The EU’s Central Electronic System of Payment information (CESOP) is a major VAT reporting obligation for payment service providers (PSPs), introduced to help EU tax authorities detect and combat VAT fraud in cross-border e-commerce. From 1 April 2024, in-scope PSPs (including certain UK based PSPs) must report cross-border payment data relating to payees who receive more than 25 cross-border payments per quarter. For these purposes defined as a payment where the payer is located in an EU Member State, and the payee is located in another EU Member State or outside the EU.
Whilst non-EU based PSPs or FinTech companies do not automatically have a CESOP obligation, they should be aware of the CESOP obligations if they operate in the EU via:
- An EU‑incorporated subsidiary
- An EU branch or permanent establishment
- Another EU‑licensed entity within the group
In this update, we outline:
- Who CESOP applies to (and why it affects many FinTechs, not just banks)
- What data must be recorded and reported
- The reporting timetable and deadlines
- What PSPs should do now to reduce risk and avoid operational disruption
At HaysMac, we help PSPs and FinTechs put CESOP reporting on a secure footing, applying our understanding of how payment flows, platforms and data actually work in practice. If you need clarity on whether you are in scope, or you want support designing and running a compliant reporting process, speak to us.
What is CESOP (and why was it introduced)?
CESOP is an EU-wide reporting regime requiring PSPs to record and report data on certain cross-border payments. The aim is to give EU tax authorities better visibility of e-commerce payment activity so they can identify sellers who may not be meeting their VAT obligations.
CESOP data is submitted to national tax authorities, and then shared through the CESOP system to support cross-border analysis and investigation.
Who does CESOP apply to?
CESOP applies to payment service providers, which can include:
- Banks
- Payment institutions
- Electronic money institutions
- Other regulated payment businesses (including certain FinTechs)
In practice, CESOP is relevant to a wide range of organisations involved in processing cross-border payments, particularly those supporting e-commerce and platform-based business models.
What triggers CESOP reporting?
A key CESOP threshold is the number of payments received by a payee. Where a payee (e.g., a merchant) receives more than 25 cross-border payments in a quarter, the PSP must report the required data to the relevant EU tax authorities.
This is designed to help distinguish commercial activity from personal transfers, but for PSPs supporting marketplace sellers, cross-border merchants or high-volume e-commerce activity, the threshold can be triggered quickly.
What is the CESOP reporting frequency and deadline?
CESOP reporting is quarterly. The return is due by the end of the month following the end of the quarter. For example, the first reporting deadline for Q1 2024 was 30 April 2024.
Depending on where you provide payment services, submissions may be required in each EU Member State where you are active, and the reporting format is typically electronic (often XML) based on local implementation requirements.
Beyond “another report”: why CESOP matters
For CFOs, Heads of Tax and compliance leaders in payments and FinTech, CESOP is more than a one-off regulatory project. It has direct implications for:
1) Regulatory and reputational risk
CESOP reporting introduces an additional compliance obligation in an environment where EU tax authorities are increasing scrutiny of cross-border e-commerce and digital platforms.
2) Operational burden and data readiness
CESOP is fundamentally a data exercise. PSPs must be able to capture, aggregate and report payment information accurately at transaction level, often across multiple payment methods and systems.
3) Cross-functional dependency
CESOP rarely sits neatly in one team. It typically requires input from:
- Tax
- Finance
- Compliance
- Operations
- IT / data teams
- Product and risk functions
4) Future-proofing your reporting capability
CESOP is part of a broader trend: tax authorities are becoming more data-led. The practical challenge for many PSPs is ensuring reporting obligations are met consistently, without turning finance and compliance teams into permanent “firefighters”.
What PSPs should do now: practical next steps
1) Confirm whether you are a PSP in scope
This is not always obvious in groups with multiple regulated entities or cross-border operations. The first step is establishing scope clearly, including where your obligations sit by entity and country.
2) Map your cross-border payment flows
To meet CESOP obligations reliably, you need a clear view of:
- Which payments are cross-border
- Where the payer is located
- Who the payee is
- How many in-scope payments occur per quarter (threshold monitoring)
3) Pressure-test data availability and quality
CESOP reporting depends on extracting the right fields consistently, and being able to evidence and reconcile what you report. Many organisations find this is where risk appears, not because the rules are unclear, but because data sources are fragmented.
4) Design a process that scales
Quarterly reporting can quickly become a recurring operational load. The right approach is one that’s repeatable, documented, and supported by strong controls.
5) Plan for governance and auditability
CESOP reporting is designed to support investigation and enforcement activity. PSPs should be prepared to demonstrate:
- How decisions were made
- How data was sourced and validated
- How exceptions were handled
How HaysMac can help: CESOP reporting support for PSPs and FinTechs
At HaysMac, we support PSPs with practical, delivery-focused VAT compliance and reporting support, helping you move from uncertainty to a process you can rely on.
Our VAT team can help you:
- Assess CESOP scope and exposure
- Design and implement CESOP reporting processes and controls
- Support quarterly reporting readiness and ongoing compliance
- Coordinate a joined-up approach across tax, finance, compliance and systems teams
FinTech-focused support, built for fast-moving businesses
We work with fast-growth and regulated businesses operating in complex, evolving environments, including the FinTech sector. That means we understand the commercial reality behind CESOP: high transaction volumes, cross-border activity, tight regulatory timelines, and the need to implement compliance in a way that does not slow down growth or create unnecessary operational drag.
If you’re a payment service provider or FinTech business operating across borders and you need to understand what CESOP means in practice, we can help. Speak to HaysMac’s VAT team to confirm whether you are in scope, assess your readiness, and build a CESOP reporting process that is robust, scalable and defensible, now and as requirements evolve.
