Skip to main content

You're here:

How the Central Electronic System of Payment Information (CESOP) affects online businesses

How the Central Electronic System of Payment Information (CESOP) affects online businesses

Online businesses outside of the EU are facing a new era of tax compliance in the European Union. The bloc is combating VAT fraud in e-commerce businesses with a new tool: the Central Electronic System of Payment Information (CESOP) database.

The VAT CESOP directive is designed to target cross-border sales to make sure they’re complying with VAT regulations. And guess what? This includes sales within the EU – and sales from foreign businesses to EU residents!

So if you’re an online business with customers in the EU, the time to start thinking about VAT compliance is now.

That’s where we come in. With 10 years of experience in the EU VAT system, we know the ins and outs of the EU Commission’s strategies when it comes to new VAT rules. We read the bureaucratic plan so that we could explain it to you in normal language.

The result? We created this guide to help online business owners like you with a comprehensive understanding of CESOP, its implications, and the necessary steps for compliance.

  • What is the VAT CESOP directive?
  • How the Central Electronic System of Payment Information works
  • What payment data is included in the reports to CESOP?
  • Which Payment Service Providers need to report?
  • What transactions must be reported to CESOP?
  • How is data protected in the VAT CESOP directive?
  • How will CESOP affect non-EU businesses?
  • How to prepare for the Central Electronic System of Payment Information

What is the VAT CESOP directive?

The VAT CESOP directive is a new mechanism of VAT oversight that will go into effect in January 2024. It rules that payment service providers (PSPs) must report data related to cross-border payments in the EU. It is one part of a larger EU e-commerce VAT package that attempts to modernize cross-border tax processes. Other elements of the same package included the better known One-Stop Shop (OSS) and Import One-Stop Shop (IOSS), which rolled out in the last few years.

The European Council wants to modernize these tax processes for cross-border sales, with the overall goal of recouping as much VAT as possible and cracking down on VAT fraud. According to the Council, CESOP empowers tax authorities to detect fraudulent activities by sellers in other Member States and even in non-EU countries!

Therefore, the VAT CESOP directive is important not only for online businesses in the EU, but also for online businesses located anywhere in the world that are selling to EU customers.

How the Central Electronic System of Payment Information works

The Central Electronic System of Payment Information or CESOP is essentially a database, but there are a few steps to making the database functional. Here’s how the process works:

Step 1. Submit the data as VAT transactional reporting

From January 2024, Payment Service Providers (PSPs) will hand over data on cross-border payments that businesses receive from their customers. PSPs will submit this data electronically to the tax authorities in each EU Member State where they operate.

What payment data is included in the reports to CESOP?

  • BIC, or any other unique identifier of the PSP transmitting the data
  • Name of the merchant receiving payment
  • VAT number or national tax number of the merchant, if available
  • IBAN, or any other identifier of the merchant
  • BIC, or any other business identifier for PSP
  • Address of the merchant
  • Individual transaction details, such as date, amount and currency
  • Payment refund information, if applicable.

Customer or payer data will not be transmitted in the reports.

How often must PSPs submit a VAT transactional report?

PSPs must send over a report, much like a tax return, at the end of every quarter. The deadline is the final day of the month following the end of a reporting period.

Step 2. Centralize the payment data

From here, the tax authorities are responsible for checking the quality of the data. Then they will forward it to a centralized European Union database, the Central Electronic System of Payment Information or CESOP.

Step 3. Oversee and analyze the VAT payments

Once in CESOP, the data will be aggregated and made available to authorized staff within each country’s tax administration. The staff can then analyze the data to ensure that the correct amount of value-added tax is remitted.

Which Payment Service Providers need to report?

According to the directive, certain types of PSPs are obligated to report transactions, as well as comply with all the other rules that come along with reporting, such as GDPR data protection.

The PSPs specifically named in the ruling are:

  • Credit institutions
  • Electronic money institutions
  • Post office giro institutions
  • Payment institutions

This includes PSPs that process less than €3 million annually.

Other types of services involved in e-commerce transactions are not yet required to report payment data, such as:

  • Payment initiation service providers
  • Account information service providers.

These services never actually possess the consumer funds, i.e. the buyer’s money that’s being paid to the merchant, so reporting is seen as an unnecessary burden. However these services are expected to hold indemnity insurance to cover the liability that comes along with their e-commerce activities.

What transactions must be reported to CESOP?

Businesses who receive more than 25 cross-border payments per calendar quarter will have their data and payment information submitted to the CESOP database.

  • If your business is based in the EU, then your business’ PSP reports the payment in the country where you are located.
  • If your business is based outside of the EU, then the customer’s PSP reports the payment in the country where the customer is located.

Which cross-border payments count toward the threshold?

To be clear, these payments must come from a customer who is based in the EU. Cross-border payments from customers in other countries around the world do not count toward the 25 payment threshold.

When the threshold is reached, does each single payment need to be reported, or just the ones above the threshold?

According to the Taxation and Customs Union FAQs, once the threshold is reached, every single transaction must be transmitted to the authorities.

What payment methods must be reported to CESOP?

The types of payment methods which fall within the scope of the reporting requirement are:

  • card payments (debit and credit cards)
  • credit or bank transfers
  • direct debit payments
  • e-money payments
  • money remittances.

How is data protected in the VAT CESOP directive?

A key element of the VAT CESOP directive is the importance of data protection for all parties involved. All PSPs and member state tax authorities must adhere to data protection rules such as the EU’s General Data Protection Regulation (GDPR).

Furthermore, the EU Taxation and Customs Union emphasizes that CESOP reports will be limited to certain data:

“Only information related to payments that are likely to be connected to an economic activity is transmitted to the tax authorities. Information on consumers and on the reason underlying the payment is not part of the transmission.”

How will CESOP affect non-EU businesses?

Non-EU businesses and marketplaces are included in the VAT CESOP directive. Nothing will obviously change in your day-to-day operations. However, your EU VAT practices will come under more scrutiny and leave your business more vulnerable if you aren’t fully compliant with the law.

Specifically, the authorities will be looking for businesses who are:

  • Not charging EU VAT on sales, when they should be
  • Falsely reporting and underpaying VAT on their tax returns.

It is too soon to tell how tax authorities across the EU member states will use the CESOP database, much less how they will go about pursuing and prosecuting online businesses who are breaking VAT law.

But it’s definitely safe to say that it’s time to learn about how EU VAT works for remote sellers and how to make sure your business is compliant!

How to prepare for the Central Electronic System of Payment Information

Most of the preparation for CESOP falls on the shoulders of payment service providers, such as banks, credit card institutions, and other e-money services.

The best way an online business can prepare for CESOP is to make sure that VAT compliance is an integrated and automated part of your e-commerce sales.

Quaderno is a tax compliance software that handles VAT for you. Our software gives you peace of mind and keeps your business safe, so that you can spend your time focused on dominating the European market — on bettering your product, getting to know your customers, taking care of your employees, or whatever else matters more than fretting over the technicalities of EU VAT.

In fact, Quaderno can do all of the following:

  • Calculate the right amount of VAT to charge each customer, right on your checkout page.
  • Automatically verify the tax IDs you receive from customers.
  • Collect and store the customer location evidence that you need to get from every sale.
  • Create invoices in multiple languages and currencies.
  • Send invoices automatically.
  • Ensure you never overpay or underpay on your returns.
  • Notify you when your business might need to register for taxes in a new place.
  • Notify you if any tax policies or tax rates change so that you’re always in the loop.

And that’s only how Quaderno can help with EU VAT. When it comes to US sales tax, Goods and Services Tax (GST), and others around the world — Quaderno jumps through all the hoops for you and presents your business data in a way that’s easy to understand.

‍Sign up for a free trial and see how Quaderno can give you peace of mind.

Note: At Quaderno we love providing helpful information and best practices about taxes, but we are not certified tax advisors. For further help, or if you are ever in doubt, please consult a professional tax advisor or the Tax Agency.