New record and obligations imposed on EU payment services providers to fight against VAT fraud


From 2024, new record keeping and reporting obligations imposed on EU payment services providers to fight against VAT fraud

8 April 2020 

VAT and Regulatory Alert

New record keeping and reporting obligations imposed as from 2024 to EU payment services providers to fight against VAT fraud. In February 2020, the European Union Council has approved new measures  (Directive and Regulation) imposing on payment services providers (PSP) to collect and report data regarding cross-border payments as from 2024. CESOP, a new database to be set up by the EU Commission, will keep record of this information regarding cross-border payments within the EU, as well as payments to third countries or territories. National tax authorities will have access to CESOP to control the correct fulfilment of VAT obligations, mainly but not exclusively on cross-border business to consumer (B2C) supplies of goods and services.

PDF - 131 KB

The introduction of new record-keeping and reporting obligations applicable to EU payment services providers come in addition and are connected with the new rules that form part of the European Commission’s e-commerce VAT package that becomes effective as from 1 January 2021. Under the revised EU VAT Directive, platforms would be responsible for the payment of the VAT on sales by non-EU sellers to EU non-taxable persons (such as private customers) and imports of goods into the EU they facilitate. 

Unlike platforms, the payment service providers will have no responsibility with respect to the payment of VAT, which is due by their clients but will be obliged, to communicate under a certain formate (still to be defined) information. Most of the information to be reported, is already being collected as part of the standard business procedure when providing payment services for clients. The collection of this information should allow Member States to control that businesses effectively pay the VAT due on their transactions. Indeed, the EU Council considers that a large majority of e-commerce clients pay their purchases via a PSP and that, therefore, it is relevant to introduce these new obligations. 

Information to be collected and reported relates, mainly, to the identity of the “payee” (i.e a person or an organization that receives a payment”), to the payments but not to the (supposed) underlying taxable transaction. The information collected and reported would thus probably exceeds the purpose of the new obligations, i.e. PSP would probably collect and report information that may not be related to transactions subject to VAT.

PSPs will not have to collect and report information about all payments but only as from a payee receives at least 25 cross-border payments during a civil Quarter. The EU Council has assumed that this frequency of cross-border payments is an indication of a business activity performed by the payee.

PSPs will have to report the information via a standard electronic form. The EU Commission must still define this standard form. A new database of the EU Commission, CESOP, still to be developed, will centralize and manage this information. Designated officers of the different national VAT authorities will have access to this information.

These new obligations are included in a new article 243a to d of the EU VAT Directive. However, definitions and concepts used by this new regulation are generally those of the Directive 2015/2366 (PSD2) of 25 November 2015 regarding payment services  (i).

The new measures should be enforced as from 1 January 2024, while Member States must adopt national implementing measures by 31 December 2023 at the latest. These measures will be necessary for the practical application of the new regulations. To deal with these complex measures, the EU Commission has launched a public consultation regarding the practical implementation of these new obligations (

Heads of tax and compliance in PSPs should drawn the attention within their organization on these new obligations, set up a retroplanning and undertake with their respective IT teams actions to be ready as of 1 January 2024 to collect and report the requested information.

1. Who are the PSPs concerned?

The new measures apply to all PSPs established in the EU. The concerned PSPs are those of article 1 (1) (a) to (d) of the Directive 2015/2366, including persons exempt under article 32. This thus includes credit institutions, electronic money institutions, post office giro institutions and payment institutions. Persons under article 32 include smaller PSP’s exempt under national law (i.e. average monthly payment of a value of maximum € 3 million). They do not apply to non-EU PSPs. Consequently, when the payee’s PSP (or one of the payee’s PSP) is a non-EU one, the reporting obligations lie down exclusively in the hands of the payers’s PSPs located in the EU.

2. What are the concerned payments?

The new obligations affect cross border payments, i.e. any payment when the payee is established in another jurisdiction than the payer. It would thus include cases where the payer is located in an EU Member State and the payee is located in another EU or in a non-EU country or territory. National payments are thus out of the scope.

3. When start the obligations?

The record-keeping and reporting obligation starts when a payment service provider provides more than 25 cross-borders payments to the same payee during a calendar Quarter. The criteria is strictly based on the number of payments, not on the amounts paid.

This number is calculed by reference to the payment services provided by the PSP per Member State and per identifier (IBAN of the payee or any other identifier, or in absence of such identifiers, the BIC or any other identifier of the PSP’s payee).

When the PSP has information that the payee has several identifiers, the calculation is to be made by payee.

4. Which PSP are subject to the new obligations?

In principle, both the payer’s and payee’s PSPs are subject to the same obligations.

However, when both payer’s PSP and at least one of the payees PSP(s) are established in the EU, only the payee’s PSP should be subject to the record-keeping and reporting obligations regarding the payments between EU PSPs. To determine whether a PSP is established in the EU, it should be referred to its BIC of, in absence of BIC, to any other identifier.

Nevertheless, the payer’s PSP should include these payments made to EU payees PSP(s) in the computation of the 25 cross-border payments mentioned above. This number of 25 includes both payments to EU and non-EU PSP’s. Thus, when this 25 cross-borders payments is exceeded, the payer’s PSP will be subject to the reporting obligations but only for payments to non-EU PSPs.

5. What in case several PSPs intervene in the payment?

Payment transactions may involve several PSPs and imply several transfert of funds. Each of these PSP is subject to the new obligations. However, the record keeping and reporting obligations should contain information regarding the payment from the initial payer to the final payee and not on the intermediate transfer of funds between the PSPs.

6. How are Member States determined for the payer and of the payee?

The Member State of the payer/payee is the one corresponding to the IBAN or any other identifier of the payer/payee or, in absence of such information, the BIC or any other identifier of the PSP acting on behalf of the payer/payee.

7. What are the record-keeping obligations?

PSPs should store the information collected in an electronic format for a period of three calendar years from the end of the calendar year of the date of the payment.

8. How and when to report?

The PSPs have to report the information available in accordance to its Member State of establishment or to the host Member States when the PSP provides payment services in Member States other than the home Member State.

PSPs should collect the information no later than by the end of the month following the calendar Quarter to which the information relates. The Commission must define this electronic standard form and Member States the other pratical measures.

9. How will European and national authorities handle the collected information (CESOP)?

The national authorities have to transmit the information collected no later that the tenth day of the second month to CESOP, the new database managed by the EU.

CESOP will store, aggregate and analyse the information collected and make it available to Eurofisc liaison officials. Each Member State should designate at least one liaison official.

We should note that CESOP will retain the information for a maximum period of five years from the end of the year in which the information was transmitted to it. The five years storage period corresponds to the period of possible investigation of the VAT authorities, storage of information and statute of limitation period of a number of Member States and different EU VAT regulations (ii) . It thus differs from the three years period storage imposed to PSPs.

The Commission must adopted various measures regarding the technical measures for establishing and maintaining CESOP including the electronic standard forms to be used by PSPs to reoprt the information.

10. What are the penalties in case of none or wrong reporting?

The new measures do not include specific penalties regarding these new obligations. It is unclear whether penalties generally applicable pursuant the national VAT law would be applicable. We should probably wait the national implementing measures to clarify this point.

11. What are the information to collect and report?

PSPs should collect and report the following information:


1. The records shall contain the following information:


(a) the BIC or any other business identifier code that unambiguously identifies the payment service provider;

(b) the name or business name of the payee, as it appears in the records of the payment services provider;

(c) if available, any VAT identification number or other national tax number of the payee;

(d) the IBAN or, if the IBAN is not available, any other identifier which unambiguously identifies, and gives the location of, the payee;

(e) the BIC or any other business identifier code that unambiguously identifies, and gives the location of, the payment service provider acting on behalf of the payee where the payee receives funds without having any payment account;

(f) if available, the address of the payee as it appears in the records of the payment services provider;

(g) the details of any cross-border payment;

(h) the details of any payment refunds identified as relating to the cross-border payments referred to in point (g).


2. The information referred to in points (g) and (h) of paragraph 1 shall contain the following details:


(a) the date and time of the payment or of the payment refund;

(b) the amount and the currency of the payment or of the payment refund;

(c) the Member State of origin of the payment received by or on behalf of the payee, the Member State of destination of the refund, as appropriate, and the information used to determine the origin or the destination of the payment or of the payment refund;

(d) any reference which unambiguously identifies the payment;

(e) where applicable, information that the payment is initiated at the physical premises of the merchant.’.

The only information regarding the payer is his location.


(i) Directive 2015/2366 of the European parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC.

(ii) For exemple article 18 of the EU VAT regulation 904/2010 of 7 October 2010 on administrative cooperation and combating fraud in the field of VAT.

Insert CSS fragment. Do not delete! This box/component contains code needed on this page. This message will not be visible when page is activated.

Did you find this useful?