, please send your enquiry to the following e-mail addresses:
- General Enquiry: carf_gen@ird.gov.hk
- Enquiry relating to XML Schema: aeoi_it@ird.gov.hk