Formal notices sent by the European Commission for DAC6 infringements

A letter of formal notice has been issued to 15 EU Member States by the European Commission relating to EU Directive 2018/822, which amends Directive 2011/16/EU, regarding the mandatory automatic exchange of information in the field of taxation in relation to reportable cross-border arrangements (DAC6).

Belgium, Cyprus, Czech Republic, Estonia, France, Greece, Italy, Latvia, Luxembourg, Poland, Portugal, Romania, Spain, Sweden, and the United Kingdom all received letters of formal notice, but there are no details about which aspect of implementation in each EU Member State has not been satisfied.

Many of the EU Member States failed to transpose the EU directive into local legislation before the 31 December 2019 deadline, which is obviously a red flag for the European Commission. Greece is the only country where draft legislation is still not publicly available.

What happens once a Member State receives a notice?

After receiving a letter of formal notice, EU Member States are expected to respond to the European Commission. In the event that the European Commission is not satisfied with the response and concludes that the EU Member State in question is still not fulfilling its obligations, the European Commission can send a “reasoned opinion” requiring compliance with EU law within 2 months of receipt. Should this still be insufficient, the European Commission can then refer the case to the Court of Justice of the European Union.

The first reporting deadline is only 6 months away. If you are an intermediary and haven’t begun your historic data trawl, what are you waiting for?

The DAC6 resource page

To help firms stay on top of DAC6 compliance, VinciWorks has created a resource page that contains free guides, on-demand webinars, brochures and more. The resource page is regularly and can be accessed here.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”