Candour Legal – Best Lawyers in Ahmedabad | Law firm in Ahmedabad
Section 509 crypto reporting begins this quarter. From 1 April 2026, every reporting entity handling virtual digital assets for Indian users is required to furnish user-level transaction information to the Income Tax Department under Section 509(1) of the Income-tax Act, 2025 — the re-codified form of the reporting obligation originally introduced as Section 285BAA by the Finance Act, 2025. The obligation runs parallel to, and in many respects overlaps with, the FIU-IND reporting regime under the Prevention of Money Laundering Act, 2002, but it answers a different question: not whether a transaction looks suspicious, but whether the user’s VDA income has been correctly disclosed for tax purposes. This second article in the series walks through the Section 509 architecture, the Rules 114F-114G-114H amendments that made crypto-assets reportable financial assets from 1 January 2026, the penalty framework under Section 446, and the trajectory toward the OECD Crypto-Asset Reporting Framework scheduled for activation in April 2027.
Key Takeaways
- Section 509(1) of the Income-tax Act, 2025 (formerly Section 285BAA of the Income-tax Act, 1961) requires prescribed reporting entities to furnish statements of crypto-asset transactions from 1 April 2026 in the prescribed form, period, and manner.
- Rules 114F, 114G, and 114H of the Income-tax Rules were amended by the CBDT on 5 March 2026 to classify crypto-assets, CBDCs, and e-money as “financial assets” for FATCA/CRS reporting, with effect from 1 January 2026.
- Section 446 of the new Act imposes a penalty of INR 200 per day for failure to furnish a Section 509 statement and INR 50,000 for inaccurate information that is not corrected.
- India’s CBDT confirmed alignment with the OECD Crypto-Asset Reporting Framework in September 2025 and has targeted 1 April 2027 for domestic enforcement; the CARF Multilateral Competent Authority Agreement is expected to be signed in 2026.
- The Section 509 reporting regime runs in parallel with the FIU-IND registration and AML/CFT reporting regime under the PMLA — reporting entities must satisfy both, and the data flows are distinct but cross-referenced.
- Once CARF is live, Indian tax authorities will receive annual automatic data feeds on Indian residents’ offshore crypto holdings from participating jurisdictions, closing the disclosure asymmetry that has historically protected offshore traders.
Section 285BAA to Section 509: The Reporting Obligation
The statutory genesis of the Section 509 obligation lies in the Finance Act, 2025, which inserted Section 285BAA into the Income-tax Act, 1961 with effect from 1 April 2026. The text of the provision is short and sweeping: any person, being a reporting entity, as prescribed, in respect of a crypto-asset, shall furnish information in respect of a transaction of such crypto-asset in a statement, for such period, within such time, in such form and manner and to such income-tax authority, as prescribed. The Income-tax Act, 2025, re-codifying the statute from 1 April 2026, carried the provision forward as Section 509(1). The substantive obligation is identical; only the numbering has moved.
What makes Section 509 operationally significant is the delegation: it empowers the CBDT to prescribe by rule the reporting entities, the form and period of reporting, the authority to whom the statement is furnished, and the specific information fields. The enabling rules and form notifications have been issued through the Income-tax Rules, 2026 (Notification G.S.R. 198(E) dated 20 March 2026, with a 76-point corrigendum at G.S.R. 286(E) dated 16 April 2026). Reporting entities for these purposes broadly track the population of platforms already regulated by FIU-IND — Indian crypto exchanges, custodians, wallet providers, broker-dealer platforms, and offshore VDASPs servicing Indian users — though the formal definition is independent and slightly wider, because it reaches any person whom the CBDT designates as a prescribed reporting entity for crypto-asset transactions.
Rules 114F, 114G, 114H: Crypto as a Financial Asset for CRS Purposes
On 5 March 2026, the CBDT issued the Income-tax (First Amendment) Rules, 2026, which materially expanded the scope of Rules 114F, 114G, and 114H of the Income-tax Rules. These rules implement India’s obligations under the Foreign Account Tax Compliance Act (FATCA) regime with the United States and the Common Reporting Standard (CRS) framework under the OECD Multilateral Competent Authority Agreement on Automatic Exchange of Information. The amendment’s effect is to reclassify crypto-assets, central bank digital currencies, and e-money as “financial assets” for the purposes of these rules, with retrospective operation from 1 January 2026.
The consequence of this reclassification is that financial institutions within the scope of FATCA/CRS now have due-diligence and reporting obligations in respect of accounts holding or dealing with crypto-assets. For Indian reporting financial institutions, this means KYC documentation collected from account holders must capture residency, tax identification numbers, and beneficial ownership information to the standard required for CRS transmission — a standard materially more detailed than that historically applied to domestic VDA onboarding. The date selection (1 January 2026) is not accidental: it matches the global CARF domestic-legislation target date that the OECD has pressed jurisdictions to meet, and aligns India with the EU DAC8 Directive effective the same date. The result is that the Section 509 framework sits on top of a Rules-114 reporting infrastructure that is already collecting the fields CARF will eventually want to exchange.
Section 446 Penalties: INR 200 Per Day and INR 50,000 Per Inaccuracy
The reporting obligation alone is not the enforcement mechanism. Compliance is driven by the penalty framework in Section 446 of the Income-tax Act, 2025, which targets the reporting entity directly. Two triggers apply. First, failure by a prescribed reporting entity to furnish a statement under Section 509(1) in time and in the prescribed form attracts a penalty of INR 200 per day for the period of default. Second, where the entity furnishes inaccurate information and either fails to inform the prescribed authority of the inaccuracy within a reasonable period, or fails to comply with the due-diligence requirements set out in the rules, a penalty of INR 50,000 is imposed.
The per-day component is the more commercially material of the two for large exchanges. A single quarterly statement delayed by thirty days generates a penalty of INR 6,000; delay across multiple statements or across multiple reporting periods aggregates in the same arithmetic manner that has made Chapter IV PMLA penalties reach crore-rupee figures in practice. The Section 446 architecture thus mirrors the FIU-IND enforcement posture in design, if not in quantum. For exchanges operating in India, the practical implication is that the Section 509 statement cycle must be embedded in the compliance function with the same discipline as the monthly GST return and the quarterly TDS return: missed deadlines have a defined daily cost, and the cost compounds.
Parallel Reporting: Section 509 and the PMLA Regime
A reporting entity for Section 509 purposes is almost always also a reporting entity for PMLA purposes, but the two reporting tracks remain distinct. Under the PMLA, a VDASP registered with FIU-IND files Suspicious Transaction Reports, Cash Transaction Reports, and NPO Transaction Reports through the FINgate portal — the reporting trigger is the characteristic of the transaction (suspicion, volume threshold, counterparty category), and the destination is the Financial Intelligence Unit for AML/CFT analysis. Under Section 509, the same platform files user-level transaction data on a prescribed periodic basis — the reporting trigger is simply the fact of a reportable crypto-asset transaction, and the destination is the Income Tax Department for tax verification and cross-checking with taxpayer ITR disclosures.
The fields overlap substantially. Customer identity, beneficial ownership, transaction timestamps, transaction values, and counterparty identification all appear on both reporting tracks. But the discretion and the purpose differ. The PMLA track is judgement-laden: the Principal Officer files an STR because a pattern looks suspicious, and can be challenged for over-reporting as much as for under-reporting. The Section 509 track is mechanical: all reportable transactions go, in a prescribed format, without editorial filter. For compliance teams, the operational lesson is to build the reporting infrastructure once, at the data layer, and route the same underlying dataset to both destinations through separate pipelines. For taxpayers, the lesson is that inconsistency between what an exchange reports under Section 509 and what a taxpayer declares in Schedule VDA is now the most direct trigger of Income Tax Department scrutiny — and the parallel PMLA and tax reporting makes evading both impractical.
The OECD CARF Timeline and India’s April 2027 Target
The OECD Crypto-Asset Reporting Framework is the international counterpart of Section 509. Finalised by the OECD in October 2022 under a G20 mandate, CARF extends the automatic exchange of information framework that has governed traditional financial accounts since the Common Reporting Standard was adopted, to the crypto-asset sector. The architecture is familiar: Reporting Crypto-Asset Service Providers (RCASPs) in participating jurisdictions collect due-diligence information on account holders, report the relevant transactions to their domestic tax authority, and the tax authorities exchange the data with peer jurisdictions under a Multilateral Competent Authority Agreement. The OECD’s published timeline contemplates two waves — 52 jurisdictions committed to first exchanges by 2027 and a further 15 by 2028.
India’s status in this architecture has been the subject of some confusion. The OECD’s own published lists as of late 2025 did not include India among the committed 52 or committed 15. But senior Finance Ministry officials, speaking on the record in September 2025 and February 2026, have stated that India will commence CARF exchanges from 1 April 2027, that legislative and system preparations are underway, and that the CARF MCAA will be signed in 2026. The CBDT’s confirmation of alignment, also in September 2025, and Budget 2026’s imposition of Section 509 and Section 446 as domestic infrastructure, point in the same direction. The best reading, as of April 2026, is that India’s commitment is firm at the policy level but that the formal MCAA signature and OECD listing are yet to occur. Business-Standard reporting through late 2025 and early 2026 has consistently described the April 2027 go-live as the government’s target.
What RCASPs Must Collect and Report Under CARF
The CARF technical schema, updated by the OECD in August 2025, specifies three categories of reportable transactions: fiat-to-crypto and crypto-to-fiat exchanges, crypto-to-crypto swaps, and transfers above a specified threshold (in many implementations a de minimis of USD 50,000 aggregate annual value per counterparty, though Indian implementation is expected to track the CARF default). For each reportable transaction, the RCASP must capture and transmit the account holder’s identity, the tax-identification number issued by the account holder’s residence jurisdiction, the transaction type, the aggregate value, the fair market value of the crypto-asset on the transaction date, and (for transfers) the counterparty wallet address. Due diligence for high-value accounts — those exceeding EUR 1 million in aggregate — is enhanced, and covers controlling-person identification for entity accounts.
The scope of assets covered is wider than many compliance teams first assume. CARF applies to crypto-assets broadly — including stablecoins, tokenised securities, and those non-fungible tokens that function as investment instruments. Closed-loop systems like CBDCs are excluded from CARF unless they become tradable on secondary markets. The overlap with the Indian Section 2(47A)(d) definition is substantial: the CARF asset universe maps almost directly onto the expanded VDA definition in Indian law, which is itself a CARF-compatibility choice by the Finance Act, 2025 drafters. What is not yet public, but will be imminently, is the technical format that Indian authorities will use to receive CARF data — the Finance Ministry indicated in February 2026 that the format was being finalised.
The Offshore Exchange Problem: CARF Closes the Gap
The single most significant consequence of CARF for Indian taxpayers is not the domestic reporting obligation — which is largely captured by Section 509 already — but the international information exchange that CARF enables. An Indian resident holding a position on an offshore exchange headquartered in Seychelles, the Cayman Islands, or Dubai has, to date, enjoyed a practical disclosure asymmetry: the Indian exchange that users trade on files TDS returns and Section 509 statements, but the offshore exchange does not, and the resident’s foreign-held crypto balances have been difficult for the Income Tax Department to identify absent an express disclosure. Once CARF is live and the offshore jurisdiction is a participating peer, that asymmetry closes. The offshore exchange’s reports flow from its own tax authority to the Indian CBDT under the MCAA, annually and automatically.
Indian tax authorities have already identified approximately INR 888.82 crore in undisclosed VDA-related income through domestic channels, according to government filings in early 2026. That figure is expected to grow materially once CARF exchange data begins arriving from April 2027. The Binance data-sharing experience is the template: after Binance registered with FIU-IND in August 2024 and commenced data sharing with Indian authorities, more than 400 Indian users of the platform were placed under tax audit by March 2026 on the strength of that data. CARF extends that template to every participating jurisdiction. For taxpayers with offshore VDA positions not previously disclosed, the rational window to clean up is the current financial year — Section 139(8A) updated returns are available for AY 2023-24 and later, and proactive disclosure ahead of a Section 148A notice materially reduces the penalty exposure.
Looking Ahead
The reporting architecture that activated on 1 April 2026 represents a structural shift in how Indian tax administration approaches VDAs. For the first three financial years of the regime (FY 2022-23 through FY 2024-25), the Income Tax Department’s view into VDA activity was largely indirect — TDS filings by Indian exchanges, bank-statement-level tracking of on-ramps and off-ramps, and self-disclosures in Schedule VDA. From FY 2025-26 onward, direct reporting by exchanges under Section 509 means that the Income Tax Department begins each taxpayer’s assessment with an authoritative record of that taxpayer’s on-chain activity routed through registered platforms. Once CARF is live, the same will be true for offshore activity as far as participating jurisdictions are concerned.
For taxpayers, the planning horizon is narrow. The Section 509 statements for Q1 FY 2026-27 will be filed in the near term. AIS and TIS will populate with crypto-asset data at a granularity that did not previously exist. Any inconsistency between a taxpayer’s Schedule VDA filing and the exchange-reported position is now a direct audit trigger. The window to voluntarily correct earlier-year disclosures is shorter than many taxpayers appreciate. Part Three in this series walks through the enforcement reality already in motion — the Section 148A reopening notices, the block-assessment risk under Chapter XIV-B, the gross-turnover-as-income problem that is tripping P2P traders, and the framework for responding to an income tax notice on a crypto position.
Frequently Asked Questions
What is Section 509 of the Income-tax Act 2025 for crypto reporting?
Section 509(1) of the Income-tax Act, 2025 (the re-codified form of Section 285BAA of the 1961 Act, inserted by the Finance Act, 2025) requires prescribed reporting entities to furnish information on crypto-asset transactions to the Income Tax Department in the prescribed form, period, and manner. The obligation is effective from 1 April 2026. Reporting entities broadly include Indian crypto exchanges, custodians, wallet providers, broker-dealer platforms, and offshore VDASPs servicing Indian users, as notified by the CBDT.
When will India implement the OECD Crypto-Asset Reporting Framework?
India’s CBDT has confirmed alignment with the OECD CARF and targeted 1 April 2027 for domestic enforcement. The CARF Multilateral Competent Authority Agreement is expected to be signed in 2026, and Indian tax authorities will begin receiving offshore crypto transaction data from participating jurisdictions from April 2027. As of April 2026, India’s formal commitment on the OECD’s published jurisdiction list is yet to be reflected, but the domestic legislative and administrative infrastructure (Section 509, Section 446, Rules 114F-114H amendments) is in place.
What is the penalty for a crypto exchange that fails to file a Section 509 statement?
Section 446 of the Income-tax Act, 2025 imposes a penalty of INR 200 per day for failure to furnish a Section 509 statement in time and in the prescribed form. A separate penalty of INR 50,000 applies where the entity furnishes inaccurate information and either fails to inform the prescribed authority of the inaccuracy within a reasonable period or fails to comply with the due-diligence requirements. The per-day penalty aggregates over the duration of default and across statements.
Do Rules 114F, 114G, and 114H now cover crypto-assets?
Yes. The Income-tax (First Amendment) Rules, 2026, notified by the CBDT on 5 March 2026 with retrospective effect from 1 January 2026, expanded Rules 114F, 114G, and 114H to classify crypto-assets, central bank digital currencies, and e-money as “financial assets” for FATCA and CRS reporting purposes. The consequence is that Indian reporting financial institutions now have due-diligence and reporting obligations in respect of accounts holding or dealing with crypto-assets, with KYC documentation standards aligned to CARF expectations.
How is Section 509 different from the FIU-IND reporting regime under the PMLA?
The Section 509 obligation is tax-focused and mechanical — the reporting entity files user-level transaction data on a prescribed periodic basis, regardless of whether any transaction is suspicious. The FIU-IND regime under the PMLA is AML/CFT-focused and judgement-laden — the Principal Officer files Suspicious Transaction Reports, Cash Transaction Reports, and NPO Transaction Reports based on transaction characteristics, through the FINgate portal. A VDASP typically must satisfy both regimes in parallel, with separate internal workflows and destinations. The data fields overlap substantially but the purposes and reporting triggers are distinct.
This analysis was prepared by the Candour Legal Team. Candour Legal is a full-service Indian law firm with offices in Ahmedabad, Delhi, and Mumbai, publishing commentary on digital assets, financial regulation, and cross-border compliance at candourlegal.com.
Further reading in this series
- Part 1 — VDA Taxation in India: The 30% Flat Rate, 1% TDS, and the Income-tax Act 2025 Transition
- Part 3 — Section 148A Notices, Block Assessment, and the Crypto Tax Enforcement Reality
- FIU-IND Registration Process — the parallel AML/CFT reporting infrastructure under the PMLA, which runs alongside the Section 509 regime discussed here.
