CESOP: Guidelines for Payment Reporting Obligations

Last Updated on July 1, 2025 by Arnaud Collignon

1. Introduction and Core Objective

The primary objective of this reporting is to combat VAT fraud by enabling competent authorities of Member States to control the supply of goods and services. This is achieved through the collection of data on cross-border payments. The reporting requirement is strictly limited to cross-border payments.

Key Definition: A payment is considered “cross-border” when “the payer is located in a Member State and the payee is located in another Member State, in a third territory or in a third country.”

2. Scope of Reporting Obligation

The reporting obligation is defined by three core conditions:

  1. Entities in Scope: Which payment service providers (PSPs) must report?
  2. Payments in Scope: What types of payments are subject to reporting?
  3. Payment Services in Scope: What specific payment methods are covered?

These conditions are designed to capture payments that facilitate cross-border transactions for goods and services.

2.1. Entities in Scope (Who Reports?)

The guidelines specify the types of PSPs that are subject to reporting:

  • Credit institutions: “e.g. fully licensed banks established in Europe as well as European branches of credit institutions that have their head office outside the EU and which provide payment services.”
  • E-money institutions: “e.g. electronic wallet providers and electronic voucher/card providers.”
  • Payment institutions: A “residual category that can cover all companies providing payment services that do not qualify for any of the other categories listed in the PSD2.” This includes entities providing services like “issuing of credit/debit cards, acquiring of payment transaction, processing of payments, initiation of payments, platforms, which provide payment services and act on behalf of both the payer and payee.”
  • Post-office giro institutions: Those that provide payment services.

Exclusions: Central banks and public bodies are not in scope. Additionally, payments made via “commercial agents who acts only on behalf of the payer or the payee” are excluded. However, “payments done either via commercial agents who act on behalf of both the payer and the payee would be in scope.”

2.2. Territorial Scope (Where do PSPs Report From?)

The rules of the PSD2 (Payment Services Directive 2) apply to all European Economic Area (EEA) countries, including EU Member States, Iceland, Liechtenstein, and Norway.

  • PSPs must obtain a payment license in their home country to provide services in the EEA.
  • A PSP reports payments in the specific Member State where it “executes” those payments, based on its payment license and client location.
  • Payments to EEA countries (Iceland, Liechtenstein, Norway) are generally treated as payments to third territories/countries for reporting purposes, meaning the payer’s PSP will report them if the payee’s PSP is in the EEA country.
  • However, if an EEA PSP has a verifiable presence in an EU Member State (e.g., via BIC/IBAN), the general rules apply.

2.3. Payments in Scope (What Payments?)

The reporting primarily targets cross-border payments related to goods and services.

  • Credit Transfers: Standard bank transfers.
  • Direct Debits: Payments initiated by the payee; “mainly subject to the SEPA regulation.”
  • Money Remittance: “One of the oldest forms of transferring funds.” While often for “friend & family” payments, it is in scope if used commercially. These often do not require payment accounts.
  • Card Payments: Involve acquirers, card networks, and issuers.
  • E-money: Payments within E-money systems (e.g., e-wallets), which may or may not involve traditional bank accounts. E-money providers often operate “in a close system where both the payer and the payee have contracted with the E-money provider.”
  • Marketplaces: Platforms that centralize payments from payers and redistribute to various payee accounts.

Limited Use Payment Methods (Vouchers): “Payment methods with limited use must be understood as being valid to pay only a strictly limited (and often pre-established) number of merchants or pay for a limited range of goods and services.” These are defined by conditions such as use only at the issuer’s premises, within a limited network, or for a very limited range of goods/services. “Gift vouchers” are a common example. Payments made using these vouchers are generally not in scope; however, the initial purchase of a voucher using an in-scope payment method is in scope.

3. Determining Cross-Border Payments and Location

Crucial to the reporting obligation is accurately determining the location of the payer and payee.

3.1. Location Identifiers

The location of the payer and payee is determined primarily by their payment account identifiers.

  • Payer’s Location: “the IBAN of the payer’s payment account or any other identifier which unambiguously identifies, and gives the location of, the payer, or in the absence of such identifiers, the BIC or any other business identifier code that unambiguously identifies, and gives the location of, the payment service provider acting on behalf of the payer.”
  • Payee’s Location: Similar identifiers are used for the payee, covering Member States, third territories, or third countries.

Specifics per Payment Method:

  • Credit Transfer/Direct Debit: IBAN is the primary identifier. If payer/payee are in the same MS but their PSPs are in different MSs (e.g., payee uses an international PSP), it’s still considered cross-border and reportable.
  • Card Payments: BIN (Bank Identification Number) of the card for the payer’s location, and Merchant address/Card Acceptor location for the payee. If payer and payee are in the same MS, but their PSPs are different, it’s generally considered national. However, if the BIN indicates the card was issued in a different MS than the payee’s location, it is cross-border and reported.
  • E-money/Marketplace: Payer/payee e-account (location captured at onboarding), IBAN, or seller country code for e-vouchers. PSP’s own identifier or information collected during account creation is often used for high precision.
  • Money Remittance: Since payment accounts aren’t always used, the BIC of the respective money remittance institutions is used. If these institutions are in different Member States, it’s cross-border even if payer/payee are in the same MS.

4. Threshold and Aggregation Rules (The “25 Cross-Border Payments” Rule)

A PSP is only required to report data if it provides payment services corresponding to “more than 25 cross-border payments to the same payee” within a calendar quarter.

4.1. Calculation of the Threshold

  • The 25-payment threshold is calculated per payment service provider, per Member State, and per identifier (e.g., per IBAN).
  • Only cross-border payments are included in this calculation.
  • If the total for a single identifier exceeds 25, all payments to that identifier for the quarter must be reported.

4.2. Aggregation of Payments per Payee

PSPs must aggregate payments made to multiple identifiers if they “have the knowledge that these identifiers actually refer to the same payee.”

  • This applies if, for example, a PSP knows that two different IBANs or an IBAN and a Merchant ID belong to the same legal entity.
  • Important: While payments are aggregated for the threshold calculation, the actual data reporting must still be done using transactional data, treating the accounts as distinct for reporting purposes.
  • No Aggregation for Linked but Separate Entities: Aggregation should not occur for franchises or subsidiaries, as these are considered different legal entities, even if linked by brand.
  • Joint Accounts: If an account is held by multiple holders, the payee is considered “all the holders put together.” Aggregation with another account only occurs if all holders are the same.
  • Aggregation Limitations: Aggregation is performed only on payments executed by a single PSP per Member State. PSPs do not aggregate payments with other PSPs.

4.3. Specific Reporting Responsibility (Payer’s vs. Payee’s PSP)

The reporting responsibility depends on the location of the payee’s PSP:

  • Payee’s PSP in an EU Member State: The payee’s payment service provider reports data. “the payment service providers of the payer will not have to keep records on the payees where at least one of the payment service providers of the payee is located in a Member State.”
  • Payee’s PSP in a Third Territory/Country (or EEA country without EU presence): The payer’s payment service provider reports the data.
  • Threshold Calculation Exception: Even if a payment is not reported by a PSP due to this rule (e.g., payer’s PSP doesn’t report because payee’s PSP is in an EU MS), it must still be included in the calculation of the 25 cross-border transactions threshold.

5. Data to be Reported by Payment Service Providers

If the conditions for reporting are met, PSPs must submit specific data elements.

5.1. Overview of Data Elements

The guidelines provide a detailed list of data elements for each payment method. Key mandatory data elements generally include:

  • Payee Information: Name or business name, Payee account ID (IBAN or other identifier), BIC/ID of Payee’s PSP (if applicable), and if available, VAT identification number or other national tax number. Payee address is generally mandatory for the payee’s PSP, but optional for the payer’s PSP.
  • Payment Information: Date/time of the payment, Amount and currency, Member State of origin of payment, Member State destination of refund, Transaction ID.
  • Payer Location Information: Such as BIN for card payments, or location captured at onboarding for E-money.
  • Refunds: A specific field for “Refund” is intended to differentiate refunds from original payments.

5.2. Data Quality Aspects

  • VAT Number/TIN: Not mandatory elements for payment processing, but if available, they should be reported. Payee’s PSPs are “more likely to have VAT number/TIN or other identifier based on ‘know your customer’ (‘KYC’) requirements.”
  • Transaction IDs: Often proprietary to the PSP. If the ID is the same for different transactions, the PSP “must amend the transaction ID to be unique.”
  • Physical Presence: Required for card payments (Point of Service Entry Mode).

6. Validation and Submission

  • Data undergoes validation at both the national level and the CESOP (Central Electronic System of Payment Information) level.
  • The guidelines provide an overview of the requirements for (re)submission, though specific national rules are not detailed.

CESOP’ European commission webpage : https://taxation-customs.ec.europa.eu/taxation/vat/fight-against-vat-fraud/tackling-vat-fraud-e-commerce-cesop_en