← Back to all briefings
Compliance 6 min read Published Updated Credibility 89/100

Policy Briefing — EU DAC7 Digital Platform Reporting Directive

The EU adopted Directive (EU) 2021/514 (DAC7), extending tax information exchange to digital platforms and obliging operators to identify sellers, collect revenue data, and report annually under harmonized due diligence and governance rules.

Zeph Tech Research Lead

Research lead, Zeph Tech

Timeline plotting source publication cadence sized by credibility.
2 publication timestamps supporting this briefing. Source data (JSON)

On 22 March 2021 the Council of the European Union adopted Directive (EU) 2021/514, commonly called DAC7, amending Directive 2011/16/EU on administrative cooperation in the field of taxation. The reform expands the EU’s automatic exchange of information regime to cover income earned through digital platforms, addressing perceived gaps where platform-mediated sellers avoided or underreported taxes. DAC7 obliges both EU and certain non-EU platform operators to perform due diligence on sellers, collect standardized data on consideration paid, and submit annual reports to national tax authorities starting in 2024 for the 2023 reporting period. Member states must transpose the directive into national law by 31 December 2022.

The scope includes platforms that facilitate the rental of immovable property, personal services, sale of goods, and rental of transport means. Marketplaces that merely process payments or list advertisements without concluding underlying transactions are generally excluded, but hybrid models must evaluate whether they "allow Sellers to be connected to other Users" in a manner that enables transactions. Failure to comply can lead to significant penalties under member-state law and potential suspension of platform operations within the EU.

Obligations for platform operators

Platform operators must identify "Reportable Sellers"—individuals or entities resident in the EU or renting property located in the EU—unless they fall into exclusion categories such as government entities, publicly traded companies, or high-volume hotel chains with more than 2,000 relevant activities per year. Operators must collect the seller’s name, address, Tax Identification Number (TIN), VAT and business registration numbers, date of birth (for individuals), financial account details, and consideration paid per quarter. For property rentals, platforms must record each property listing, including addresses and land registration numbers where available.

Due diligence procedures require verifying the accuracy of data using reliable third-party documents (e.g., government-issued identification, VAT certificates) or electronic interfaces (VIES, national business registers). Operators must complete due diligence for existing sellers by 31 December 2023 and for new sellers within 60 days of registration. They must monitor changes and request updates when information becomes outdated. Records must be retained for ten years, aligning with Article 25 of the directive.

Reporting and exchange mechanics

Annual reports are due by 31 January following the reportable period, using the OECD’s XML Schema for the Model Rules for Reporting by Platform Operators, which DAC7 aligns with. National tax authorities will automatically exchange the data with other member states via the EU’s Common Communication Network (CCN). Reports must include aggregate consideration per seller, number of relevant activities, fees or commissions deducted, and, for property rentals, the number of days rented.

Operators established in the EU report to the member state where they are resident or registered. Non-EU operators must either register in one member state or appoint an EU-based representative if they facilitate reportable activities involving EU sellers or property. Once registered, operators receive a platform operator identification number and must report for their entire EU footprint. Failure to register may result in a prohibition on operating within the EU market.

Governance and compliance implications

DAC7 demands cross-functional coordination between tax, legal, data protection, and engineering teams. Governance programs should establish:

  • Seller onboarding controls. Update registration workflows to capture required data fields, implement identity verification (KYC) checks, and create escalation paths for unresolved discrepancies.
  • Data quality management. Maintain audit logs, versioning, and validation rules in customer relationship management (CRM) or platform databases. Implement automated reminders and suspension policies for sellers who fail to provide information.
  • Reporting infrastructure. Build data warehouses or extraction pipelines that aggregate transaction data, fees, and taxes withheld. Map fields to the OECD XML schema and perform test submissions with national authorities ahead of go-live.
  • Policy documentation. Draft internal DAC7 compliance manuals outlining responsibilities, timelines, and penalty regimes. Provide board-level reporting on readiness milestones.

Tax departments should align DAC7 compliance with existing obligations such as VAT Mini One Stop Shop (MOSS), e-commerce package reporting, and country-by-country reporting. Integrating these programs reduces duplication and ensures consistent treatment of seller revenue across regimes.

Interaction with privacy and consumer law

Collecting additional seller data raises GDPR considerations. Platforms must establish lawful bases for processing (typically legal obligation), update privacy notices, and implement data minimization and security controls. Data subject rights—access, rectification, erasure—remain applicable, but erasure requests may be declined when data retention is required to meet DAC7 obligations. Platforms must also coordinate with consumer protection laws, ensuring that transparency about reporting obligations is incorporated into seller terms and onboarding materials.

Because DAC7 data will be exchanged across borders, operators should conduct Data Protection Impact Assessments (DPIAs) and review international transfer mechanisms if data is stored or processed outside the EU. Cybersecurity teams must enforce encryption, access controls, and monitoring aligned with NIS Directive expectations to prevent unauthorized disclosure of sensitive tax data.

Enforcement landscape

Member states have discretion to set penalties, but BEPS Action 1 guidance suggests substantial fines for non-compliance. Some jurisdictions, such as Germany and France, signaled that failure to report could lead to penalties exceeding EUR 500,000 per reporting cycle, alongside potential blocking orders. Tax authorities may perform inspections to verify due diligence procedures, and platforms must demonstrate documentation of verification steps and decision logs.

DAC7 also enables joint audits and simultaneous examinations among member states, increasing the likelihood of coordinated enforcement. Platforms should prepare for information requests and be ready to reconcile DAC7 reports with VAT filings, corporate income tax returns, and anti-money laundering (AML) records. Inaccuracies may trigger investigations under national tax evasion laws.

Roadmap for implementation leads

To meet the 2023 reporting obligations, organizations should pursue a structured plan:

  1. Assess scope. Determine whether the platform facilitates reportable activities and identify relevant legal entities. Monitor guidance from the European Commission’s DAC7 expert group and national tax authorities for sector-specific interpretations.
  2. Design data models. Map required fields to existing databases, identify gaps, and implement system changes to capture property addresses, bank details, and TINs. Coordinate with product teams to minimize friction while ensuring compliance.
  3. Implement verification workflows. Integrate electronic identity verification providers, cross-check VAT numbers via VIES, and create manual review processes for edge cases.
  4. Build reporting pipelines. Develop ETL processes to transform transaction data into the OECD XML format, perform validation, and securely transmit files via national portals. Establish controls for reconciliation and management sign-off.
  5. Train staff and communicate with sellers. Provide guidance to customer support and tax operations teams. Update seller FAQs, contract terms, and communication templates explaining the reporting regime, deadlines, and consequences of non-compliance.

DAC7 cements tax transparency expectations for the platform economy. Platforms that embed compliance into product design, invest in robust data governance, and maintain proactive dialogue with tax authorities will minimize enforcement risk and reinforce trust with regulators and users alike.

Timeline plotting source publication cadence sized by credibility.
2 publication timestamps supporting this briefing. Source data (JSON)
Horizontal bar chart of credibility scores per cited source.
Credibility scores for every source cited in this briefing. Source data (JSON)

Related briefings

Curated signals from the same pillar or overlapping topics.

Continue in the Compliance pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

  • DAC7
  • Tax transparency
  • Digital platforms
  • EU reporting
Back to curated briefings