CESOP: An EU VAT transactional reporting obligation for payment service providers

Background 

CESOP is a new legislation adopted by the European Commission to support efforts to close the VAT gap in the EU. The VAT gap is the difference between the expected VAT revenue in the EU member states and the VAT actually collected by collecting data on cross-border payments. The EU expects to identify VAT that was previously unpaid.

The regulation is part of a wider package, it was created through a change to the EU VAT directive in the context of the VAT in the Digital Age (ViDA) project, consisting of a series of far-reaching VAT measures to modernize the system in the coming years. Particularly, the introduction of the Digital Reporting Requirements in the EU that will have a significant impact on the trade of businesses and reporting obligations. 

In other words, the regulation is at its core an administrative obligation on PSP in the EU that will be required to keep records of cross-border payments and report transactional data on a quarterly basis.

Who is affected?

The PSP are those defined in the Payment Services Directive (Directive (EU) 2015/2366 of the European Parliament and of the Council, “PSD2”). This encompasses credit, electronic money, post office giro and payment institutions, including those benefiting from the small payment institutions exemption.

In practice, banks, card schemes, merchant acquirers and CPSPs will likely be affected the most, as well as retailers and marketplaces that have their own “inhouse” PSP governed under PSD2.

Which transactions are subject to the reporting requirement? 

All cross-border payments where the payer is in the EU are affected. Any EU PSP processing a cross-border transaction needs to keep and report certain payment data. A relief applies for the payer’s EU PSP if the payee’s PSP is also in the EU. The relief does not extend to any intermediate EU PSP in payment chains that involve more than two parties.

Information on all such payments should be reported if the number of individual payments made to one single payee exceeds 25 in a calendar quarter. 

Note: Parties who are covered by one of the exclusions, or who expect that the payments they process to not exceed the de minimis threshold should periodically monitor their position and put operational procedures in place to be able to comply with CESOP reporting requirements in case they no longer fall within the exclusions or below the threshold.

Which type data from the transactions will have to be reported? 

Depending on transaction characteristics, the following data elements are to be included in the CESOP report by the reporting PSP:

1. BIC/ID reporting PSP

2. Payee name

3. Payee VAT ID/TIN

4. Payee account ID

5. Payee PSP BIC/ID

6. Payee Address

7. Refund Y/N, link

8. Date/time

9. Amount

10. Currency

11. MS of payment origin

12. MS of refund destination

13. Payer location information (payment origin)

14. Transaction ID

15. Physical presence Y/N, reference

How will the reporting system work? 

EU PSPs with reportable data will be required to transmit this data every calendar quarter to the locally appointed tax authorities in their home Member States and (if applicable) any host Member States where they are active. The BIC/IBAN number is leading to determine the localization of the payment’s payee and payer. Furthermore, a PSP active in multiple Member States will have to be compliant in each Member State. Non-compliance can lead to fines in each Member State. 

All data is to be transmitted in a standardized XML format.

The local tax authorities are, in turn, responsible to perform some data quality checks on the data and forward it into the central database at the EU level: CESOP. 

Swedish implementation status 

The Swedish Government Official Report (SOU 2022:25) was published in May 2022. The aim with the official report has been to propose the necessary legislative changes in Sweden to implement CESOP into Swedish legislation. Before the Government moves to a final proposal, the report has been sent for referral to the relevant authorities, organizations, and other interested or impacted parties which were given an opportunity to submit comments up until September 2022.

The referral phase has indicated a common view that the impacted parties welcome regulations that will decrease VAT fraud, however that it may be questioned if the regulations as such will be able to do so. It is however acknowledged that Sweden is obliged to implement the directive and therefore, most comments have focused on the Sweden specific matters such as unreasonably high penalty fees for non-compliance.

The next step in the Swedish process is for the Government to publish the final proposal.

Deloitte’s comment 

The VAT gap and extended frauds around Europe has resulted in huge loss of revenue in several EU member states. Although the Swedish VAT gap has been one of the lowest within the EU, any initiatives to support efforts which minimize frauds are always welcomed. It is up to the EU to evaluate if the regulations imposed meets the desired outcome in relation to the administrative burden imposed on tax payers. 

The administrative challenges surrounding CESOP are in large related to data collection, quality, processes, controls and to ensure compliance in multiple jurisdictions. Although the effective date is January 1st, 2024, and the Swedish proposal is yet to be issued, it is our experience that similar new reporting obligations and submissions of new data requires a lot of time to set up solid processes. Based on this, we recommend for PSP’s to start assessing what impact the regulation will have on the organization in terms of applicability, resources, operations, and systems as soon as possible. 

If you need any support or would like to discuss how the CESOP regulations will impact your organization, please do not hesitate to contact us. You can find our contact details below.

This article was also written by Frida Borg and Josephine Lystedt.