DAC6 Update – November 2021

It has now been over 10 months since DAC6 has been in force in most EU member states and the UK. Here are some highlights from 2021.

DAC6 reporting

While reporting got off to a rocky start for some tax authorities, the teething problems are now over and tax authorities have begun reviewing the reports they have received. VinciWorks were in touch with many tax authorities, and here is a short reporting summary of a few key member states:

Germany: As of 11 October 2021, a total of 14,047 reports have been received and accepted by the Federal Central Tax Office (BZSt).

Finland: As of 15 October 2021, roughly 250 reports have been filed in Finland. The most frequently reported hallmark categories that have been reported are C and E.

Netherlands: As of 31 March 2021, there were 4,562 reports filed. 3,254 reports were from the original historic period. 1,042 reports were from the deferral period. 265 reports related to transactions from 1 January – 31 March 2021. 

Belgium: As of 22 March 2021, the Belgium Ministry of Finance received 535 reports.

Czech Republic: As of 12th October there were 141 DAC6 reports in the Czech Republic. The majority of reports were relating to Hallmark categories D1b, C1d and the E category.

Sweden: As of 30th June 2021, the Swedish Tax Agency received 486 reports. The majority of reports related to hallmark E2 and E3. 

Brexit

In light of the Brexit Fair Trade Agreement that passed through parliament on 30 December 2020, HMRC announced that there would be major changes in the UK’s approach to DAC6. HMRC is currently working on the UK MDR consultation document which will seek views from interested parties on the new rules. 

The EU Commission has removed the UK as a “concerned member state” in the DAC6 Central Directory Business Validation Rules. This means that the UK is no longer considered a member state for DAC6 reporting purposes in EU member states.

What’s next?

DAC6 is the EU’s approach to the OECD’s Mandatory Disclosure Regime, so we can expect that due to international pressure other countries will decide to participate in this initiative. We know that the UK, post-Brexit, will be keeping the OECD rules, and we expect that EU countries will use DAC6 to encourage more trade agreements in the future.

Over 60 leading firms are now using our DAC6 reporting tool. They include 7 of the top 10 law firms in the UK as well as leading accounting firms. 

VinciWorks also offers two DAC6 e-learning courses to help train staff on DAC6 and a new Knowledge Check is set to be released soon. Get in touch if you are interested. 

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.