How are CESOP and VAT law related to cross-border payments?

Let’s be honest – when we hear the word tax law in our industry, we do not assume that anything relevant for payment transactions will follow. Of course, payment methods are used by all parties to settle tax liabilities, but this does not make them a subject of regulation under tax law. The bad news, however, is that in future we will always have to look a little closer when it comes to the EU VAT directive.

Overstrain as a background 

In the course of the action plan to create a single VAT area, the EU Commission inevitably encounters the issue of VAT evasion. The increasing use of e-commerce for the cross-border sale of goods and services in the member states particularly reinforces this situation. 

The investigating authorities are struggling with deficient information and limited information gathering possibilities. The required information is often held by third parties (such as payment service providers), usually located in another state. This is compounded by insufficient administrative capacity to cope with the high volume of data required to detect VAT fraud. This concerns both the exchange and the processing of corresponding amounts of data. 

The EU Commission speaks of a three-digit billion loss of tax revenue ( In order to counteract this situation from the perspective of the European legislator, the previously existing regulations were amended accordingly on 18/02/2020.

Council Regulation (EU) 2020/283 of 18 February 2020 amending Regulation (EU) No 904/2010 as regards measures to strengthen administrative cooperation in order to combat VAT fraud.

  • Establishing cooperation between national tax authorities to detect VAT fraud and ensure compliance with VAT obligations.

Council Directive (EU) 2020/284 of 18 February 2020 amending Directive 2006/112/EC as regards introducing certain requirements for payment service providers.
Amendments to the VAT directive:

  • Payment service providers will be required to keep records of cross-border payments related to e-commerce.
  • Data must be made available to the national tax authorities. Strict conditions (among others for data protection) have to be taken into account.

Council Directive (EU) 2020/285 of 18 February 2020 amending Directive 2006/112/EC on the common system of value added tax as regards the special scheme for small enterprises and Regulation (EU) No 904/2010 as regards the administrative cooperation and exchange of information for the purpose of monitoring the correct application of the special scheme for small enterprises.
In addition to further regulations on administrative cooperation, there were new EU-wide special regulations for small businesses:

  • Small businesses based in other member states (MS) may benefit from the small business regulation in the future.
  • This applies provided that their annual turnover does not exceed a maximum of 85,000 euros (limit set by MS).
  • If certain conditions apply, this can even be up to 100,000 euros, provided that this turnover was achieved throughout the EU.

As of 1 January 2024, Directive 2020/284/EU will oblige payment service providers to share their information with the tax authorities, i.e. to improve information accessibility from the authorities' point of view. To this end, it prescribes a central reporting of certain payments data by payment service providers, which authorities are to use in cases of suspicion to carry out their investigation without obstacles.

CESOP – payments data in data retention  

The keyword for the storage of this supplied data is CESOP (Central Electronic System of Payment Information). A central system of the EU which is supervised by EUROFISC. It shall not only record the supplied data, but also make it searchable, intelligently search for redundant data records, make correlations visible etc.

Only the tax authorities of the member states will have access – all in accordance with other rights, of course. The general interest in avoiding damage from tax evasion amounting to billions outweighs the individual's right to data confidentiality here.

Which payments have to be reported by whom? 

Whenever payment service providers provide payment services for more than 25 cross-border payments within a calendar quarter to the same payment recipient, regardless of the amount of the transaction, these must be reported. The data must be kept for at least three calendar years.

European payment service providers

If the payment is made to a payment recipient in the EU, the recording obligation lies with the payment recipient's payment service provider.

If the payment is made by a payer in the EU to a payment recipient in a non-EU country, the recording obligation lies with the payment recipient's payment service provider.

Supplying, but how? 

The by now hopefully inclined readers will surely now ask themselves: "Okay, we have a new reporting obligation. But how do we get the data into CESOP?". The good news is that you as a PSP do not have to do this at all, because CESOP is "fed" via the national authorities. It is also already clear what the interface and format for supply and the data format look like. What is unclear, however, and this is the bad news, is how payment service providers for their part will have to hand over the information to the national authorities after they have compiled it from their systems (if they even have this data already). 

Directives require implementation by national legislators. They therefore differ (indirectly) from regulations in their mode of effect. The latter are effective immediately and must be applied directly. The German legislators have not yet dealt with the amendments to the VAT directive; in other words, they have not even begun to implement them. After all, they still have until 31/12/2023 (as a reminder: the start is on 01/01/2024) and are currently still waiting for further developments at EU level (which is not necessarily wrong). 

In the course of implementation, however, the German legislators are free to decide whether to implement 1:1 or to adopt stricter rules. A deviation from the wording of the directive would also be legitimate. The finer details could therefore still depend on the implementation by the German legislators.


European VAT law is now very much related to payments and makes payment service providers responsible for providing information to the tax authorities of the member states. 

The legal situation at national level and the manner of implementation remain unclear. It is also still uncertain which technical means will be used to transfer the information to the responsible national authority. However, this does not mean that payment service providers can now sit back and relax, because data aggregation, orchestration and the implementation for reporting are not to be underestimated.

Author: Benjamin Schreck


Post a Comment