• Lakshmi Radhakrishnan, Benedicte Frere
  • Published: 07 March 2023

From January 2024, a new EU-wide obligation will require payment service providers (PSPs) to report cross-border payments information on a quarterly basis, with the aim of combating e-commerce VAT fraud. 

CESOP, or Central Electronic System of Payment information, has been created by the European Commission to close the VAT gap (i.e. the VAT revenue from the EU Member States missed due to errors or fraud). By collecting the data on cross-border transactions reported by PSPs to the national tax authorities in their respective Member States, the EU expects to collect the unpaid VAT by allowing the data to be centralized in this new CESOP system, to be further processed and analyzed by anti-fraud experts.

Entities in scope

The following entities are affected by the new rule: 
• Credit institutions, for example fully licensed banks established in Europe as well as European branches of credit institutions that have their head offices outside the EU and which provide payment services
• E-money institutions, which covers all payment service providers providing payment services via electronic money (e-money)
• Payment institutions, which is a residual category that can cover all companies providing payment services that do not qualify for any of the other categories listed in the PSD2. It can include companies that provide payment services such as issuing of credit/debit cards, acquiring of payment transaction, processing of payments, initiation of payments, platforms, which provide payment services and act on behalf of both the payer and payee (such as online platforms and marketplaces), and more
• Post-office giro institutions which provide payment services.
The exemption for small PSPs (processing less than €3 million transaction value) laid down in article 32 of the PSD2 is not applicable to the CESOP reporting obligation.

Payments in scope 

Card payments (debit and credit cards), credit transfers and direct debits (SEPA and non SEPA), e-money, e-vouchers and e-wallets payments, as well as money remittance transactions are reportable, provided that:
• The payer of the transaction is in the EU (based on the IBAN or BIC)
• All payments are cross-border, i.e. the payment is made to another EU Member State or to a third country outside of the EU,
• More than 25 cross-border payments have been made to a same payee in a calendar quarter.

Payments from a payer which is not in a Member State to a payee in a Member State are out of scope of the reporting obligation.

Transaction information to report 

  The PSP of the payer and the PSP of the payee are required to report the following information on the transactions:
• BIC/ID of the reporting PSP
• Payee information (name, VAT ID/TIN, account ID, PSP BIC/ID, address) 
• Payment transaction info (date/time, amount, currency) 
• Refund info (Y/N)
• Country code of the Member State of the payment origin
• Country code of the Member State of the refund destination
• Payer location information (payment origin)
• Transaction ID 
• Physical presence (Y/N) with reference 

Reporting periods for payment service providers to Member States

 • 1st period (January- March): 30 April 
• 2nd period (April-June): 31 July 
• 3rd period (July-September): 31 October 
• 4th period (October- December): 31 January
Once the data has been collected by the tax authorities of the respective Member States, they will perform a quality check and transmit the data to CESOP by the 10th day of the second month following the end of the reporting period.

Preparation steps for the PSPs in scope 

  • Identify all payment channels used for in-scope transactions
• Perform impact assessment on the requested reporting data to identify gaps
• Filter and aggregate eligible transactions as per CESOP specific instructions in order to be EU GDPR compliant
• Identify the ultimate debtor or creditor for the payments / collections made by one entity on behalf of another
• EU PSPs that are available in more than one Member State need to design procedures to ensure all reportable transactions are reported and without being duplicated
• Implement periodic data quality checks and timely reporting procedures 
• Work with the legal and data governance teams to update impacted customer-facing agreements and procedures
• Implement an end-to-end reporting process to generate and send the data in a standardized XML format (as per the XML schema available on the EU’s CESOP website) to local tax authorities on a quarterly basis.


The European Commission’s objective is clear. It is to give the tax authorities of the Member States the right instruments to detect possible e-commerce VAT fraud carried out by sellers established in another Member State or a non-EU country. The data will be collected using a harmonized standard and will be restricted to information to identify sellers that receive regular cross-border payments, so applying the right filtering to comply with the EU data protection laws is of utmost importance. 

This new obligation will mainly affect banks, card schemes, merchant acquirers, as well as online platforms and marketplaces registered as PSPs. 

To face the challenges ahead, banks and payment service providers must start preparing now by assessing the challenges to identify, compile and report the eligible transactions and determining the budget required. Extracting the right data may involve building a new extract-transform-load (ETL) procedure as well as examining the internal data architecture and data staging, reconciling transaction data and putting in place the right governance to pilot the initiative and monitor data quality. 

Given the tight deadlines (with the first reporting due in April 2024), this assessment needs to take place sooner rather than later, to make sure the operational challenges can be met on time. 

How Capco can help

Capco provides comprehensive advisory expertise across the end-to-end payment delivery cycle, from customer journey, card issuance and acceptance solutions to payments architecture and payments modernization. We can help your organization develop the right approach for meeting this reporting obligation on time. 
Contact us to discuss the potential consequences of the new regulation for your business and the best strategic and tactical approaches to take.