CESOP: as of 2024 cross-border payments must be reported for VAT purposes; bill presented to Lower House of Parliament

October 26, 2022
CESOP: as of 2024 cross-border payments must be reported for VAT purposes; bill presented to Lower House of Parliament

In order to detect and combat VAT fraud in cross-border internet sales of goods and services (e-commerce), the EU has decided to introduce a centralized European system for collecting and exchanging payment information: the Central Electronic System of Payment Information, CESOP. Payment service providers will have to transmit information about cross-border payments to CESOP. This should make it easier for tax authorities to detect potential VAT fraud. The rules apply to sellers established in and outside the EU. The planned implementation date for the system is January 1, 2024.

On October 24, 2022 the Deputy Minister of Finance presented a bill to implement CESOP in the Dutch VAT Act 1968 (bill on the Directive on Payment Service Providers (Implementation) Act). The proposed legislation is explained in more detail below and is followed by an invitation to join our webcast on November 9, 2022.

1. Background and explanation

A detailed explanation about how CESOP will function based on current EU rules has already appeared on our website. CESOP will increase the options for monitoring the remittance of VAT, by making use of the payment data on cross-border payments. These are payments made by a payer to a beneficiary in another Member State or a non-EU country. The most important elements of CESOP are the obligation of payment service providers to provide this payment data to tax authorities and to have this data analyzed at the EU level by anti-fraud experts.

The scope of these rules is broad and will affect virtually all payment service providers involved with cross-border payments, including payment service providers with an exemption under the PSD2 rules (Payment Service Directive 2, Directive (EU) 2015/2366). Platforms that settle payments between a seller and a buyer may also fall under the rules.

Virtually all of the EU rules on this have become an integral part of the bill that was presented to the Lower House of Parliament on October 24, 2022. As such, the bill corresponds to the draft bill that had previously been opened for consultation.

2. Practical aspects to consider

2.1 Penalty clause

What is new in the bill is a penalty clause. If the failure of payment service providers to comply with their obligations is due to intent or gross negligence, this could result in a pecuniary penalty of the sixth category, for which the maximum penalty is EUR 900,000. This is considerable compared to other countries. In a number of neighboring countries, the penalty is a fraction of this amount and in Sweden approximately half this amount. It should however be noted that quite a few countries have not yet published their penalty regime. The penalty can be imposed in the Netherlands with a maximum retroactive effect of five years. How is it that the period within which the penalty can be imposed is longer than the period of three years (after the end of the calendar year of the date of payment) that applies to the length of time records must be retained in the CESOP registers? By including a broader penalty provision, the legislator has created a situation where payment service providers are no longer legally required to retain the registers but destroying them after three years could make it difficult for them to meet the burden of proof required for the purposes of the penalty.

2.2 Temporary IT solution Dutch Tax and Customs Administration

In the explanatory notes to the law amendment, the Deputy Minister states that a temporary IT solution for submitting reports to the Dutch Tax and Customs Administration will be available as of January 1, 2024. The IT specifications of this solution should be known no later than January 1, 2023. A future-proof solution will not be introduced until after January 1, 2025.

2.3 How this relates to DAC7

The objective of this legislation deviates from DAC7 (Council Directive (EU) 2021/514 dated March 22, 2021). The main objective of DAC7 is to increase transparency about the income sellers realize via platforms. CESOP is aimed at identifying specific transactions so that these can be used to determine the taxable amount for VAT purposes. The Deputy Minister was also concerned about being able to cross-check VAT identification numbers (VIES and OSS data). A solution now appears to have been found for this.

2.4 Reference to the Directive on Payment Services (PSD 2); how this relates to the Financial Supervision Act

In several places the new rules refer directly to PSD2. The Council of State has expressed concern about this dynamic reference to legislation and pointed out the differences between the definitions in PSD2 and the way in which these were implemented in the Dutch Financial Supervision Act. The Deputy Minister dismissed this by arguing that there is no latitude in national policy in this context. We imagine that this will place payment service providers in a difficult position, if under the Financial Supervision Act they don’t need a registration but due to the reference to PSD2 will nevertheless have to comply with the CESOP obligations. Such differences appear in various places.

3. What can you do now?

Our advice to entrepreneurs is to identify as soon as possible whether they may be affected by CESOP. It is important to identify whether an entrepreneur provides payment services for which a license is required. Where regulated payment services are provided, it is important to understand which types of customers are being served whereby there is a reporting obligation for cross-border payments. The specific role played by the business in the various payment chains is also relevant. In particular where there are complex payment chains, a thorough analysis of the CESOP obligations will be needed.

After the above analysis has been performed, it will be necessary to identify in which Member States payment registers have to be kept, in which Member States there are reporting obligations and whether the data that must be recorded and reported is available. The actual implementation of the IT solutions will also take time.

4. Webcast November 9, 2022

We would like to invite you to join our webcast on November 9, where the rules will be explained in more detail. We will also inform you about how the rules are being implemented elsewhere in the EU and how the payment service providers sector is doing. There will also be tips on how organizations can implement the rules and the tools available to do so. To register for our webcast please click here.

If you would like to discuss this law amendment, feel free to contact the advisors of KPMG Meijburg & Co’s Indirect Tax Financial Services Group or your designated advisor.

© 2024 Meijburg & Co is a partnership of limited liability companies under Dutch law, is registered in the Trade Register under number 53753348
and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee.
All rights reserved.