On 24 October 2022, the Dutch State Secretary of Finance submitted a draft legislative proposal to implement the EU Payment Services Directive (Council Directive (EU) 2020/284) into domestic law. The proposal is expected to be implemented as from 1 January 2024.
The directive introduces new reporting obligations for payment service providers or PSPs where cross-border payments relating to e-commerce transactions originate from EU member states. Specifically, PSPs will be required to keep electronic records of data relating to those payments for three calendar years and to share the data with the local tax authorities, which will then share the data with the tax authorities in other EU member states. A new centralized EU-wide electronic system, called the Central Electronic Payment Information System (CESOP), will be set up to store, further process and facilitate the sharing of payment information among tax authorities. EU member states are required to implement the directive into domestic law by 31 December 2023.
The payment of most online purchases made by consumers in the EU is executed through PSPs, which have relevant information to identify the payee, as well as details of the date, amount and member state of origin of the payment. The directive acknowledges that such information is particularly vital in the context of a cross-border payment where the payer and payee are located in two different member states or where the payee is in a third jurisdiction. The directive aims to give the tax authorities greater insight into cross-border payments to help them detect and prevent the exploitation of e-commerce opportunities to avoid VAT obligations and VAT fraud in this area.
Which entities will fall within the scope of the new rules?
The rules for recordkeeping and reporting on cross-border payments will apply to all PSPs established within the EU. The term “payment service provider” encompasses a broad group of credit institutions, e-money institutions, post-office giro institutions, payment institutions, as well as individuals or legal persons that are covered by an exemption under the PSD II directive (the directive that regulates payment services between consumers and businesses). As explained below, the requirement to share information will apply to both the payer's PSP and the payee’s PSP.
A PSP will be considered to be located in a member state when its business identifier code (BIC) or unique business identifier refers to that member state.
What do the rules entail?
Payments that fall within the scope of the recordkeeping and reporting obligations are payments from a payer in one EU member state to a payee in another EU member state, as well as payments from a payer in a EU member state to a payee located outside the EU.
Where the PSPs of both the payee and the payer are located in a member state, only the payee’s PSP will be required to keep records and comply with the reporting requirement. Where the payee’s PSP is not located in a member state, the payer’s PSP will be subject to the record keeping and reporting obligations.
Payments between a payer and payee in the same member state are not covered by the rules.
Payment information only has to be recorded and provided if an EU or non-EU payee receives more than 25 payments per quarter.
Failure to comply with the rules intentionally or due to gross negligence could give rise to an administrative fine of (currently) up to EUR 900,000 (under Dutch law); examples of noncompliance include where information that should be provided is not provided and where information is provided that should not have been provided (because information is provided about a payee who has not received more than 25 payments). The fine can be imposed retroactively for up to five years.
What records must be kept?
Based on the new rules, the following information will have to be reported to the tax authorities in cases where an EU or non-EU payee receives more than 25 payments per quarter:
- Bank Identifier Code (BIC) or other business identifier code that clearly identifies the PSP;
- Payee’s name or business name;
- Payee’s VAT-ID/TIN or a national number used for tax purposes;
- IBAN of the payee’s payment account or similar unique identification that unambiguously identifies and provides the location of the payee;
- BIC that unambiguously identifies and gives the location of the PSP acting on behalf of the payee, where the payee receives funds without having a payment account;
- Payee’s address as it appears in the PSP’s records;
- Details of transactions carried out; and
- Details of any refunds.
For each payment transaction or refund, at least the date and time of execution of the payment, the amount and currency of the payment and the member state of origin of the funds must be recorded and provided. Certain information relating to refunds should also be recorded.
This information must be kept by the PSP for three calendar years and will have to be submitted to the tax authorities each quarter by the last day of the month following the relevant quarter:
| Period | Deadline |
| 1 January - 31 March | 30 April |
| 1 April - 30 June | 21 July |
| 1 july - 30 September | 31 October |
| 1 October - 31 December | 21 January |
EU member states must ensure that information is shared with other EU member states through CESOP no later than 10 days after the above deadlines. Subsequently, Eurofisc officials can view the payment information sent by other member states through CESOP.
BDO insight
In its implementation test, the Dutch tax administration indicates that a future-proof implementation of the proposal is not feasible by the 1 January 2024 deadline, so the authorities are developing a temporary alternative. Specifics of the design of the temporary alternative are currently unclear, as is transposition to a final system. For institutions affected by the new rules, it is hoped that the transition from the temporary system to the final system will create minimal additional administrative burdens.
The Dutch legislative proposal is based on an EU directive but the directive is silent on items such as the digital (reading) format for submitting the data, which means that each EU member state will have to determine their own rules, potentially resulting in differing interpretations. Hopefully the Dutch tax authorities will communicate this in a timely manner so PSPs are sufficiently aware of the administrative obligations. The effectiveness of the rules will depend on the analysis capabilities of the data; hence, effectiveness of the rules could be impaired if the IT systems and administration of the tax authorities are unable to extract and analyze the data efficiently. It is also disappointing that the Dutch tax administration mentions in its feasibility study that it will not be possible—even on a temporary basis—to carry out cross-checks with VIES and OSS data, which could complicate the use of the collected data by the authorities. In any case, potentially affected PSPs and payees should begin to assess the impact of the rules on their operations and whether their IT systems are sufficiently robust to capture the required data.
Please do not hesitate to contact us if you have any questions or would like to discuss the applicability and implications of CESOP on your business in greater detail.