Skip to content
1stopVAT
1stopvat

CESOP Framework – EU Cross-Border Payments Reporting and VAT Compliance

9 min. read

Introductory notes

Almost four years have passed since the Council adopted a legislative package establishing a framework for requesting payment service providers to transmit information on cross-border payments when specific requirements are met. 

The information to be transmitted to the Central Electronic System of Payment Information(CESOP) is the one that captures mandatory information related to the payment service providers involved in the cross-border payment, as well as to the payee(merchant), the beneficiary of the payment. 

From January 1, 2024, Payment Service Providers should be able to collect, process, generate, transmit, and store all mandatory payment information as indicated in the Council Directive 2020/284 and Council Regulation 2020/283, and accompanying EU Commission Implementing Regulation 2022/1504. 

PSPs should transmit the collected payment service information to the tax authority of their Member State of origin or their host Member State. This is conditioned by the circumstances of the number of payment service providers intermediating in the transaction. 

This regulatory framework has been introduced as an additional tool in fighting against VAT fraud in the E-commerce sector. 

The payment service providers will be responsible for reporting the VAT-related transactional data of their clients(online merchants and marketplaces) to the responsible tax authorities. 

CESOP Framework

Adopting the CESOP regulatory framework can be considered the deployment of the additional tax technology tool by which the EU Commission is trying to combat VAT fraud. 

The amendments to the VAT Directive introduce the reporting obligation of PSPs established in the EU to keep records of the payments they process and the beneficiaries of those payments. The amendments of the EU Regulation 904/2010 pave the way for the establishment of the CESOP central database, storage of data, its processing, and transmission of selected data to the Member States specially designed tax experts teams who will have the task to analyze submitted data, using different analytical tools to identify non-compliant economic operators(merchants and platforms). 

During the first two and a half years of practical usage of VAT compliance systems developed by the EU, i.e., the OSS and IOSS simplification reporting schemes, tremendous improvement was shown in combating cross-border VAT fraud. 

The EU Commission has identified that through the adoption of the CESOP Directive, the results can be even better, based on the introduction of the new tools for monitoring cross-border transactions, primarily through stipulating the responsibility of the payment service providers for accurate, expeditious, and timely processing of transactional data. 

Payment Service Providers in Scope 

The Payment Service Providers who bear the responsibility of collecting, processing, storing, and transmitting the reportable data are: 

  • Credit institutions;
  • E-money institutions;
  • Payment institutions;
  • Member State post office giro institutions which are entitled under the national law to provide payment services.

Transactions within the reporting mandate

There is “just” one category of payments captured by the imposed mandate on the Payment Service Providers: cross-border payments(cross-border transactions). 

To simplify the statement mentioned above, from this legislative perspective, cross-border payments are payments made by a payer located in an EU Member State to a payee(merchant) located in a different jurisdiction(this can be – another EU Member State, third country, or third territory).

So, the customer is a legal or natural person and a resident/based in an EU Member State. In contrast, the “seller-recipient of funds,” a legal or natural person,  can be found in a different Member State but also a third country or third territory. 

The EU payment service provider becomes responsible for reporting payment information when the stipulated payee-based threshold is exceeded. 

When the PSP processes more than 25 cross-border payments to the same payee within a reporting period(calendar quarter), it is responsible for submitting a transactional report to the tax authority in charge. 

Reporting rules 

The reporting obligation of the payment service providers mainly depends on the number of Member States where it operates. It’s a natural reporting obligation to the tax authority of the Member State of its origin(where it has obtained a payment license, which could be the country of establishment). 

Along with the reporting obligation towards the tax authority of the country of origin, if the PSP operates in other Member States, e.g., through a branch or directly, the reporting obligation will automatically expand to the host country. 

The location of the payment service providers of both the payer and payee is significant, and based on this identification, the reporting responsibility is triggered, and the responsible entity is figured out. 

If the PSP of the payer and the payee are located within the EU, the reporting obligation will always be borne by the recipient PSP. 

If the PSP of the payer is based in EU MS, but the PSP of the payee is outside the EU, then the PSP of the payer shall bear the reporting responsibility. 

The mandatory transactional data shall be collected starting January 1, 2024, and reported quarterly. 

These are the reporting periods for the payment service providers to the responsible tax authority/authorities: 

  • Q1 Period (January- March): 30 April;
  • Q2 Period (April-June): 31 July;
  • Q3 Period (July-September): 31 October;
  • Q4 Period (October- December): 31 January.

After the data has been collected and verified by the responsible tax authorities, it will be transferred to the CESOP platform by the 10th day of the second month following the end of the reporting period. 

Reportable data 

The data that should be reported can be classified according to the amendment of the VAT Directive into two groups – the data related to the recipient of funds(seller) and data related to each payment(separately elaborated) received by the seller.

The list of the data that should be stored and reported by the PSP’s about each payee under the reporting obligation is the following: 

Data related to payee:

  • the BIC or any other business identifier code that unambiguously identifies the PSP;
  • the name or business name of the payee, as it appears in the records of the PSP;
  • if available, any VAT identification number or other national tax number of the payee;
  • the IBAN or, if the IBAN is not available, any other identifier that unambiguously identifies and provides info on the location of the payee;
  • the BIC or any other business identifier code that unambiguously identifies and gives the location of the payment service provider acting on behalf of the payee where the payee receives funds without having any payment account;
  • if available, the address of the payee as it appears in the records of the PSP.

Data related to each separated transaction:

  • the details of any cross-border payment and the details of any payment refunds, i.e.;
  • the date and time of the payment or the payment refund;
  • the amount and the currency of the payment or the payment refund;
  • the Member State of origin of the payment received by or on behalf of the payee; the Member State of destination of the refund, as appropriate, and the information used to determine the origin or the destination of the payment or the payment refund;
  • any reference that unambiguously identifies the payment;
  • where applicable, information that the payment is initiated at the physical premises of the merchant.

Reporting Mechanism 

The data flow depends on the technological infrastructure established at the country level. In general, the exchange of information should be processed in a few words in the following manner: 

  • Payment services providers should transfer cross-border payment data in a structured XML format to the country-based central exchange platform. The centralized platform will conduct specifically designed control procedures for the received files;
  • After performing all the necessary control procedures, the central platform will encrypt and digitally sign the files and transmit them to the CESOP systems, which will carry out further control procedures;
  • The positive outcome of data transmission shall be exclusively based – only when the PSP receives a notification in the form of a receipt file from the CESOP system that the files received from the country-based tax authority comply with the imposed tax-technical requirements.

Merchants in scope 

As emphasized at the beginning of the article, the CESOP Directive has been mainly adopted as the new legal-tax technological instrument, which will act as a complementary instrument in combating gray economy behavior derived from the VAT non-compliance activity within the e-commerce sector. 

Merchants under the monitoring eye are the ones making a supply of goods and services in the eCommerce sector, where the customer, being a legal or natural person, resides within the EU. 

Online businesses established in the EU, third countries, or third territories are the ones whose operations will be followed in detail. 

VAT Compliance challenges 

The online businesses, with a bit stronger emphasis on the online companies (both platforms and merchants), established outside the EU but with customers in the EU, will be under noteworthy observation for their operations in the EU. 

Suppose they have been operating under the radar of the VAT requirements so far. In that case, their business will have additional barriers to surpass unless they continue working non-compliantly. 

They should know what triggers mandatory VAT registration in the country where they make their supplies and when that happens to establish and maintain local or pan-EU VAT compliance accordingly.

What makes VAT non-compliance even more challenging after adopting the CESOP legislative framework?  

The advanced technological solutions implemented through the CESOP Directive, the establishment of the central exchange platforms at a country-based level under the tax authority control, and the accompanying establishment of tax expert departments at the Member States level whose only job will be to detect VAT fraud through the analysis of CESOP data.

Online merchants and platforms should be informed in a timely manner about the implications of the CESOP Directive on their business operations. They should establish a VAT-compliant system if they haven’t already done so. 

Aleksandar Delic
1stopVAT Indirect Tax Researcher (Global Content)