How do you file taxes on prediction market profits? It seems like the type of straightforward question any halfway decent bookkeeper should be able to answer. Right now, though, it’s a conundrum for tax experts across the country. “You have a vacuum of guidance,” says Patrick Camuso, an accountant who specializes in digital assets. “It puts the taxpayer in a bad position.”

Prediction markets have been around for decades, so this isn’t a new issue. But platforms like Kalshi and Polymarket have exploded in popularity since last year, which means the question of how to properly account for prediction market gains has shifted from a niche concern to something far more urgent for many people. While only a small sliver of the population actually uses the markets—around 3 percent, according to a recent poll—that still means millions of US residents are obligated to report their wins and losses to the Internal Revenue Service. There’s big money in play here. Kalshi, which has a predominantly American user base, saw over $12 billion in monthly trade volume this past March, according to markets tracker Defi Rate.

Kalshi declined to comment. The IRS and Polymarket did not respond to requests for comment.

The IRS has not issued official guidelines on how to approach prediction markets, which means people who used these platforms now have to muddle their way through tax season hoping they aren’t inadvertently breaking the law. There are several potential ways to report wins and losses; some people are applying a statute governing tax reports on financial derivatives (like futures contracts and foreign currency contracts). Others are treating their prediction market gains as they would gambling winnings or are simply reporting them as regular income and crossing their fingers. Capuso describes the prediction markets as “a mix of wagering, derivatives, and investment contracts all mixed together in a unique bucket” and says that he assesses what clients owe on a case-by-case basis. “Our firm generally takes a more conservative position for most clients due to the ambiguity around a lot of the tax rules.”

For traders who report prediction markets earnings as gambling winnings, the process can be onerous. Bettors must track their winnings on a “per session” basis, which means that instead of reporting a net amount, a thorough record of each wager must be kept. Nate Meininger, a Phoenix-based prediction market trader, has joked on X about how the lack of guidance means you don’t have to declare the income. In real life, however, he says he reports gains by looking at the tax documents offered by platforms like Kalshi and consulting with an accountant. “I don’t track it myself,” he says. “That seems like a lot of work.”

US-based prediction market traders who access Polymarket and other crypto-based platforms by using virtual private networks are in an especially tricky spot, since the company does not issue tax documentation (and because they are legally banned from using unlicensed platforms). As US citizens are obligated to report income regardless of its source, traders who buy contracts on Polymarket and its ilk must self-report their earnings. “The offshore exchanges are harder,” Meininger says.

Changes at the IRS may make things harder still. The tax agency is in the middle of a significant overhaul, with some modernization efforts spearheaded by operatives from the so-called Department of Government Efficiency. It is currently pursuing more sophisticated strategies to identify which taxpayers to audit; last year, the IRS paid Palantir $1.8 million to improve a custom tool designed to flag “high-value” auditing cases, as WIRED recently reported.

Five member countries are already experimenting with the solution this year, but they don’t all seem to be on the same page. It was pointed out at the press conference that France and Denmark are far ahead, while Greece, Spain, and Italy are lagging. This is why some experts are skeptical that the digital wallet will come into force within the established time frame.

An Alternative to the US Model

Among the players already visible in the European market for age verification are Yoti, which TikTok is using in Europe for this purpose along with other methods such as credit cards and documents, and Persona, which is an identity- and age-verification provider used by platforms such as Roblox, Discord, and Reddit.

The latter has a much more data-intrusive model, one that the Commission says it wants to avoid. In fact, its services include fingerprint verification, face recognition, screening a person’s face to compare it to one on a particular list, and the retention of all such data for up to three years.

In February 2026, it also emerged that Persona publicly exposed thousands of files online. The company responded by saying that this was an isolated testing environment and that the data was not actually exposed, and, in addition, that it does not work with US government agencies to provide it with data on users.

In any case, the US model shows the risks of age verification based on massive collection and analysis of identifying data. This highlights the need for a European alternative, one that shifts the concept to another level: not so much “prove your identity so I can check your age” as “just prove your age, without revealing anything else.”

Brussels is promoting an open source architecture, leaving room for both member states and market players to publish national or derivative versions. Scytales and T-Systems were mentioned during the press conference as services to look to in Europe. Whoever develops the system will still have to consider a “triangular” architecture, officials say: A third party certifies that the user meets the required attribute, i.e., being above a certain age, without the site receiving documents or other personal data. To make the concept more understandable, the Commission cited the experience of Covid certificates.

A Glaring Loophole

There remains, however, a clear distance between the technical promise and the social reality of the problem. As recounted in the press conference, the mini-wallet seems designed primarily to prevent the site from learning too much about the user, but much less to solve the most trivial bypass of all: a minor using an adult’s phone, credentials, or ID. In other words, the system may perhaps reduce the amount of personal data in circulation, but it does not automatically eliminate the risk of age verification being bypassed in practice.

Despite this, the mini-wallet currently appears to be the most promising solution. The Commission has clarified, though, that it is not the only possible solution. The door remains open to alternatives, provided they are “equally effective.” Pornhub is already involved in the pilot phase, while other operators have been invited to participate.

In short, Europe could become the first major policy laboratory where age verification stops being a formality and becomes a real infrastructure, with all the promise and—not to be overlooked—all the risks that this entails.

This story originally appeared in WIRED Italia and has been translated from Italian.

Across the region, facilities tied to water and power—including desalination plants—have been damaged or exposed to risk as Iranian strikes extend beyond traditional targets.

A single strike, however, is unlikely to shut off the gulf’s water supply. The system is designed to absorb isolated disruption, but sustained or multisite attacks would begin to strain supply far more quickly.

“In the Gulf, desalination is built with enough breathing room that losing one plant doesn’t immediately show up at the tap,” says Rabee Rustum, professor of water and environmental engineering at Heriot-Watt University Dubai.

In Kuwait, Iranian drone attacks have damaged two power and desalination facilities and ignited fires at two oil sites. Other sites, including Fujairah in the UAE, have been identified as potentially exposed.

“Striking desalination plants would be a strategic move, but it would also come very close to, and in some cases cross, a red line,” says Andreas Krieg, senior lecturer at the School of Security Studies at King’s College London.

Water infrastructure, Krieg explains, occupies a distinct category. “Water infrastructure is not just another utility. In places that depend on desalination, it underpins civilian survival, public health, hospital function, sanitation, and basic state legitimacy.”

Krieg notes that international humanitarian law gives special protection to civilian objects and to objects indispensable to the survival of the civilian population. “Which is precisely why attacks on water systems carry such grave legal and moral weight,” Krieg adds.

The incidents highlight a structural reality: Desalination is central to water supply in the gulf, and disruption carries immediate implications for daily life.

How the System Absorbs Disruption

At first glance, desalination appears vulnerable. Shut down a plant, and supply is reduced. In practice, the system is designed with layers of redundancy.

Plants operate across multiple locations, allowing output to be redistributed if one facility slows down. Water is also stored at different points across the network, including central reservoirs and building-level tanks, creating a buffer that delays disruption.

According to a statement to WIRED Middle East by Veolia, an environmental services provider whose technologies account for nearly 19 percent of desalination capacity in the region, “the region’s water supply is diversified thanks to a network of numerous facilities distributed along the coastline.”

The company adds that distribution systems are interconnected, allowing plants to “support and substitute for one another when necessary,” helping maintain continuity of service.

In the UAE, storage capacity typically covers around one week, while in other parts of the region it may be limited to two to three days, Veolia says.

In practice, this means the system can absorb disruption for a limited period. Once reserves are depleted, water supply depends on whether plants can continue producing enough water to meet demand.

The System That Produces Water

Unlike most regions, the Gulf does not rely on rivers or rainfall. It depends on a network of desalination plants along its coastline that convert seawater into potable water on a continuous basis.

Seawater is drawn into treatment facilities, filtered and processed either through reverse osmosis—forcing it through membranes to remove salt and impurities—or through thermal methods that evaporate and condense water. The resulting supply is distributed through pipelines, stored in reservoirs, and delivered to homes, hospitals, and industry.

This is not a flexible system. It is designed to operate continuously, producing water at a scale that sustains cities, industrial activity, and essential services. Gulf states produce roughly 40 percent of the world’s desalinated water, operating more than 400 plants across the region.

Dependence varies by country but is high everywhere. In the UAE, desalination accounts for 41 to 42 percent of total water supply, while in Kuwait, it provides around 90 percent of drinking water, and in Saudi Arabia, approximately 70 percent.

When Disruption Becomes Visible

For residents, disruption would not be felt immediately—water would continue to flow.

Rustum explains that buildings are supported by internal storage and pumping systems, meaning early changes in supply may not be apparent. In many cases, water pressure remains stable, even as the wider system adjusts.