Central Electronic System of Payments

The Central Electronic System of Payments (CESOP) regime is an automatic exchange of information regime being introduced in the European Union from 1 January 2024. The rules were introduced by Council Directive 2020/284, amending the EU's Value-added tax Directive.

The rules were introduced to tackle VAT fraud by requiring all payment service providers (PSPs) as defined under the EU Payment Services Directive (PSD2) to report on cross-border payments which originate in the EU. To separate business payments from personal transfers, PSPs are only required to report on payments where they know that the recipient has received more than 25 payments in a quarter.

The reporting is expected to result in data sharing on 8 billion payment transactions per year, covering credit transfers, direct debit, credit and debit cards, as well as e-money and transactions by digital platforms actings as PSPs. The information shared includes transaction level detail, as well as information related to the identification of the recipient.

The regime has similarities to Australia's business transactions through payment systems, reporting and the United States' Form 1099-K reporting obligations, although unlike other exchange of information regimes there is no current OECD initiative to allow for information to be shared between those countries or others with similar regimes.

Background
The rules were first proposed by the European Commission in 2018, to tackle the perceived growth in tax evasion resulting from the growth of the digital economy and e-commerce. In their proposal, the Commission estimated that the cost of VAT lost annually to fraud to be €5 billion, and noted that:"'Suppliers have changed their business models to benefit from e-commerce and sell their products to consumers globally without the need for a physical retail presence. However, this opportunity is also exploited by fraudulent businesses to gain an unfair market advantage by not fulfilling their VAT obligations.'"A BBC report which was referred to by the EU Commission indicated that the UK alone was losing £1 billion a year to cross-border VAT fraud.

In the impact assessment accompanying the Directive, the Commission estimated that they would receive reports on 8 billion payment transactions annually, and the resultant file would be around 10 terabytes of data for each calendar year. A European Banking Authority report issued in 2022 indicated that there are around 46 billion cross-border transactions within the EU each year.

The Directive was approved by the Council of the European Union in 2020, with an effective date of 1 January 2024. The final Directive noted the overall purpose of the Directive:"'VAT fraud is a common problem for all Member States, but individual Member States do not have the information necessary to ensure that VAT rules regarding cross-border e-commerce are correctly applied or to combat VAT fraud in cross-border e-commerce.'"As an EU Directive, the requirements must be transposed into domestic law in order to become effective. Member State have until 31 December 2023 to transpose the Directive, and may choose to issue additional guidance to industry at the same time (for example, Irish Revenue Commissioners, Netherlands Belastingdienst and Germany's Federal Central Tax Office have all chosen to do so).

Scope
All Payment service providers under the EU's PSD2 are in scope for CESOP, with the exception of PSPs that only provide account information or payment initiation services.

PSPs are required to report all recipients who receive more than 25 payments in a quarter from EU payers.

Examples

 * A shop in Ireland receives payments via cards (both at the point of sale and online payments) and uses a service (merchant acquirer) in Luxembourg to process the payments. The Luxembourg business will be required to report the transactions to the Irish Revenue Commissioners on a quarterly basis.
 * On the website of a merchant in France, paying to the e-wallet of the merchant is offered to customers when buying a product. Customers from across the EU use this option to buy goods. The e-wallet provider will be required to report the payments received to the French Tax Authorities.
 * EU citizens routinely buy small items from a seller in China which are shipped into the EU, for example through drop shipping. The Chinese seller accepts card payments and e-money transfers through a EU based card processor and ships the good to the EU citizens. The EU based card processor will be required to report the payments to its own tax authority. (the EU impact assessment estimated that there were 115 million such transaction in 2020.
 * An EU-based online marketplace collects and processes payments on behalf of the owners of property which is rented to users for homestays under its own PSD2 license. The marketplace is required to report on each user who receives more than 25 payments in a quarter, and must report separately to each country in which sellers operate.

Once information is reported to domestic tax authorities, it will be shared with the EU CESOP database, and the information will be available to all tax parties to determine whether the correct VAT has been paid.

Format of reporting
Reports must be submitted within 30 days of a quarter end, in a defined XML format which is defined by an XML schema issued by the EU Commission.

The information required is generally consistent with data available through payment systems such as ISO 20022. and Card Transaction Data used by payment card services.