Hong Kong's Inland Revenue Department published guidance on implementing the Crypto-Asset Reporting Framework, with reporting crypto-asset service providers required to register and commence due diligence requirements from 1 January 2027, ahead of Hong Kong's first automatic exchange of crypto-asset transaction information in 2028.
The Hong Kong Inland Revenue Department (IRD) has published new guidance outlining the implementation of the Crypto-Asset Reporting Framework (CARF) in Hong Kong.
This follows after the Hong Kong Inland Revenue Department announced that the Inland Revenue (Amendment) (Crypto-Asset Reporting Framework and Amended Common Reporting Standard) Bill 2026 would be gazetted on 22 May 2026 and introduced to the Legislative Council on 3 June 2026. The bill aims to implement the Crypto-Asset Reporting Framework (CARF) and updated Common Reporting Standard (CRS) requirements developed by the OECD in Hong Kong.
CARF is an OECD tax transparency standard developed in 2023 for the automatic exchange of crypto-asset transaction information. Reporting Crypto-Asset Service Providers (RCASPs) must complete due diligence and report annually to tax authorities.
Hong Kong’s government has committed to its first automatic exchange under CARF in 2028, conditional on domestic legislation being in place by 2026. The Inland Revenue (Amendment) (Crypto-Asset Reporting Framework and Amended Common Reporting Standard) Bill 2026 was gazetted on 22 May 2026 and had its First Reading in the Legislative Council on 3 June 2026.
Subject to passage, CARF amendments take effect from 1 January 2027, while amended CRS amendments take effect from 1 January 2028. RCASPs meeting Hong Kong nexus criteria face registration, due diligence and reporting obligations from 1 January 2027, and may outsource these obligations to service providers.
Scope of crypto-assets covered
A crypto-asset is a digital representation of value secured by distributed ledger technology, covering both fungible and non-fungible tokens. “Relevant crypto-assets” exclude central bank digital currencies, specified e-money products, and assets that RCASPs determine aren’t used for payment or investment.
Individuals and entities subject to due diligence and reporting requirements
An RCASP is any business providing exchange services between crypto-assets and/or fiat currencies, as counterparty, intermediary, or platform operator, and may rely on existing AML/KYC documentation. Examples include dealers, crypto ATM operators, market-making exchanges, brokers, and resale/distribution entities.
Nexus rules
Hong Kong nexus arises through tax residence, incorporation, management, or a regular place of business (including branches) there. Where multiple jurisdictions apply, a cascading hierarchy prevents duplicate reporting.
Transactions subject to reporting
Reportable transactions are exchanges between crypto-assets and fiat currencies, exchanges between crypto-assets, and transfers of crypto-assets (including retail payments and external wallet transfers).
Reporting requirements
RCASPs report annually on reportable users/persons to the jurisdiction set by the nexus rules, including RCASP identification details, user/person identification (name, address, residence, TIN, etc.), and aggregated transaction data by asset type.
Due diligence requirements
RCASPs must obtain self-certifications from new customers at onboarding, and from pre-existing users within 12 months of CARF taking effect, without needing independent legal analysis of foreign tax law. Changed circumstances require a fresh certification. The Bill allows RCASPs to apply the same procedures to non-reportable users.
Reporting portal and mandatory registration requirement
A dedicated CARF Portal will handle submissions, with a data schema to follow. All qualifying RCASPs must register, regardless of whether they have reportable information, by 31 January of the year following the first meeting nexus criteria.
Record keeping requirements
RCASPs must keep due diligence and reporting-accuracy records for six years after the relevant return’s due date, an obligation surviving cessation or dissolution, with directors/trustees remaining liable.
Penalty provisions
Offences include non-compliance, incorrect/incomplete information, and failure to notify the Department of inaccurate filings, with penalties scaled by days of continuing offence or number of affected users. False self-certification is a separate offence. An administrative penalty mechanism, with rights to representation and appeal to the Board of Review, is proposed as an alternative to prosecution.
Lists of reportable jurisdictions and partner jurisdictions
The Commissioner will publish and update lists of reportable jurisdictions (determining reportable users) and partner jurisdictions (determining reporting obligations), with timing to be announced.
OECD resources
Key OECD materials include the CARF/CRS standards (June 2023), CARF FAQs (updated December 2025), the implementation guide (November 2024), and the XML Schema User Guide (updated July 2025).
