The European Union’s Directive 2021/514, better known as DAC7, introduces new reporting obligations for digital platform operators. It was designed to ensure fair taxation in the digital economy by requiring platforms to collect and share information on reportable sellers with EU tax authorities. The rules apply whether a platform is based inside or outside the EU, as long as it facilitates transactions involving EU sellers.
By covering relevant activities such as goods sales, rentals of immovable property, and personal services, the directive closes long-standing tax gaps and improves cross-border cooperation. For platform operators, this means building systems to identify sellers, verify their details, and provide accurate reports on an annual basis.
What is DAC7? (EU Directive 2021/514)
DAC7 is the latest update to the EU’s Directive on Administrative Cooperation (DAC), following earlier measures such as DAC6, which focused on cross-border tax arrangements. With the adoption of Directive 2021/514, the EU extended its framework to cover digital platforms and their role in facilitating economic transactions. One of the amendment’s goals is to create transparency, helping authorities to assess and compare income tax and VAT. DAC7 will also allow EU Member States to open joint audits on cross-border sales.
The directive came into force on 1 January 2023. From that date, platform operators were required to implement new systems for collecting and verifying seller information to avoid tax evasion. The first reporting cycle concluded with a deadline of 31 January 2024, covering the activities of reportable sellers from the previous year. Going forward, the same cycle applies annually, with reports submitted to a single EU member state, which then shares the data through the Automatic Exchange of Information (AEOI) system.
At its core, the directive ensures that income earned through digital channels does not slip under the radar of EU tax authorities. This strengthens the fairness of the tax system and helps close gaps created by the fast-moving digital economy.
Who Must Comply with DAC7?
DAC7 applies broadly to platform operators, regardless of where they are headquartered. The directive requires digital platforms operating in the EU as well as foreign platform operators to comply if they facilitate transactions involving EU sellers or customers within EU member states.
The types of platforms covered include:
- Marketplaces for goods such as eBay or Etsy.
- Platforms for personal services, from ride-hailing (Uber, Bolt) to food delivery (Wolt).
- Platforms that facilitate the rental of immovable property located within the EU, such as Airbnb or Peerspace.
- Platforms enabling vehicle rental or leasing, such as Getaround.
There are, however, some important exemptions. The directive does not apply to:
- Government entities.
- Publicly listed companies that already operate under strict transparency rules.
- Large-scale hotel or tour operators, which fall outside the scope of “reportable sellers.”
- Casual sellers, defined as individuals with fewer than 30 transactions per year and less than €2,000 in total sales.
By drawing these distinctions, the EU aims to strike a balance: ensuring oversight of high-volume commercial activity, while excluding occasional or low-value transactions from burdensome compliance.
What Information Must Be Reported Under DAC7?
To comply with DAC7, platform operators must collect a standard set of information about reportable sellers.
The required data covers three main areas:
- Identity details such as the seller’s full name, date of birth (for individuals), and primary address.
- Tax and business details, including the Tax Identification Number (TIN), VAT number, or business registration number for legal entities.
- Financial and activity details such as bank account or IBAN, the total consideration credited during the year, and any fees or commissions withheld.
For sellers renting out property, additional information is required: the property address, land registry number, and the number of rental days.
These reporting obligations go beyond simple record-keeping. They require digital platform operators to verify seller data thoroughly, often using business verification services or KYB onboarding tools that overlap with standard due diligence practices.
DAC7 Reporting Process & Deadlines
Each stage is clearly defined, with strict timelines that platform operators must meet to avoid penalties. The process combines elements of KYC, tax reporting, and regulatory oversight, making it essential for digital platform operators to have reliable systems.
Process
| Step | Description |
| Data collection | Starts when sellers join the platform and continues year-round. Operators must gather personal details, tax information, and business identifiers through onboarding and ongoing KYC checks. |
| Verification | Operators confirm IDs, proof of address, and tax numbers to ensure accuracy. This step makes the data reliable for submission. |
| Reporting | Information is submitted via an XML schema to one EU member state, which then shares it with other EU tax authorities under the Automatic Exchange of Information (AEOI) framework. |
Deadlines
| Requirement | Details |
| Annual submission | Must be filed by 31 January each year, covering the previous year’s activities. |
| Seller report | Platforms must provide sellers with their report before submission, giving them a chance to review or correct data. |
| Data retention | Information must be stored securely for five years, available for audit if requested. |
Timeline Overview
| Reporting Period | Obligation |
| Jan–Dec | Collect and verify seller data through KYC and due diligence. |
| By Jan 31 | Submit the final report to the chosen tax authority. |
| Ongoing | Retain seller data securely for five years and ensure compliance systems remain up to date. |
Compliance with these steps often requires more than manual processes. Many digital platform operators rely on AML software and enhanced due diligence systems to reduce errors, speed up onboarding, and manage large reporting volumes.
GDPR and Data Protection Under DAC7
DAC7 obligations must be met in tandem with data protection rules. Under GDPR, platforms must process seller information on the legal basis of compliance with EU law, while respecting principles such as data minimisation and transparency. Sellers need to be informed about what data is collected, how it will be used, and how long it will be stored.
The law also limits retention to a maximum of five years and requires operators to maintain appropriate security safeguards. Because some of the Anti-money laundering documents required for CDD and KYB checks overlap with DAC7’s verification requirements, platforms can streamline efforts by aligning their tax reporting with existing AML compliance frameworks. In practice, this often means connecting DAC7 reporting to systems already used for AML case management or seller onboarding, reducing duplication while ensuring both tax and financial regulations are met.
DAC7 Penalties and Enforcement
Nature of penalties:
Failure to meet reporting obligations can trigger a range of consequences. The most common are administrative fines, which vary by member state but can be significant enough to disrupt operations. Some jurisdictions apply one-off penalties for late or incomplete filings, while others impose daily fines until the missing information is provided.
Operational consequences:
In addition to financial sanctions, platforms that repeatedly fail to comply risk suspension or even exclusion from operating in certain EU markets. For digital platform operators, this not only affects revenue but can also damage long-term trust with regulators, sellers, and customers. Banks and payment providers may also consider non-compliance a red flag, creating indirect but serious business risks.
Member state differences:
Because DAC7 leaves enforcement to individual countries, the size and structure of penalties are not uniform. A platform operator active across multiple jurisdictions must therefore be prepared to handle different reporting standards and enforcement styles. What is considered a minor delay in one country may trigger heavy fines in another.
Why compliance matters:
Beyond the immediate financial impact, failure to comply can create reputational damage that is hard to repair. Sellers may leave a platform that appears unreliable, while regulators may impose stricter oversight. By investing in strong reporting workflows, business verification services, and AML compliance tools, operators reduce the risk of penalties and strengthen their standing in the EU market.
Steps to Ensure DAC7 Compliance
Meeting DAC7 requirements can feel complex, especially for large platforms managing thousands of sellers. Breaking the process into clear steps helps operators focus on what matters most:
Scope assessment and seller mapping
Begin by identifying which activities on your platform fall under DAC7. This includes sales of goods, provision of personal services, vehicle rentals, and immovable property rentals. Mapping out reportable sellers early prevents last-minute gaps when deadlines approach.
Update your data model
Review what information you currently collect from sellers and compare it to DAC7 requirements. You may need to add new fields such as TIN, VAT numbers, or bank account identifiers. Building these into your onboarding flows ensures compliance becomes part of everyday processes.
Seller onboarding and re-verification
DAC7 demands accurate, verified data. That means reviewing existing records and updating them where necessary. Many platforms are turning to business verification services and KYB onboarding solutions to automate checks and reduce the risk of manual errors.
Design a reporting workflow
Reports must be filed using the XML schema defined by EU tax authorities. Platforms should build or integrate systems that can automatically generate these reports, check for errors, and ensure submission before the deadline.
Assign internal responsibility
Appoint a compliance or tax lead who owns the DAC7 process. Having a clear internal contact ensures accountability and prevents tasks from falling through the cracks.
Evaluate vendor and outsourcing options
Not every platform has the resources to manage reporting obligations in-house. Partnering with providers of AML software or best transaction monitoring software can ease the burden of compliance.
Testing and audit trail
Before each reporting cycle, test your systems and workflows to make sure they function correctly. Keep an audit trail of how seller data was collected, verified, and submitted. This is essential if your platform ever faces an inspection.
By following these steps, digital platform operators not only stay ahead of DAC7 but also strengthen their overall compliance framework. Aligning tax transparency efforts with broader AML compliance and enhanced due diligence practices creates efficiency while reducing regulatory risk.
Last Thoughts
This directive represents a major step toward greater fairness in the digital economy. It creates clear obligations for platforms while giving authorities better oversight of online transactions.
Non-compliance carries risks beyond fines, including reputational harm and business disruption. The positive side is that streamlined processes and automation can make compliance manageable, helping companies build trust with both users and regulators.
FAQ
