DAC6 Country Profile: Luxembourg

Register for our DAC6 email updates

Luxembourg Chamber of Deputies
In light of the COVID-19 pandemic, Luxembourg has taken the decision to defer DAC6 reporting by six months

We are publishing a series of guides on how each EU member state is implementing DAC6. The guide provides a preview to our full up-to-date country-by-country guide to DAC6.

Our next guide focusses on the Luxembourg’s implementation of DAC6.

VinciWorks is publishing a series of guides on how each EU member state has implemented DAC6. This blog was originally published in July 2020 and was updated in January 2021.

Has Luxembourg implemented DAC6?

Legislation Details

Luxembourg’s tax authority, Ministere des Finances (Ministry of Finance), published DAC6 legislation, called Loi du 25 mars 2020 relative aux dispositifs transfrontières devant faire l’objet d’une déclaration (Law of 25 March 2020 on cross-border arrangements to be reported), on 25 March 2020. 

Taxes covered

Luxembourg’s legislation covers cross-border arrangements. The legislation is in line with the EU Directive and does not include domestic arrangements or any additional hallmarks.

Legal Professional Privilege

Luxembourg exempts from reporting those intermediaries who are protected by legal professional privilege. This includes lawyers and law firms, certified accountants, and independent auditors. When an intermediary is bound by LPP, they must notify any other intermdiary involved, or if there are none, the relevant taxpayer, within ten days.

Reporting

The two options for reporting in Luxembourg are a filing procedure which should be available from 1 July 2020 via My Guichet (available in English, French, and German) or a “drag and drop” facility for a specific XML file, which should be available under the section “Dispositions pratiques, documents à consulter et autres liens utiles” of the DAC6 dedicated platform. Additional information regarding the reporting format will be
published by the Luxembourg Tax Authorities on a web page dedicated to this topic.

Forms are available in French, German and English, though some information must be submitted in English regardless of the language used for reporting.

Penalties

According to the law, the penalties for non-compliance with the DAC6 obligations amount to a maximum of EUR 250,000 (which is in line with the penalty applicable in the context of exchange of information).

Download country profile

DAC6 resource page

VinciWorks regularly publishes helpful guides, on-demand webinars and articles related to DAC6. These resources are regularly updated as HMRC and other authoritative bodies update their guidance on DAC6 implementation. We will also be adding all of our DAC6 country profiles to the resource page.

You can view all of our DAC6 compliance resources by clicking on the button below.

DAC6 resource page

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.