From the 1st of January next year, the European Union tax reporting requirement for payment service providers (PSPs), including card issuers, acquirers, or other businesses processing payments, will come into effect.

The new requirement means that PSPs must monitor their merchants’ cross-border payments and report such payment data to the EU Member States body responsible for the management of the tax. The collected data will be centralized in the Central Electronic System of Payment information (CESOP), a new EU database where the information will be stored, aggregated, and cross-checked against other EU database records. The data in the CESOP will be made available to all EU Member States anti-fraud experts.

What is the purpose of CESOP?

The CESOP requirement aims to detect and overcome VAT non-compliance and VAT fraud in crossborder B2C eCommerce by merchants whose base operations are in another EU Member State or in a non-EU country. The data system complements the EU VAT eCommerce restrictions that came into force on the 1st of July, 2021.

The majority of B2C eCommerce transactions are executed through PSPs. These providers have access to underlying payment data, which is why it will be incumbent upon PSPs to report the new tax requirement.

Which PSPs are accountable to the CESOP?

PSPs that are included in the new reporting requirement are described by EU Directive 2015/2366 on payment services in the internal market (PSD2), Article 1(a) to (d). The definition covers PSPs such as EMIs, credit institutions, and payment institutions. Small PSPs that were covered by the exemption for small payment service providers of Article 32 PSD2 are now included under the CESOP.

Those providers not authorized as a PSP or who are providing a payment service, but fall under the PSD2 commercial agent exclusion, do not fall within the scope of the CESOP.

Which payment services and payments are included in the CESOP?

PSPs authorized to provide payment services covered by Annex I of PSD2 points (3) to (6) are included in the CESOP requirement, such as the execution of payment transactions, acquiring, and money remittance. Payments made in the scope of CESOP are in principle payment transactions covered by Article 4(5) PSD2 or money remittances covered by Article 4(22) PSD2.

What are the parameters of the CESOP reporting obligation?

If a PSP is in the scope of the CESOP and provides payment services and executes payments as defined by the CESOP requirement, they must report.

If the payments are cross-border, and the PSP executes more than 25 cross-border payments per calendar quarter to the same merchant, the PSP must report.

What is a cross-border payment under the CESOP?

When the payer is located in an EU Member State, and the merchant is located in another EU Member State or in a non-EU country, it is classified as a cross-border payment under the CESOP requirement. The location of the payer and the merchant is based on proxies, such as IBAN or BIC, and may not coincide with actual locations. There is no relation with the place-of-supply-rules or place-of-establishment-rules in EU VAT.

This means that a payment between a payer and a merchant who are both residents in the same EU Member State could still make a cross-border payment under the definition of the CESOP requirement. This can happen if, for example, the merchant uses an acquirer resident in another EU Member State using an IBAN of that EU Member State.

However, a payment between a payer and merchant resident in different EU Member States may not be a cross-border payment under the CESOP regulations if the merchant uses an acquirer with an IBAN in the EU Member State of the payer.

How is the 25 cross-border payment restriction calculated?

If there are 25 or more cross-border payments to the same merchant in a calendar quarter, it must be reported, according to the CESOP regulation. This threshold is per EU Member State and cannot be consolidated by a PSP.

However, consolidation or aggregation applies to merchants, for example where one merchant in one EU Member State uses different payment methods.

What are the details of reporting?

PSPs will be required to keep detailed records of merchants and payments. The PSP will be primarily responsible for reporting of the merchant’s activities, e.g. with the acquirer for card-based payments. However, this responsibility may shift to the PSP of the payer, e.g. the card issuer, in the case of card-based payment, where the PSP of the payee (e.g. the acquirer) is established in a non-EU country.

PSPs should report payment data to the tax authorities in their resident EU Member States and to the tax authorities in their host EU Member States where required. PSPs may also be subject to CESOP reporting obligations in multiple EU Member States if their payment services are EU-wide. This means that PSPs will be obliged to report to multiple tax authorities, using different tax authority portals and tax authority reporting channels.

The payment data to be reported is very detailed and includes:

  • PSPs BIC
  • Merchants name
  • Merchants VAT
  • Merchants IBAN
  • Merchants BIC
  • Merchants address
  • Payment and refund details

The CESOP will be a quarterly tax reporting requirement, with the first reportable period covering Q1 of 2024, with a reporting deadline of the 30th of April, 2024. EU Member States will then be required to transmit the data to CESOP by the 10th day of the following month, as of the 10th of May, 2024.

Why do eCommerce merchants need to know about the reporting requirement?

The CESOP requirement will make it easier for tax authorities across the EU to audit eCommerce merchants. It will place responsibility on merchants engaged in B2C eCommerce in the EU to manage VAT correctly. It will make it easier to enforce the 2015 EU VAT rules for eServices, and it will add weight to the EU’s VAT in the Digital Age proposals.


The number of European-based PSPs expanded with the fintech boom and PSPs have become an essential feature of the online ecosystem. While PSPs have enabled B2C merchants to accept electronic payments, VAT loss has increased throughout Europe.

The new regulations that place PSPs in a position of greater responsibility aim to improve irregularities, detect fraud, and recoup the approximate annual loss of €7 billion in tax revenue.

Merchants and PSPs need to work together to understand their respective responsibilities and coordinate reporting and recordkeeping to ensure tax obligations are met.