New reporting requirements for the crypto-asset sector to the State Tax Inspectorate starting in 2026

On January 1, 2026, the “Procedures for Reporting Data on Reportable Crypto-Assets Users to the State Tax Inspectorate” (the Procedures) came into effect. The Procedure implements amendments to the Law on Tax Administration adopted last summer, which implement the DAC8 Directive. These amendments impose an obligation on crypto-asset service providers and operators to register with the State Tax Inspectorate (STI) and to collect and, once a year for the preceding calendar year, submit information to the STI in accordance with the procedures and deadlines established by the STI regarding crypto-asset users (clients), the crypto-asset transactions they carry out, and the crypto-assets themselves.

Below is a brief overview of the most important provisions of the Procedures.

The obligation to provide data applies to two distinct groups of data providers

According to the Procedures, the obligation to provide data on crypto-asset users applies to:

• crypto-asset service providers – legal entities or other businesses whose work or business activities consist of the professional provision of one or more crypto-asset services to clients and which are authorized to provide crypto-asset services under the MiCA Regulation;
• crypto-asset operators – persons providing crypto-asset services who do not meet the requirements established for crypto-asset service providers (are entities or natural persons resident in Lithuania for tax purposes; or are entities established or otherwise organized under Lithuanian law and have legal personality in Lithuania or are required to file tax returns with the tax administrator; or are entities controlled from Lithuania, or are entities or natural persons whose place of business is in Lithuania).

Exception for data providers in another European Union member state

If the data provider (crypto-asset operator) has already fulfilled the requirements set forth in the Procedures in another European Union member state or in a qualified non-European Union jurisdiction where they are a tax resident, they are no longer required to submit this data to the STI or undergo a comprehensive audit in Lithuania.

Mandatory registration for crypto-asset operators prior to data submission

Crypto-asset operators, who are considered data providers, must register with the STI no later than May 31 of the year following the period for which the data is being submitted. The first registration must be completed by May 31, 2027.

If a crypto-asset operator meets the criteria set forth in the Procedures in several European Union member states, it may register in one of them and be exempt from registration in Lithuania. The STI shall notify the European Commission within 20 days if the operator fails to register or if the registration is revoked.

Data providers must submit information about both themselves and their clients

Crypto-asset service providers and crypto-asset operators must provide the STI with information about themselves, their clients – crypto-asset users, their crypto-asset transactions (exchanges, transfers, settlements exceeding $50,000 or the equivalent in any other currency), and the crypto-assets themselves, which are used for payment or investment purposes.

Failure to comply with data reporting obligations can be very costly

Data must be submitted annually by May 31 for the preceding calendar year, with the first submission due by May 31, 2027, for the year 2026. In addition, data providers must retain records and evidence of their actions for at least 5 years and inform individuals about the processing of their data in accordance with European Union regulations.

If a crypto-asset user, despite two reminders from the service provider, fails to provide the required information within 60 days of the first reminder, the crypto-asset service provider must suspend the execution of reportable transactions for such a user, and transactions will only resume upon receipt of all missing information. Meanwhile, a crypto-asset operator that fails to fulfill its obligation to provide information may have its registration with the STI revoked after two reminders from the STI: the decision is made no later than 90 days after the first reminder and no earlier than 30 days after the second reminder; registration is reinstated only when the operator submits all required information.

If a crypto-asset operator fails to comply with the obligation to register with the STI, or if its registration has been revoked, and if, in coordinating actions aimed at ensuring compliance with registration and information reporting requirements, the member states of the European Union, inter alia, agree to prohibit the crypto-asset operator from operating in the European Union, the STI shall conduct an impact assessment and adopt a decision, by which it issues a mandatory order in accordance with the procedure established by the Law on Electronic Communications to block access to the website of this crypto-asset operator until the operator fulfills the obligation to register with the STI or re-registers if its registration has been revoked.

Crypto-asset service providers and operators who fail to comply with the obligation to provide information are, among other things, subject to administrative liability – a fine of between 1,800 and 3,800 euros may be imposed for the violation. A fine ranging from 3,800 to 6,000 euros may be imposed for a repeat violation. More importantly, an entity penalized with administrative liability for improper fulfillment of the data reporting obligation is deemed not to meet the criteria of a reliable taxpayer and is therefore placed on the list of unreliable taxpayers. This has significant legal consequences: longer statute of limitations for tax reassessments apply, participation in public procurement is restricted, VAT overpayments are refunded only after a longer period, and the issuance of licenses may be restricted, along with stricter tax supervision and other measures.

Therefore, it is important not only to submit the required data for 2026 but also to prepare your systems and adapt your customer data collection processes so that you can fulfill your obligations when the deadline arrives. Otherwise, failure to submit data or submission of incorrect data could be very costly.

It is mandatory to inform not only the STI but also your customers

Data providers must properly and timely inform individuals about the collection of their data, its transfer to the tax administrator, and other data processing activities carried out in accordance with the Procedures, ensuring compliance with all applicable personal data protection requirements.