Tax Information Authority (International Tax Compliance) (Crypto- Asset Reporting Framework) Regulations, 2025

(CRYPTO-ASSET REPORTING FRAMEWORK) REGULATIONS, 2025 PUBLISHING DETAILS Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 REGULATIONS, 2025 Regulation PART 1 - PRELIMINARY PART 2 - APPLICATION OF THE CRYPTO-ASSET Required reporting and due diligence for Cayman Reporting Crypto-Asset Service Obligation of Cayman Reporting Crypto-Asset Service Providers to notify certain Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 PART 3 - OFFENCES AND PENALTIES General offences and defence Criminal liability of directors etc. of Cayman Reporting Crypto-Asset Service Providers Fines and criteria for imposing fines for offences under this Part PART 4 - COMPLIANCE Administrative penalties and safeguards for them Procedure for imposing penalty Appeals PART 5 - MISCELLANEOUS Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 Regulation 1 REGULATIONS, 2025 In exercise of the powers conferred by section 25 of the Tax Information Authority Act (2021 Revision), the Cabinet makes the following Regulations — PART 1 - PRELIMINARY Citation and commencement (1) These Regulations may be cited as the Tax Information Authority (International Tax Compliance) (Crypto-Asset Reporting Framework) Regulations, 2025. (2) These Regulations come into force on 1st January, 2026. Definitions (1) In these Regulations — “accurate”, in relation to information provided, means the information is correct and reliable; “adequate”, in relation to information provided, means the information contains the details specified in the relevant regulation; and Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 “appeal” means an appeal under regulation 31 and any further appeals relating to the decision on such an appeal; “breach notice” means the notice referred to in regulation 28; “Cayman Islands Monetary Authority” means the authority referred to in section 5 of the Monetary Authority Act (2020 Revision); “Cayman Reporting Crypto-Asset Service Provider” means — (a) a Reporting Crypto-Asset Service Provider resident in the Islands other than any of its branches outside the Islands; or (b) a branch in the Islands of a Reporting Crypto-Asset Service Provider not resident in the Islands; “change of circumstances” includes — (a) a change in information relevant to the status of a Crypto-Asset User or Controlling Person; and (b) a change that otherwise conflicts with the status of the Crypto-Asset User or Controlling Person; “Commentary” means the Crypto-Asset Reporting Framework Commentary referred to in regulation 3; “company” means — (a) a company as defined under section 2 of the Companies Act (2025 Revision); (b) a foreign company registered under the Companies Act (2025 Revision); or (c) a limited liability company; “continuing penalty” means the penalty referred to in regulation 23(2); “contravention”, in relation to a provision pertaining to an offence or a penalty, means the act or omission that constituted the offence and to which the penalty relates; “Crypto-Asset Reporting Framework” means the standard for automatic exchange of information relating to Crypto-Assets developed by the Organisation for Economic Co-Operation and Development, which is set out in the Schedule; “current”, in relation to information provided, means the information is as up to date as reasonably practicable and incorporates any information relating to a change of circumstance that occurred within the period to which the return, the declaration, or any other information relates; “declaration” means a declaration referred to in regulation 9(2)(b); “designated person” means a person designated as the Authority or a person designated to act on behalf of the Authority under section 4 of the Act; Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 “electronic address” includes an email address and the address of a digital mailbox; “electronic agent” has the meaning assigned by section 2 of the Electronic Transactions Act (2003 Revision); “electronic portal” means the Authority’s electronic portal for the automatic exchange of information; “exempted limited partnership” has the meaning assigned by section 2 of the Exempted Limited Partnership Act (2025 Revision); “give”, in relation to a notice or information, includes to deliver, provide, send, transmit or make the notice or information, as applicable; “government entity” includes a ministry or portfolio of the Government, the Cabinet Office, Office of the Director of Public Prosecutions, the Office of the Ombudsman, the Audit Office, the Parliament, a statutory body established under the laws of the Islands and a public authority; “limited liability company” has the meaning assigned by section 2 of the Limited Liability Companies Act (2025 Revision); “limited partnership” means a limited partnership registered under section 49 of the Partnership Act (2025 Revision); “notice” means written information given, or to be given, electronically or by another mode of communication; “official website” means — (a) the website of the Department for International Tax Cooperation; (b) any website of the Authority; or another Government website about international tax cooperation; “Organisation for Economic Co-Operation and Development” means the Organisation for Economic Co-Operation and Development which was established by the Convention on the Organisation for Economic Co-operation and Development signed in Paris on 14th December, 1960; “party”, in relation to a provision about a penalty or proposed penalty, means the person on whom the penalty has been imposed or is being considered to be imposed; “penalty” means a penalty imposed under regulation 23, reconsidered under regulation 33(2)(b) or deemed under regulation 33(3); “penalty notice” means the notice referred to in regulation 30; “primary penalty” means the notice referred to in regulation 23(1); “principal point of contact”, in relation to a Cayman Reporting Crypto-Asset Service Provider, means the person most recently notified under regulation 8 as its principal point of contact; Regulation 3 Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 “public authority” has the meaning assigned by section 2 of the Public Authorities Act (2020 Revision); “relevant scheduled Agreement” means an agreement that permits the automatic exchange of information for tax purposes and that is set out in a Schedule to the Act; “resident in the Islands”, in relation to a Reporting Crypto-Asset Service Provider, means — (a) being incorporated, registered or established in the Islands; (b) having in the Islands a place of effective management as defined in paragraph 47 of Section IV of the Commentary; or being subject to financial supervision in the Islands; “return”, other than in the Schedule, means — (a) a return under regulation 9(1)(a) or (c); or (b) a nil return under regulation 9(1)(b); “self-certification” means information, by whatever name called, that performs or purports to perform a purpose of a self-certification under the Crypto-Asset Reporting Framework; and “stayed”, in relation to a penalty, means that the penalty cannot be enforced — (a) because of the operation of regulation 29(1); or (b) in accordance with regulation 32(1), without the leave of the court, where the penalty is the subject of an appeal, the outcome of which is pending. (2) Definitions under the Crypto-Asset Reporting Framework apply to these Regulations in respect of terms not defined under paragraph (1). Crypto-Asset Reporting Framework Commentary For the purposes of these Regulations, the Crypto-Asset Reporting Framework Commentary, which is any explanatory material made and published by the Organisation for Economic Co-Operation and Development for the purpose of assisting with the interpretation of the Crypto-Asset Reporting Framework, is an integral part of the Crypto-Asset Reporting Framework and accordingly applies for the purposes of the automatic exchange of financial account information under a relevant scheduled Agreement. Guidelines The Authority may issue guidelines for complying with Part 2, for using the electronic portal, or both. Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 Regulation 5 Partner Jurisdictions and Reportable Jurisdictions The Authority shall at least once every calendar year publish by Notice in the Gazette a list of Partner Jurisdictions and a list of Reportable Jurisdictions for the purposes of the Crypto-Asset Reporting Framework. PART 2 - APPLICATION OF THE CRYPTO-ASSET REPORTING FRAMEWORK For the purposes of the automatic exchange of information relating to Crypto-Assets under a relevant scheduled Agreement, the Crypto-Asset Reporting Framework set out in the Schedule applies. Required reporting and due diligence for Cayman Reporting Crypto-Asset Service Provider (1) A Cayman Reporting Crypto-Asset Service Provider shall — (a) establish and maintain written policies and procedures to comply with the reporting and due diligence requirements outlined in the Crypto-Asset (b) implement and comply with the policies and procedures under subparagraph (a); and keep records of the steps undertaken and any evidence relied on for the performance of the procedures under subparagraph (a) and the measures to obtain those records. (2) The policies and procedures under paragraph (1)(a) shall include — (a) the identification of each jurisdiction in which a Crypto-Asset User or a Controlling Person is resident for income tax or corporation tax purposes or for the purpose of any tax imposed by the law of the jurisdiction that is of a similar character to either of those taxes; and (b) the due diligence procedures set out in Section III of the Crypto-Asset (3) A Cayman Reporting Crypto-Asset Service Provider shall collect a selfcertification which complies with paragraph C of Section III of the Crypto-Asset (a) in the case of Pre-existing Individual Crypto-Asset Users and Pre-existing Entity Crypto-Asset Users, within twelve months of these Regulations coming into force; and Regulation 8 Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 (b) in the case of Individual Crypto-Asset Users and Entity Crypto-Asset Users established after the commencement of these Regulations, on or before the establishment of a relationship with the user. Obligation of Cayman Reporting Crypto-Asset Service Providers to notify certain information (1) An Entity or individual who is a Cayman Reporting Crypto-Asset Service Provider prior to the commencement of these Regulations, other than an exempted body, shall give the Authority — (a) a registration form stating the required information about the Cayman Reporting Crypto-Asset Service Provider on or before 30th April, 2026; and (b) if any of the required information so notified changes, a notice stating details of the change (a “change notice”), within thirty days after the change occurs. (2) An Entity or individual who becomes a Cayman Reporting Crypto-Asset Service Provider on or after the commencement of these Regulations, other than an exempted body, shall give the Authority — (a) a registration form stating the required information about the Cayman Reporting Crypto-Asset Service Provider on or before the 31st of January following the year in which the Entity or individual became a Cayman Reporting Crypto-Asset Service Provider; and (b) if any of the required information so notified changes, a change notice, within thirty days after the change occurs. (3) A registration form or change notice shall be given electronically in the manner and in the form — (a) posted on an official website, for the information of Cayman Reporting Crypto-Asset Service Providers generally; or (b) stated in a notice given to any particular Cayman Reporting Crypto-Asset Service Provider in question. (4) A change notice for the principal point of contact of a Cayman Reporting Crypto-Asset Service Provider shall be given by the person the Cayman Reporting Crypto-Asset Service Provider has authorised for that purpose as most recently notified under a registration form or change notice. (5) A Cayman Reporting Crypto-Asset Service Provider shall provide adequate, accurate and current information in a registration form and change notice. (6) In this regulation — “exempted body” means — (a) a government entity; or Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 Regulation 9 (b) a pension fund of the Cayman Islands Monetary Authority or of another government entity; and “required information”, in relation to a Cayman Reporting Crypto-Asset Service Provider, means — (a) the name of the Entity or individual and any number given to the Entity or individual by the General Registry, the Cayman Islands Monetary Authority, or a regulatory or supervisory body; (b) the full name, address, business entity (where applicable), position and contact details, including an electronic address, of — (i) the person in the Islands who is authorised by the individual or the Entity to be the principal point of contact for compliance with this Part; and (ii) except in circumstances specified by the Authority, another person the individual or Entity has authorised to give change notices for its principal point of contact; and the date on which the Entity or the individual became a Reporting CryptoAsset Service Provider. Obligation to submit returns, declarations and information (1) A Cayman Reporting Crypto-Asset Service Provider shall, for each calendar year — (a) submit a return to the Authority for each of its Crypto-Asset Users that are Reportable Users or have Controlling Persons that are Reportable Persons setting out the information required to be reported under the Crypto-Asset (b) submit a nil return to the Authority if the Cayman Reporting Crypto-Asset Service Provider did not have any — (i) Crypto-Asset Users that are Reportable Users; or (ii) Controlling Persons that are Reportable Persons, in any Reportable Jurisdiction during the year; or if the Cayman Reporting Crypto-Asset Service Provider submitted a return in a Partner Jurisdiction in accordance with Section I of the Crypto-Asset Reporting Framework, submit a return to the Authority advising of the return submitted in the Partner Jurisdiction. (2) A Cayman Reporting Crypto-Asset Service Provider shall — (a) provide adequate, accurate and current information in a return; and (b) submit the return on or before the 30th of June of the year following the calendar year to which the return relates, together with a declaration made Regulation 10 Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 by the Cayman Reporting Crypto-Asset Service Provider that states that the information provided in the return is adequate, accurate and current. (3) A Cayman Reporting Crypto-Asset Service Provider shall — (a) provide to the Authority information that is reasonably required by the Authority to ensure effective implementation of, and compliance with, the reporting and due diligence procedures in accordance with the CryptoAsset Reporting Framework; and (b) in compliance with subparagraph (a), provide to the Authority, information that is adequate, accurate and current. Manner and form of submitting returns and declarations

(1) Returns and declarations shall be submitted in the form and manner specified through the use of the electronic portal. (2) The Authority shall notify Cayman Reporting Crypto-Asset Service Providers of the electronic portal and its usage by — (a) a post on an official website, for the information of Cayman Reporting Crypto-Asset Service Providers generally; or (b) a notice given to a particular Cayman Reporting Crypto-Asset Service Provider. (3) Unless the contrary is proved, the Authority shall presume that a return or declaration accepted by the electronic portal — (a) has been submitted as required under paragraph (1); or (b) was submitted — (i) when the return or declaration was accepted by the electronic portal; (ii) by the person who filed the return or declaration by using the electronic portal; and (iii) with the authority of the Cayman Reporting Crypto-Asset Service Provider on whose behalf the return or declaration purports to have been submitted. Appointment of agent

(1) A Cayman Reporting Crypto-Asset Service Provider may appoint a person as the agent of the Cayman Reporting Crypto-Asset Service Provider to carry out the duties and obligations imposed on the Cayman Reporting Crypto-Asset Service Provider by this Part. (2) If a Cayman Reporting Crypto-Asset Service Provider makes an appointment under paragraph (1), the Cayman Reporting Crypto-Asset Service Provider shall ensure that it continues to have access to and is able to produce to the Authority records and documentary evidence used to identify and report on Crypto-Asset Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 Regulation 12 Users that are Reportable Users or have Controlling Persons that are Reportable (3) The Cayman Reporting Crypto-Asset Service Provider is responsible for any failure of the person appointed under paragraph (1) to satisfy the obligations of the Cayman Reporting Crypto-Asset Service Provider under this Part. Authority’s monitoring function

(1) The Authority may, by notice given to a Cayman Reporting Crypto-Asset Service Provider, require the Cayman Reporting Crypto-Asset Service Provider — (a) within a time specified by the Authority, to provide to the Authority information, including a copy of a relevant book, document or other record, or of electronically stored information; or (b) at a time specified by the Authority, to make available to the Authority for inspection, a book, document or other record, or any electronically stored information, that is in the possession or under the control of the Cayman Reporting CryptoAsset Service Provider that the Authority reasonably requires in order to decide if the information that the Cayman Reporting Crypto-Asset Service Provider gave the Authority was adequate, accurate and current. (2) If information that the Authority reasonably requires or reasonably requires to inspect is outside the Islands and the Authority requires the Cayman Reporting Crypto-Asset Service Provider to bring the information to the Islands, the Authority shall specify a time that will enable the Cayman Reporting CryptoAsset Service Provider to bring the information to the Islands and the Cayman Reporting Crypto-Asset Service Provider shall comply with the requirement of the Authority. (3) A Cayman Reporting Crypto-Asset Service Provider shall retain for not less than six years a book, document or other record, including any information stored by electronic means, that relates to the information required to be reported to the Authority under this Part. Anti-avoidance

If a person enters into an arrangement, the main purpose or one of the main purposes of which is to avoid any obligation under this Part, the arrangement is deemed not to have been entered into by the person and this Part is to have effect as if the arrangement had never been in existence. Regulation 14 Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 PART 3 - OFFENCES AND PENALTIES General offences and defence Offence pertaining to false self-certification

(1) A person commits an offence if the person — (a) makes a self-certification that is false in a material particular in relation to the Crypto-Asset Reporting Framework; and (b) gives the self-certification, or causes the self-certification to be given, to a Cayman Reporting Crypto-Asset Service Provider for any purpose for which the self-certification was made or purports to have been made. (2) For the purposes of paragraph (1), it does not matter that — (a) the self-certification was made outside the Islands; (b) the person did not know, or had no reason to know, that the selfcertification was false; or the self-certification was given to the Cayman Reporting Crypto-Asset Service Provider by another person. (3) In this regulation, “makes” means to sign or otherwise positively affirm. Offence to contravene Part 2

A Cayman Reporting Crypto-Asset Service Provider who contravenes a regulation in Part 2 commits an offence. Offence pertaining to access to confidential information

(1) A person commits an offence if — (a) in purported compliance with Part 2, the person gives the Authority information that is inaccurate (“the act”); and (b) the act was done intentionally to cause, or the person knew the act was likely to cause, a contravention of section 20A of the Act. (2) In this regulation, “inaccurate” means incomplete, incorrect or unreliable. Offence of tampering

A person commits an offence if the person — (a) alters, destroys, mutilates, defaces, hides or removes information in a way that causes the person or any other person to contravene Part 2 in relation to the information; or (b) authorises, advises or counsels another person to contravene subparagraph (a). Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 Regulation 18 Offence to hinder the Authority in the performance of its functions

A person commits an offence if the person hinders the Authority in performing a function under these Regulations or under section 5 of the Act concerning the CryptoAsset Reporting Framework. Defence of reasonable excuse

(1) It is a defence to a proceeding for an offence under this Part, other than under regulation 20, for the defendant to prove the defendant had a reasonable excuse. (2) For the purposes of paragraph (1), neither insufficiency of funds nor reliance on an agent appointed under regulation 11 or any other person is a reasonable excuse. (3) If a defendant had a reasonable excuse for a contravention but the excuse has ceased, the defendant is to be treated as having continued to have the excuse if the contravention is remedied without unreasonable delay after the excuse ceased. Criminal liability of directors etc. of Cayman Reporting Crypto-Asset Service Providers Imputed offence

(1) If an Entity commits an offence under this Part, the following also commit that offence and are liable to the same penalty — (a) if the Entity is a body corporate, its directors, managers, secretaries and other similar officers to any such office, by whatever name called, and — (i) if the Entity is limited liability company, its members; and (ii) if the Entity is another type of company being managed by its members, its members; (b) if the Entity is a limited partnership or exempted limited partnership, its general partners and any of its limited partners who are participating in its management; if the Entity is any other type of partnership, its partners; (d) if the Entity is a trust, its trustees; and (e) any other person who, when the offence was committed was — (i) purporting to act in a capacity or position referred to in subparagraphs (a) to (d); or (ii) otherwise a de facto decision maker for the Entity. (2) It is a defence for a person referred to in paragraph (1) to prove that the person exercised reasonable diligence to prevent the contravention. Regulation 21 Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 Fines and criteria for imposing fines for offences under this Part Fines and criteria for imposing fines

(1) A person who commits an offence under this Part is liable — (a) in the case of — (i) an offence by a body corporate, to a fine of fifty thousand dollars; or (ii) an offence by an individual who forms, or forms part of, an unincorporated Cayman Reporting Crypto-Asset Service Provider, to a fine of fifty thousand dollars; or (b) in any other case, to a fine of twenty thousand dollars. (2) In deciding the amount of the fine — (a) regulation 24 applies as if a reference to a penalty were to the fine and a reference to the Authority were to the court; and (b) the court shall have regard to any penalty imposed for the contravention. Provisions pertaining to the Criminal Procedure Code (2021 Revision)

(1) Regulation 21 applies notwithstanding sections 6(2) and 8 of the Criminal Procedure Code (2021 Revision). (2) Notwithstanding section 78 of the Criminal Procedure Code (2021 Revision), regulation 25 applies to prosecutions for offences under this Part as if a reference in that regulation to imposing a penalty were a reference to a prosecution. PART 4 - COMPLIANCE Administrative penalties and safeguards for them Power to penalise

(1) Subject to complying with regulations 27 to 30, the Authority may impose a penalty (a “primary penalty”) for offences under Part 3, as follows — (a) in the case of — (i) an offence by a body corporate, a primary penalty of fifty thousand dollars; or (ii) an offence by an individual who forms, or forms part of, an unincorporated Cayman Reporting Crypto-Asset Service Provider, a primary penalty of fifty thousand dollars; or (b) in any other case, a primary penalty of twenty thousand dollars. Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 Regulation 24 (2) Subject to paragraphs (4) and (5), the Authority may impose further penalties on the party of one hundred dollars for each day the contravention continues (each a “continuing penalty”) if — (a) a primary penalty has been imposed and the primary penalty has not been stayed; (b) the contravention has not been remedied; and the party is capable of remedying the contravention. (3) For the purposes of paragraph (2)(c), insufficiency of funds or reliance on an agent appointed under regulation 11 or any other person does not, of itself, make the party incapable of remedying the contravention. (4) The Authority shall not impose a continuing penalty where a primary penalty in the amount of fifty thousand dollars is imposed under paragraph (1)(a). (5) Where the sum of the primary penalty and any continuing penalty imposed is fifty thousand dollars, the Authority shall not impose any additional continuing penalties. (6) Where a penalty is not paid within thirty days after it is imposed, the penalty becomes a debt owing by the party to the Crown. Criteria for deciding penalty

(1) In deciding whether to impose a penalty or the amount of the penalty, the Authority shall consider the following criteria in the following order of importance — (a) the need to ensure strict compliance with, and to penalise and deter contravention of, these Regulations; (b) the nature, seriousness and consequences of the contravention; the apparent degree of the party’s inadvertence, intent or negligence in committing the contravention; (d) the party’s conduct after becoming aware of the contravention, including — (i) whether and how quickly the party brought the contravention to the Authority’s attention; and (ii) the party’s efforts to remedy the contravention or prevent its recurrence; and (e) the party’s history of compliance with the Crypto-Asset Reporting Framework, in the Islands or elsewhere, of which the Authority is aware. (2) The Authority may also consider other matters it reasonably considers are relevant. Regulation 25 Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 (3) The criteria referred to in paragraph (1) and any matters considered by the Authority to be relevant under paragraph (2) prevail over any issue concerning the party’s resources or ability to pay. Limitation period

(1) The Authority shall not impose a primary penalty for an offence under regulation 15 later than one year after becoming aware of the contravention. (2) The Authority shall not impose a primary penalty for any other offence under this Part later than — (a) one year after becoming aware of the contravention; or (b) six years after the contravention happened, whichever is earlier. (3) There is no limitation period for imposing a continuing penalty while all the conditions under regulation 23(2) continue to apply. Imposition of penalty precluded by prosecution for offence

A prosecution against a person for an offence, whether or not a conviction resulted, precludes the imposition of a penalty on that person for the same offence, but the imposition of a penalty on a person for an offence does not preclude a prosecution against that person for the same offence. Procedure for imposing penalty Steps required to impose penalty

(1) Subject to paragraph (2), where the Authority decides to impose a penalty, the Authority shall impose the primary penalty by — (a) giving the party a breach notice; (b) if regulation 29 applies, complying with that regulation; and giving the party a penalty notice. (2) In the case of a contravention of regulation 9, the Authority may impose a penalty by giving the party a penalty notice without first having taken the steps under paragraph (1)(a) or (b). (3) Where the Authority decides to impose a continuing penalty, the Authority shall impose the continuing penalty by giving the party a penalty notice. (4) The same penalty notice may be given for two or more continuing penalties for the same primary penalty. Breach notice for primary penalty

(1) A breach notice shall be dated and state — Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 Regulation 29 (a) the party’s name; (b) that the Authority proposes to impose a penalty on the party (the “proposed action”) for the offence it believes the party committed; the facts and circumstances that the Authority believes constituted the offence; (d) the amount of the penalty the Authority proposes (the “proposed amount”); and (e) that the party may, within a period stated in the breach notice, submit written representations together with supporting documentation to the Authority about the proposed action, the proposed amount, or both. (2) The period stated in the breach notice shall not end less than thirty days after the giving of the notice. Considering representations and deciding primary penalty

(1) This regulation applies only if a breach notice has been given for a penalty, the period stated in the notice has ended and the party has submitted representations together with supporting documentation within the period stated in the notice. (2) The Authority shall — (a) consider all matters raised in the representations concerning the proposed action and the proposed amount referred to in regulation 28(1); and (b) reconsider the proposed action and, if relevant, the proposed amount. (3) The reconsideration referred to in paragraph (2) need only be on the balance of probabilities. (4) The amount of a penalty imposed may be any amount not exceeding the proposed amount. Penalty notice for all penalties

(1) A penalty notice shall be dated and state — (a) the party’s name; (b) that the Authority has imposed a penalty of a stated amount on the party; if the penalty is a primary penalty, reasons for the decision to impose the penalty and for its amount; (d) if the penalty is a continuing penalty, the date of the penalty notice for each relevant primary penalty; (e) that if the penalty is not paid within thirty days after the penalty notice has been given, the penalty becomes a debt owing by the party to the Crown; and (f) the substance of the party’s right to appeal. Regulation 31 Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 (2) The Authority may share information about a penalty, other than any reasons for the decision stated in the relevant penalty notice, with other Government authorities and regulators, both domestically and overseas. Appeals Right to appeal

(1) A party who has been given a penalty notice may appeal to a court in respect of the decision to impose the penalty, its amount, or both. (2) An appeal referred to in paragraph (1) shall be made within thirty days after the party received the notice or any later period the court allows. Automatic stay on appeal

(1) The Authority shall not, without the leave of the court, enforce the penalty which is the subject of an appeal until the outcome of the appeal. (2) Paragraph (1) does not limit or otherwise affect any obligation of the party under Part 2. Appeal hearing and outcome

(1) An appeal is by way of a rehearing de novo. (2) After hearing an appeal, the court may — (a) affirm, set aside or vary the decision appealed against (the “original decision”); or (b) set aside the original decision and remit the matter to the Authority for the Authority to reconsider with directions the court considers fit. (3) The following applies if the decision of the court is to affirm the original decision or to vary it in a way that a penalty is still imposed — (a) the court’s decision is, other than in respect of regulations 27 and 31, deemed to have always been the original decision; (b) the court, at the Authority’s request, may issue a judgment against the party for all or any part of the penalty that continues to be unpaid; and the request may be made during the appeal, when the court’s decision is handed down or at any later time on production of a certificate under regulation 36(3)(j). (4) If the court’s decision is to set aside and not to remit, the penalty is deemed to have never been owing. Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 Regulation 34 PART 5 - MISCELLANEOUS Conduct and mens rea of representatives of the principal

(1) This regulation applies to a decision by a body as follows if it is relevant to consider whether or not a person (the “principal”) engaged in conduct or had a state of mind about conduct, or both — (a) the Authority deciding whether or not to impose a penalty or the amount of a penalty; and (b) a court hearing a civil or criminal proceeding, including an appeal, relating to Part 3 or 4. (2) The principal is presumed to have engaged in the conduct if the Authority is satisfied the conduct was vicarious, unless the principal proves — (a) the principal was not in a position to prevent the conduct; or (b) if the principal was in such a position, the principal took reasonable steps to prevent the conduct. (3) The principal is deemed to have had the state of mind if the Authority is satisfied that the conduct was vicarious and the representative of the principal had the state of mind. (4) The satisfaction of the Authority referred to in paragraph (2) or (3) need only be on the balance of probabilities. (5) In this regulation — “engage in conduct” includes failing to engage in conduct; “representative of the principal”, or “representative”, in relation to the principal, means any of the following of, or in relation to, the principal — (a) a director, manager or other officer, by whatever name called, or an employee or other agent; (b) if the principal is a limited liability company, its members; if the principal is another type of company being managed by its members, its members; (d) if the principal is a limited partnership or exempted limited partnership, its general partners and any of its limited partners who, when the conduct took place, were participating in its management; (e) if the principal is any other type of partnership, its partners; (f) if the principal is a trust, its trustees; or (g) any other person who, when the conduct took place, was — (i) purporting to act in a capacity or position referred to in subparagraphs (a) to (f); or (ii) otherwise a de facto decision maker for the principal; Regulation 35 Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 “state of mind”, of the principal or a representative of the principal, includes the principal’s or the representative’s — (a) belief, intention, knowledge, opinion or purpose; and (b) reasons for the belief, intention, opinion or purpose; and “vicarious”, in relation to conduct, means that the conduct was engaged in by a representative of the principal within the scope of the representative’s actual or apparent authority from the principal. Giving of notices by the Authority

(1) The Authority may give a person (the “person concerned”) a notice for any purpose of these Regulations to a particular electronic address if any of the following persons has, from that address, electronically communicated with the Authority for an official purpose — (a) the person concerned; (b) any other person who had, or had apparently, been, authorised by the person concerned to communicate with the Authority for an official purpose; the electronic agent of the person concerned; and (d) if the person concerned is a Cayman Reporting Crypto-Asset Service Provider, its principal point of contact. (2) If there has been more than one electronic address for a person referred to in paragraph (1)(a) to (d), the notice from the Authority shall be given to the address that the person most recently used to communicate with the Authority for an official purpose. (3) Without limiting paragraph (1), if the person concerned is an individual, the Authority may give the person a notice for any purpose of these Regulations in any way that a summons may be served under section 18(4) of the Criminal Procedure Code (2021 Revision). (4) In this regulation, “official purpose” means a purpose related to the Authority’s functions under the Act, these Regulations or other regulations under the Act. Evidentiary provisions

(1) This regulation applies to a civil or criminal proceeding, including an appeal, relating to these Regulations or to enforce a penalty. (2) A signature purporting to be the signature of a designated person is evidence of the signature it purports to be. (3) A certificate signed, or purporting to be signed, by a designated person stating any of the following is evidence of that matter — Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 Regulation 36 (a) that a stated document is a copy of a post on an official website under regulation 8 or 10 that appeared on the website on a stated day or during a stated period; (b) that a stated Cayman Reporting Crypto-Asset Service Provider has not given a registration form or a change notice under regulation 8; that a stated person was the principal point of contact of a stated Cayman Reporting Crypto-Asset Service Provider at a stated time or during a stated period; (d) the time at which a stated Cayman Reporting Crypto-Asset Service Provider submits a return that was accepted by use of the electronic portal (an “accepted return”); (e) that a stated document is a copy of an accepted return; (f) that a stated Cayman Reporting Crypto-Asset Service Provider has not submitted an accepted return for a stated calendar year; (g) that a stated document is a copy of a notice given under these Regulations to a stated person (the “party”); (h) that an electronic address stated in a copy referred to in subparagraph (g) was, when the party was given the notice, an electronic address for the giving of notices to the party under regulation 35; (i) that on a stated day the party was given the notice in a stated way; or (j) that a penalty of a stated amount is owing to the Crown by a stated person. (4) For the purposes of section 17 of the Electronic Transactions Act (2003 Revision), a certificate under paragraph (3)(i) is evidence that the notice was electronically given to the recipient at the stated time. Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 Section I: Obligations of Reporting Crypto-Asset Service Providers A. A Reporting Crypto-Asset Service Provider is subject to the reporting and due diligence requirements in Sections II and III in the Islands, if it is — (1) an Entity or individual resident in the Islands; (2) an Entity that — (i) is incorporated or organised under the laws of the Islands; and (ii) either has legal personality in the Islands or has an obligation to file tax returns or tax information returns to the tax authorities in the Islands with respect to the income of the Entity; (3) an Entity managed from the Islands; or (4) an Entity or individual who has a regular place of business in the Islands. B. A Reporting Crypto-Asset Service Provider is subject to the reporting and due diligence requirements in Sections II and III in the Islands with respect to Relevant Transactions effectuated through a Branch based in the Islands. the reporting and due diligence requirements in Sections II and III it is subject to in the Islands pursuant to subparagraph A(2), (3) or (4), if the requirements are completed by such Reporting Crypto-Asset Service Provider in a Partner Jurisdiction by virtue of it being resident for tax purposes in the Partner Jurisdiction. D. the reporting and due diligence requirements in Sections II and III it is subject to in the Islands pursuant to subparagraph A(3) or (4), if the requirements are completed by the an Entity that — (a) is incorporated or organised under the laws of the Partner Jurisdiction; and (b) either has legal personality in the Partner Jurisdiction or has an obligation to file tax returns or tax information returns to the tax authorities in the Partner Jurisdiction with respect to the income of the Entity. Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 E. the reporting and due diligence requirements in Sections II and III it is subject to in the Islands pursuant to subparagraph A(4), if the requirements are completed by the managed from the Partner Jurisdiction. F. A Reporting Crypto-Asset Service Provider that is an individual is not required to complete the reporting and due diligence requirements in Sections II and III it is subject to in the Islands pursuant to subparagraph A(4), if the requirements are completed by the resident for tax purposes in the Partner Jurisdiction. G. A Reporting Crypto-Asset Service Provider is not required to complete the reporting and due diligence requirements in Sections II and III in the Islands with respect to Relevant Transactions it effectuates through a Branch in a Partner Jurisdiction, if the requirements are completed by the Branch in the Partner Jurisdiction. H. A Reporting Crypto-Asset Service Provider is not required to complete the reporting and due diligence requirements in Sections II and III it is subject to in the Islands pursuant to subparagraph A(1), (2), (3) or (4), if it has lodged a notification with the Islands in a format specified by the Islands confirming that the requirements are completed by the Reporting Crypto-Asset Service Provider under the rules of a Partner Jurisdiction pursuant to a substantially similar nexus that it is subject to in the Islands. Section II: Reporting requirements A. For each relevant calendar year or other appropriate reporting period, and subject to the obligations of Reporting Crypto-Asset Service Providers in Section I and the due diligence procedures in Section III, a Reporting Crypto-Asset Service Provider must report the following information with respect to its Crypto-Asset Users that are Reportable Users or that have Controlling Persons that are Reportable Persons — (1) the name, address, jurisdiction(s) of residence, TIN(s) and date and place of birth (in the case of an individual) of each Reportable User and, in the case of any Entity that, after application of the due diligence procedures, is identified as having one or more Controlling Persons that is a Reportable Person, the name, address, jurisdiction(s) of residence and TIN(s) of the Entity and the name, address, jurisdiction(s) of residence, TIN(s) and date and place of birth of each Reportable Person, as well as the role(s) by virtue of which each Reportable Person is a Controlling Person of the Entity and whether a valid self-certification has been provided by the Reportable User or Controlling Person; (2) the name, address and identifying number (if any) of the Reporting CryptoAsset Service Provider; and Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 (3) for each type of Relevant Crypto-Asset with respect to which it has effectuated Relevant Transactions during the relevant calendar year or other appropriate reporting period — (a) the full name of the type of Relevant Crypto-Asset; (b) the aggregate gross amount paid, the aggregate number of units and the number of Relevant Transactions in respect of acquisitions against Fiat Currency; the aggregate gross amount received, the aggregate number of units and the number of Relevant Transactions in respect of disposals against Fiat Currency; (d) the aggregate fair market value, the aggregate number of units and the number of Relevant Transactions in respect of acquisitions against other Relevant Crypto-Assets; (e) the aggregate fair market value, the aggregate number of units and the number of Relevant Transactions in respect of disposals against other Relevant Crypto-Assets; (f) the aggregate fair market value, the aggregate number of units and the number of Reportable Retail Payment Transactions; (g) the aggregate fair market value, the aggregate number of units and the number of Relevant Transactions, and subdivided by Transfer type where known by the Reporting Crypto-Asset Service Provider, in respect of Transfers to the Reportable User not covered by subparagraphs A(3)(b) and (d); (h) the aggregate fair market value, the aggregate number of units and the number of Relevant Transactions, and subdivided by Transfer type where known by the Reporting Crypto-Asset Service Provider, in respect of Transfers by the Reportable User not covered by subparagraphs A(3)(c), (e) and (f); and (i) the aggregate fair market value, as well as the aggregate number of units in respect of Transfers by the Reportable Crypto-Asset User effectuated by the Reporting Crypto-Asset Service Provider to wallet addresses not known by the Reporting Crypto-Asset Service Provider to be associated with a virtual asset service provider or financial institution. B. Notwithstanding subparagraph A(1), the TIN is not required to be reported if — (i) a TIN is not issued by the relevant Reportable Jurisdiction; or (ii) the domestic law of the relevant Reportable Jurisdiction does not require the collection of the TIN issued by such Reportable Jurisdiction. Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 Notwithstanding subparagraph A(1), the place of birth is not required to be reported unless the Reporting Crypto-Asset Service Provider is otherwise required to obtain and report it under domestic law. D. For the purposes of subparagraph A(3)(b) and (c), the amount paid or received must be reported in the Fiat Currency in which it was paid or received. In case the amounts were paid or received in multiple Fiat Currencies, the amounts must be reported in a single Fiat Currency, converted at the time of each Relevant Transaction in a manner that is consistently applied by the Reporting Crypto-Asset Service Provider. E. For the purposes of subparagraph A(3)(d) through (i), the fair market value must be determined and reported in a single Fiat Currency, valued at the time of each Relevant Transaction in a manner that is consistently applied by the Reporting Crypto-Asset Service Provider. F. The information reported must identify the Fiat Currency in which each amount is reported. G. The information pursuant to paragraph A must be reported by the 30th of June of the calendar year following the year to which the information relates. Section III: Due diligence procedures A Crypto-Asset User is treated as a Reportable User beginning as of the date it is identified as such pursuant to the due diligence procedures described in this Section. A. Due diligence procedures for Individual Crypto-Asset Users The following procedures apply for the purposes of determining whether the Individual Crypto-Asset User is a Reportable User. When establishing the relationship with the Individual Crypto-Asset User, or with respect to Pre-existing Individual Crypto-Asset Users by twelve months after the effective date of these rules, the Reporting Crypto-Asset Service Provider must obtain a self-certification that allows the Reporting Crypto-Asset Service Provider to determine the Individual Crypto-Asset User’s residence(s) for tax purposes and confirm the reasonableness of such self-certification based on the information obtained by the Reporting Crypto-Asset Service Provider, including any documentation collected pursuant to AML/KYC Procedures. If at any point there is a change of circumstances with respect to an Individual Crypto-Asset User that causes the Reporting Crypto-Asset Service Provider to know, or have reason to know, that the original self-certification is incorrect or unreliable, the Reporting Crypto-Asset Service Provider cannot rely on the original self-certification and must obtain a valid self-certification, or a reasonable explanation and, where appropriate, documentation supporting the validity of the original self-certification. Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 B. Due diligence procedures for Entity Crypto-Asset Users The following procedures apply for the purposes of determining whether the Entity Crypto-Asset User is a Reportable User or an Entity, other than an Excluded Person or an Active Entity, with one or more Controlling Persons who are Reportable Determine whether the Entity Crypto-Asset User is a Reportable User. (a) When establishing the relationship with the Entity Crypto-Asset User, or with respect to Pre-existing Entity Crypto-Assets Users by twelve months after the effective date of these rules, the Reporting Crypto-Asset Service Provider must obtain a self-certification that allows the Reporting CryptoAsset Service Provider to determine the Entity Crypto-Asset User’s residence(s) for tax purposes and confirm the reasonableness of such selfcertification based on the information obtained by the Reporting CryptoAsset Service Provider, including any documentation collected pursuant to AML/KYC Procedures. If the Entity Crypto-Asset User certifies that it has no residence for tax purposes, the Reporting Crypto-Asset Service Provider may rely on the place of effective management or on the address of the principal office to determine the residence of the Entity CryptoAsset User. (b) If the self-certification indicates that the Entity Crypto-Asset User is resident in a Reportable Jurisdiction, the Reporting Crypto-Asset Service Provider must treat the Entity Crypto-Asset User as a Reportable User, unless it reasonably determines based on the self-certification or on information in its possession or that is publicly available, that the Entity Crypto-Asset User is an Excluded Person. Determine whether the Entity has one or more Controlling Persons who are Reportable Persons. With respect to an Entity Crypto-Asset User, other than an Excluded Person, the Reporting Crypto-Asset Service Provider must determine whether it has one or more Controlling Persons who are Reportable Persons, unless it determines that the Entity Crypto-Asset User is an Active Entity, based on a self-certification from the Entity Crypto-Asset User. (a) Determining the Controlling Persons of the Entity Crypto-Asset User. For the purposes of determining the Controlling Persons of the Entity Crypto-Asset User, a Reporting Crypto-Asset Service Provider may rely on information collected and maintained pursuant to AML/KYC Procedures, provided that such procedures are consistent with the 2012 FATF Recommendations (as updated in June 2019 pertaining to virtual asset service providers). If the Reporting Crypto-Asset Service Provider is not legally required to apply AML/KYC Procedures that are consistent Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 with the 2012 FATF Recommendations (as updated in June 2019 pertaining to virtual asset service providers), it must apply substantially similar procedures for the purposes of determining the Controlling (b) Determining whether a Controlling Person of an Entity Crypto-Asset User is a Reportable Person. For the purposes of determining whether a Controlling Person is a Reportable Person, a Reporting Crypto-Asset Service Provider must rely on a self-certification from the Entity CryptoAsset User or such Controlling Person that allows the Reporting CryptoAsset Service Provider to determine the Controlling Person’s residence(s) for tax purposes and confirm the reasonableness of such self-certification based on the information obtained by the Reporting Crypto-Asset Service Provider, including any documentation collected pursuant to AML/KYC Procedures. If at any point there is a change of circumstances with respect to an Entity Crypto-Asset User or its Controlling Persons that causes the Reporting CryptoAsset Service Provider to know, or have reason to know, that the original selfcertification is incorrect or unreliable, the Reporting Crypto-Asset Service Provider cannot rely on the original self-certification and must obtain a valid self-certification, or a reasonable explanation and, where appropriate, documentation supporting the validity of the original self-certification. Requirements for validity of self-certifications A self-certification provided by an Individual Crypto-Asset User or Controlling Person is valid only if it is signed or otherwise positively affirmed by the Individual Crypto-Asset User or Controlling Person, it is dated at the latest at the date of receipt and it contains the following information with respect to the Individual Crypto-Asset User or Controlling Person — (a) first and last name; (b) residence address; jurisdiction(s) of residence for tax purposes; (d) with respect to each Reportable Person, the TIN with respect to each Reportable Jurisdiction; and (e) date of birth; A self-certification provided by an Entity Crypto-Asset User is valid only if it is signed or otherwise positively affirmed by the Crypto-Asset User, it is dated at the latest at the date of receipt and it contains the following information with respect to the Entity Crypto-Asset User — (a) legal name; (b) address; Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 jurisdiction(s) of residence for tax purposes; (d) with respect to each Reportable Person, the TIN with respect to each Reportable Jurisdiction; (e) in case of an Entity Crypto-Asset User other than an Active Entity or an Excluded Person, the information described in subparagraph C(1) with respect to each Controlling Person of the Entity Crypto-Asset User, unless such Controlling Person has provided a self-certification pursuant to subparagraph C(1), as well as the role(s) by virtue of which each Reportable Person is a Controlling Person of the Entity, if not already determined on the basis of AML/KYC Procedures; and (f) if applicable, information as to the criteria it meets to be treated as an Active Entity or Excluded Person. Notwithstanding subparagraphs C(1) and (2), the TIN is not required to be collected if the jurisdiction of residence of the Reportable Person does not issue a TIN to the Reportable Person, or the domestic law of the relevant Reportable Jurisdiction does not require the collection of the TIN issued by such Reportable Jurisdiction. D. General due diligence requirements A Reporting Crypto-Asset Service Provider that is also a Financial Institution for the purposes of the Common Reporting Standard may rely on the due diligence procedures completed pursuant to Sections IV and VI of the Common Reporting Standard for the purpose of the due diligence procedures pursuant to this Section; and a Reporting Crypto-Asset Service Provider may also rely on a self-certification already collected for other tax purposes, provided such selfcertification meets the requirements of paragraph C of this Section. A Reporting Crypto-Asset Service Provider may rely on a third party to fulfil the due diligence obligations set out in this Section, but such obligations remain the responsibility of the Reporting Crypto-Asset Service Provider. A Reporting Crypto-Asset Service Provider is required to maintain all documentation and data for a period of not less than five years after the end of the period within which the Reporting Crypto-Asset Service Provider must report the information required to be reported pursuant to Section II. Section IV: Defined terms A. Relevant Crypto-Asset The term “Crypto-Asset” means a digital representation of value that relies on a cryptographically secured distributed ledger or a similar technology to validate and secure transactions. Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 The term “Relevant Crypto-Asset” means any Crypto-Asset that is not a Central Bank Digital Currency, a Specified Electronic Money Product or any Crypto-Asset for which the Reporting Crypto Asset Service Provider has adequately determined that it cannot be used for payment or investment purposes. The term “Central Bank Digital Currency” means any digital Fiat Currency issued by a Central Bank. The term “Specified Electronic Money Product” means any Crypto-Asset that is — (a) a digital representation of a single Fiat Currency; (b) issued on receipt of funds for the purpose of making payment transactions; represented by a claim on the issuer denominated in the same Fiat Currency; (d) accepted in payment by a natural or legal person other than the issuer; and (e) by virtue of regulatory requirements to which the issuer is subject, redeemable at any time and at par value for the same Fiat Currency upon request of the holder of the product. The term “Specified Electronic Money Product” does not include a product created for the sole purpose of facilitating the transfer of funds from a customer to another person pursuant to instructions of the customer. A product is not created for the sole purpose of facilitating the transfer of funds if, in the ordinary course of business of the transferring Entity, either the funds connected with such product are held longer than sixty days after receipt of instructions to facilitate the transfer, or, if no instructions are received, the funds connected with such product are held longer than sixty days after receipt of the funds. B. Reporting Crypto-Asset Service Provider The term “Reporting Crypto-Asset Service Provider” means any individual or Entity that, as a business, provides a service effectuating Exchange Transactions for or on behalf of customers, including by acting as a counterparty, or as an intermediary, to such Exchange Transactions, or by making available a trading platform. Relevant Transaction The term “Relevant Transaction” means any — (a) Exchange Transaction; and (b) Transfer of Relevant Crypto-Assets. The term “Exchange Transaction” means any — Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 (a) exchange between Relevant Crypto-Assets and Fiat Currencies; and (b) exchange between one or more forms of Relevant Crypto-Assets. The term “Reportable Retail Payment Transaction” means a Transfer of Relevant Crypto-Assets in consideration of goods or services for a value exceeding fifty thousand United States dollars. The term “Transfer” means a transaction that moves a Relevant Crypto-Asset from or to the Crypto-Asset address or account of one Crypto-Asset User, other than one maintained by the Reporting Crypto-Asset Service Provider on behalf of the same Crypto-Asset User, where, based on the knowledge available to the Reporting Crypto-Asset Service Provider at the time of transaction, the Reporting Crypto-Asset Service Provider cannot determine that the transaction is an Exchange Transaction. The term “Fiat Currency” means the official currency of a jurisdiction, issued by a jurisdiction or by a jurisdiction’s designated Central Bank or monetary authority, as represented by physical banknotes or coins or by money in different digital forms, including bank reserves and Central Bank Digital Currencies. The term also includes commercial bank money and electronic money products (including Specified Electronic Money Products). D. Reportable User The term “Reportable User” means a Crypto-Asset User that is a Reportable Person. The term “Crypto-Asset User” means an individual or Entity that is a customer of a Reporting Crypto-Asset Service Provider for purposes of carrying out Relevant Transactions. An individual or Entity, other than a Financial Institution or a Reporting Crypto-Asset Service Provider, acting as a Crypto-Asset User for the benefit or account of another individual or Entity as agent, custodian, nominee, signatory, investment advisor, or intermediary, is not treated as a Crypto-Asset User, and such other individual or Entity is treated as the CryptoAsset User. Where a Reporting Crypto-Asset Service Provider provides a service effectuating Reportable Retail Payment Transactions for or on behalf of a merchant, the Reporting Crypto-Asset Service Provider must also treat the customer that is the counterparty to the merchant for such Reportable Retail Payment Transaction as the Crypto-Asset User with respect to such Reportable Retail Payment Transaction, provided that the Reporting Crypto-Asset Service Provider is required to verify the identity of such customer by virtue of the Reportable Retail Payment Transaction pursuant to domestic anti-money laundering rules. The term “Individual Crypto-Asset User” means a Crypto-Asset User that is an individual. Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 The term “Pre-existing Individual Crypto-Asset User” means an Individual Crypto-Asset User that has established a relationship with the Reporting CryptoAsset Service Provider as of 31st December, 2025. The term “Entity Crypto-Asset User” means a Crypto-Asset User that is an Entity. The term “Pre-existing Entity Crypto-Asset User” means an Entity CryptoAsset User that has established a relationship with the Reporting Crypto-Asset Service Provider as of 31st December, 2025. The term “Reportable Person” means a Reportable Jurisdiction Person other than an Excluded Person. The term “Reportable Jurisdiction Person” means an Entity or individual that is resident in a Reportable Jurisdiction under the tax laws of such jurisdiction, or an estate of a decedent that was a resident of a Reportable Jurisdiction. For this purpose, an Entity such as a partnership, limited liability partnership or similar legal arrangement that has no residence for tax purposes shall be treated as resident in the jurisdiction in which its place of effective management is situated. The term “Reportable Jurisdiction” means any jurisdiction — (a) with which an agreement or arrangement is in effect pursuant to which the Islands is obligated to provide the information specified in Section II with respect to Reportable Persons resident in such jurisdiction, and (b) which is identified as such in a list published by the Islands. 10. The term “Controlling Persons” means the natural persons who exercise control over an Entity. In the case of a trust, such term means the settlor(s), the trustee(s), the protector(s) (if any), the beneficiary(ies) or class(es) of beneficiaries, and any other natural person(s) exercising ultimate effective control over the trust, and in the case of a legal arrangement other than a trust, such term means persons in equivalent or similar positions. The term “Controlling Persons” must be interpreted in a manner consistent with the 2012 Financial Action Task Force Recommendations, as updated in June 2019 pertaining to virtual asset service providers. 11. The term “Active Entity” means any Entity that meets any of the following criteria — (a) less than fifty per cent of the Entity’s gross income for the preceding calendar year or other appropriate reporting period is passive income and less than fifty per cent of the assets held by the Entity during the preceding calendar year or other appropriate reporting period are assets that produce or are held for the production of passive income; (b) substantially all of the activities of the Entity consist of holding (in whole or in part) the outstanding stock of, or providing financing and services to, Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 one or more subsidiaries that engage in trades or businesses other than the business of a Financial Institution, except that an Entity does not qualify for this status if the Entity functions (or holds itself out) as an investment fund, such as a private equity fund, venture capital fund, leveraged buyout fund, or any investment vehicle whose purpose is to acquire or fund companies and then hold interests in those companies as capital assets for investment purposes; the Entity is not yet operating a business and has no prior operating history, but is investing capital into assets with the intent to operate a business other than that of a Financial Institution, provided that the Entity does not qualify for this exception after the date that is twenty-four months after the date of the initial organisation of the Entity; (d) the Entity was not a Financial Institution in the past five years, and is in the process of liquidating its assets or is reorganising with the intent to continue or recommence operations in a business other than that of a Financial Institution; (e) the Entity primarily engages in financing and hedging transactions with, or for, Related Entities that are not Financial Institutions, and does not provide financing or hedging services to any Entity that is not a Related Entity, provided that the group of any such Related Entities is primarily engaged in a business other than that of a Financial Institution; or (f) the Entity meets all of the following requirements — (i) it is established and operated in its jurisdiction of residence exclusively for religious, charitable, scientific, artistic, cultural, athletic, or educational purposes; or it is established and operated in its jurisdiction of residence and it is a professional organisation, business league, chamber of commerce, labour organisation, agricultural or horticultural organisation, civic league or an organisation operated exclusively for the promotion of social welfare; (ii) it is exempt from income tax in its jurisdiction of residence; (iii) it has no shareholders or members who have a proprietary or beneficial interest in its income or assets; (iv) the applicable laws of the Entity’s jurisdiction of residence or the Entity’s formation documents do not permit any income or assets of the Entity to be distributed to, or applied for the benefit of, a private person or non-charitable Entity other than pursuant to the conduct of the Entity’s charitable activities, or as payment of reasonable compensation for services rendered, or as payment representing the fair market value of property which the Entity has purchased; and Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 (v) the applicable laws of the Entity’s jurisdiction of residence or the Entity’s formation documents require that, upon the Entity’s liquidation or dissolution, all of its assets be distributed to a Governmental Entity or other non-profit organisation, or escheat to the government of the Entity’s jurisdiction of residence or any political subdivision thereof. E. Excluded Person The term “Excluded Person” means — (a) an Entity the stock of which is regularly traded on one or more established securities markets; (b) any Entity that is a Related Entity of an Entity described in clause (a); a Governmental Entity; (d) an International Organisation; (e) a Central Bank; or (f) a Financial Institution other than an Investment Entity described in Section IV E(5)(b). The term “Financial Institution” means a Custodial Institution, a Depository Institution, an Investment Entity, or a Specified Insurance Company. The term “Custodial Institution” means any Entity that holds, as a substantial portion of its business, Financial Assets for the account of others. An Entity holds Financial Assets for the account of others as a substantial portion of its business if the Entity’s gross income attributable to the holding of Financial Assets and related financial services equals or exceeds twenty per cent of the Entity’s gross income during the shorter of — (i) the three-year period that ends on the 31st of December (or the final day of a non-calendar year accounting period) prior to the year in which the determination is being made; or (ii) the period during which the Entity has been in existence. The term “Depository Institution” means any Entity that — (a) accepts deposits in the ordinary course of a banking or similar business; or (b) holds Specified Electronic Money Products or Central Bank Digital Currencies for the benefit of customers. The term “Investment Entity” means any Entity — (a) that primarily conducts as a business one or more of the following activities or operations for or on behalf of a customer — (i) trading in money market instruments (cheques, bills, certificates of deposit, derivatives, etc.); foreign exchange; exchange, interest rate Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 and index instruments; transferable securities; or commodity futures trading; (ii) individual and collective portfolio management; or (iii) otherwise investing, administering, or managing Financial Assets, money, or Relevant Crypto-Assets on behalf of other persons; or (b) the gross income of which is primarily attributable to investing, reinvesting, or trading in Financial Assets or Relevant Crypto-Assets, if the Entity is managed by another Entity that is a Depository Institution, a Custodial Institution, a Specified Insurance Company, or an Investment Entity described in subparagraph E(5)(a). An Entity is treated as primarily conducting as a business one or more of the activities described in subparagraph E(5)(a), or an Entity’s gross income is primarily attributable to investing, reinvesting, or trading in Financial Assets or Relevant Crypto-Assets for purposes of subparagraph E(5)(b), if the Entity’s gross income attributable to the relevant activities equals or exceeds fifty per cent of the Entity’s gross income during the shorter of — (i) the three-year period ending on the 31st of December of the year preceding the year in which the determination is made; or (ii) the period during which the Entity has been in existence. For the purposes of subparagraph E(5)(a)(iii), the term “otherwise investing, administering, or managing Financial Assets, money, or Relevant CryptoAssets on behalf of other persons” does not include the provision of services effectuating Exchange Transactions for or on behalf of customers. The term “Investment Entity” does not include an Entity that is an Active Entity because it meets any of the criteria in subparagraphs D(11)(b) through (e). This paragraph shall be interpreted in a manner consistent with similar language set forth in the definition of “financial institution” in the Financial Action Task Force Recommendations. The term “Specified Insurance Company” means any Entity that is an insurance company (or the holding company of an insurance company) that issues, or is obligated to make payments with respect to, a Cash Value Insurance Contract or an Annuity Contract. The term “Governmental Entity” means the government of a jurisdiction, any political subdivision of a jurisdiction (which, for the avoidance of doubt, includes a state, province, county, or municipality), or any wholly owned agency or instrumentality of a jurisdiction or of any one or more of the foregoing. This category is comprised of the integral parts, controlled entities, and political subdivisions of a jurisdiction. (a) An “integral part” of a jurisdiction means any person, organisation, agency, bureau, fund, instrumentality, or other body, however designated, Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 that constitutes a governing authority of a jurisdiction. The net earnings of the governing authority must be credited to its own account or to other accounts of the jurisdiction, with no portion inuring to the benefit of any private person. An integral part does not include any individual who is a sovereign, official, or administrator acting in a private or personal capacity. (b) A “controlled entity” means an Entity that is separate in form from the jurisdiction or that otherwise constitutes a separate juridical entity, provided that — (i) the Entity is wholly owned and controlled by one or more Governmental Entities directly or through one or more controlled entities; (ii) the Entity’s net earnings are credited to its own account or to the accounts of one or more Governmental Entities, with no portion of its income inuring to the benefit of any private person; and (iii) the Entity’s assets vest in one or more Governmental Entities upon dissolution. Income does not inure to the benefit of private persons if such persons are the intended beneficiaries of a governmental programme, and the programme activities are performed for the general public with respect to the common welfare or relate to the administration of some phase of government. Notwithstanding the foregoing, however, income is considered to inure to the benefit of private persons if the income is derived from the use of a Governmental Entity to conduct a commercial business, such as a commercial banking business, that provides financial services to private persons. The term “International Organisation” means any international organisation or wholly owned agency or instrumentality thereof. This category includes any intergovernmental organisation (including a supranational organisation) — (a) that is comprised primarily of governments; (b) that has in effect a headquarters or substantially similar agreement with the jurisdiction; and the income of which does not inure to the benefit of private persons. The term “Central Bank” means an institution that is by law or government sanction the principal authority, other than the government of the jurisdiction itself, issuing instruments intended to circulate as currency. Such an institution may include an instrumentality that is separate from the government of the jurisdiction, whether or not owned in whole or in part by the jurisdiction. 10. The term “Financial Asset” includes a security (for example, a share of stock in a corporation; partnership or beneficial ownership interest in a widely held or Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 publicly traded partnership or trust; note, bond, debenture, or other evidence of indebtedness), partnership interest, commodity, swap (for example, interest rate swaps, currency swaps, basis swaps, interest rate caps, interest rate floors, commodity swaps, equity swaps, equity index swaps, and similar agreements), Insurance Contract or Annuity Contract, or any interest (including a futures or forward contract or option) in a security, Relevant Crypto-Asset, partnership interest, commodity, swap, Insurance Contract, or Annuity Contract. The term “Financial Asset” does not include a non-debt, direct interest in real property. 11. The term “Equity Interest” means, in the case of a partnership that is a Financial Institution, either a capital or profits interest in the partnership. In the case of a trust that is a Financial Institution, an Equity Interest is considered to be held by any person treated as a settlor or beneficiary of all or a portion of the trust, or any other natural person exercising ultimate effective control over the trust. A Reportable Person will be treated as being a beneficiary of a trust if such Reportable Person has the right to receive directly or indirectly (for example, through a nominee) a mandatory distribution or may receive, directly or indirectly, a discretionary distribution from the trust. 12. The term “Insurance Contract” means a contract (other than an Annuity Contract) under which the issuer agrees to pay an amount upon the occurrence of a specified contingency involving mortality, morbidity, accident, liability, or property risk. 13. The term “Annuity Contract” means a contract under which the issuer agrees to make payments for a period of time determined in whole or in part by reference to the life expectancy of one or more individuals. The term also includes a contract that is considered to be an Annuity Contract in accordance with the law, regulation, or practice of the jurisdiction in which the contract was issued, and under which the issuer agrees to make payments for a term of years. 14. The term “Cash Value Insurance Contract” means an Insurance Contract (other than an indemnity reinsurance contract between two insurance companies) that has a Cash Value. 15. The term “Cash Value” means the greater of — (i) the amount that the policyholder is entitled to receive upon surrender or termination of the contract (determined without reduction for any surrender charge or policy loan); and (ii) the amount the policyholder can borrow under or with regard to the contract. Notwithstanding the foregoing, the term “Cash Value” does not include an amount payable under an Insurance Contract — Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 (a) solely by reason of the death of an individual insured under a life insurance contract; (b) as a personal injury or sickness benefit or other benefit providing indemnification of an economic loss incurred upon the occurrence of the event insured against; as a refund of a previously paid premium (less cost of insurance charges whether or not actually imposed) under an Insurance Contract (other than an investment-linked life insurance or annuity contract) due to cancellation or termination of the contract, decrease in risk exposure during the effective period of the contract, or arising from the correction of a posting or similar error with regard to the premium for the contract; (d) as a policyholder dividend (other than a termination dividend) provided that the dividend relates to an Insurance Contract under which the only benefits payable are described in subparagraph E(15)(b); or (e) as a return of an advance premium or premium deposit for an Insurance Contract for which the premium is payable at least annually if the amount of the advance premium or premium deposit does not exceed the next annual premium that will be payable under the contract. F. Miscellaneous The term “Partner Jurisdiction” means any jurisdiction that has put in place equivalent legal requirements and that is included in a list published by the Islands. The term “AML/KYC Procedures” means the customer due diligence procedures of a Reporting Crypto-Asset Service Provider pursuant to the antimoney laundering or similar requirements to which such Reporting CryptoAsset Service Provider is subject. The term “Entity” means a legal person or a legal arrangement, such as a corporation, partnership, trust, or foundation. An Entity is a “Related Entity” of another Entity if either Entity controls the other Entity, or the two Entities are under common control. For this purpose control includes direct or indirect ownership of more than fifty per cent of the vote and value in an Entity. The term “TIN” means Taxpayer Identification Number (or functional equivalent in the absence of a Taxpayer Identification Number). The term “Branch” means a unit, business or office of a Reporting Crypto-Asset Service Provider that is treated as a branch under the regulatory regime of a jurisdiction or that is otherwise regulated under the laws of a jurisdiction as separate from other offices, units, or branches of the Reporting Crypto-Asset Tax Information Authority (International Tax Compliance) (CryptoAsset Reporting Framework) Regulations, 2025 Service Provider. All units, businesses, or offices of a Reporting Crypto-Asset Service Provider in a single jurisdiction shall be treated as a single branch. Section V: Effective implementation A jurisdiction must have rules and administrative procedures in place to ensure effective implementation of, and compliance with, the reporting and due diligence procedures set out above. Made in Cabinet the 21st day of November, 2025. Kim Bullings Clerk of the Cabinet