Since 1 January 2024, the EU has entered a new phase of VAT transparency by introducing the Central Electronic System of Payment information (CESOP). While CESOP is a VAT initiative, its operational impact falls squarely on FinTechs and payment service providers (PSPs), not on tax functions or merchants directly.
For FinTechs operating in payments, acquiring, e-money or embedded finance, CESOP represents a regulatory obligation with clear VAT consequences, both for your platform and for your merchant clients.
What is CESOP?
CESOP is a central EU-wide database designed to collect information on cross-border payments. It was introduced under Council Directive (EU) 2020/284, amending the EU VAT Directive, together with Council Regulation (EU) 2020/283. Rather than relying solely on VAT returns filed by sellers, CESOP allows tax authorities to cross-check payment flows against VAT registrations and OSS/IOSS filings. The data reported by PSPs is aggregated at EU level and analysed by local tax authorities through the Eurofisc network.
What is clear from a policy standpoint: payment data is now a core VAT control mechanism.
Which FinTechs are in scope?
For CESOP purposes, a payment service provider is defined by reference to PSD2, meaning the regime applies much more broadly than traditional banks. FinTechs typically falling in scope of CESOP include:
- Payment institutions and merchant acquirers
- Electronic money institutions and wallet providers
- Card issuers and scheme participants
- Money remittance platforms
- Marketplaces or platforms operating “in‑house” payment flows
- Embedded‑finance providers facilitating payment execution
With that being said, substance prevails over form and where a FinTech controls or executes payments in its own name, even as part of a wider platform offering, CESOP obligations may apply.
Reporting obligations
CESOP only captures cross-border payments, which means payments where: i) the payer is located in one EU Member State, and ii) the payee is located in another Member State or a non‑EU country.
A reporting obligation arises where a single payee receives more than 25 cross-border payments in a calendar quarter. Once that threshold is exceeded, all qualifying payments to that payee must be reported for the quarter. From a FinTech perspective, this requires robust payee aggregation logic, especially where merchants operate multiple accounts or identifiers.
The allocation of responsibility will be familiar to FinTech compliance teams. In summary:
- If the payee’s PSP is EU-established, that PSP must report
- If the payee’s PSP is non-EU, the obligation shifts to the payee’s EU PSP
Reports must be submitted quarterly, within 30 days of quarter-end, to the relevant local tax authority in an XML format which is then transmitted to CESOP.
VAT risk exposure
Although CESOP is framed as a PSP reporting obligation, its practical impact is on VAT enforcement. For tax authorities, CESOP enables:
- Identification of non-EU sellers supplying EU consumers
- Detection of missing VAT registrations
- Cross‑validation of OSS and IOSS filings
- Targeting of under‑declared VAT liabilities
For FinTechs specifically, this creates secondary risk of:
- Increased merchant scrutiny and enforcement activity
- Reputational risk where platforms facilitate non‑compliant sellers
- Greater regulatory interest in platform governance and onboarding
- Pressure to align payments data with VAT compliance assurances
In addition, CESOP data is retained and analysed over time which means that historic non-compliance will become increasingly visible.
Practical considerations
From a VAT compliance standpoint, FinTechs should consider:
- Whether onboarding and monitoring processes identify VAT registration and OSS/IOSS usage
- Whether payment flows align with declared supply chains
- How merchant aggregation is handled for CESOP thresholds
- Whether in‑house or embedded payment models create unexpected PSP status
- How CESOP reporting interlinks with other regimes (e.g. DAC7, AML, PSD2)
CESOP should always be treated as part of payment governance and not merely as a tax reporting exercise. CESOP also does not operate in isolation, and it sits alongside upcoming EU Reforms and proposals including VAT in the Digital Age, marketplace VAT rules and increased administrative cooperation within the EU. For FinTechs, CESOP reinforces a clear direction of travel: payment data is now a gateway into VAT compliance enforcement across the EU.
Are you worried? Do you want to take this further? Please reach out to our HaysMac VAT team who will be able to help your business.
