CESOP: new VAT reporting obligations for payment service providers published in the Belgian Official Gazette

On April 18, a law was published that amends the Belgian VAT legislation and introduces new European reporting obligations for Payment Service Providers (PSPs). The law is a transposition of European Directive (EU) 2020/284 and aims to reduce the VAT gap and ensure fair competition for businesses operating in the digital economy. Although the measures are aimed at combating fraud in online sales, the scope of the directive is much broader.

PSPs will be required to keep detailed records of cross-border payments and provide information to tax administrations on certain cross-border payments. Tax authorities across the EU will collect this information through an XML file and will pass it on to the Central Electronic System Of Payment information (CESOP), a central electronic system for payment information. CESOP will store, compare, and analyze the information provided by the Member States and make the results of those analyses available to Eurofisc liaison officials, who specialize in combating VAT fraud.

Reporting obligation

The reporting obligation applies in principle to both the payee and the recipient PSPs. However, there is an exemption for payee PSPs if one of the recipient PSPs is established in a Member State. In that case, the reporting obligation only applies to the recipient PSPs. Payments made to non-EU recipients (sellers) or between buyers and sellers within the same Member State are also exempt from reporting. The new rules apply to payments to sellers within and outside the EU.
  • The PSD2 Directive (the second Payment Services Directive) is used to describe the impacted groups and activities:
  •  PSPs are defined in Article 93duodecies, paragraph 1, VAT Code and include banks, issuers of credit and debit cards, and other service providers falling under Article 1, paragraph 1, a to d, of the PSD2 Directive.
  • The term "payment service" is defined in Article 93duodecies, paragraph 2, VAT Code and includes commercial activities as described in Annex I of the PSD2 Directive.
  • Article 93duodecies, paragraph 3, VAT Code defines the term "payment" as a "payment transaction" or "money transfer" according to the definitions in the PSD2 Directive.
The term "payer" is defined in Article 93duodecies, paragraph 4, VAT Code and refers to Article 4, paragraph 8, of the PSD2 Directive and includes natural or legal persons who have a payment account and allow or give payment orders if there is no payment account.

What data?

PSPs must keep a register of their cross-border payments per recipient, including the following information:
• the BIC or any other business identification code of the PSP;
• the name or business name of the recipient;
• if available, a VAT identification number or other national tax number of the recipient;
• the IBAN number or other identification code that unambiguously identifies the recipient and indicates the recipient's location;
• the date and time of payment or refund;
• the amount and currency of the payment or refund;
• the Member State of origin (destination) of the (refundable) payment;
• references that unambiguously identify the payment;
• information indicating that the payment was initiated at the merchant's physical location.
The registers must be reported quarterly to the tax authorities in XML format via the MyMinfin platform. This information will then be forwarded to CESOP by the tax authorities.
The EU will then store, summarize, and analyze the data, remove duplicated data, and report back to the tax authorities to enable them to detect VAT fraud.
There is also a retention requirement of (provisionally) three calendar years from the end of the calendar year of the payment date.


The introduction of these new rules has a significant impact on PSPs that offer payment services in the EU. These PSPs will have to make extra efforts to comply with the new reporting obligations. It is crucial that PSPs understand these new obligations and make the necessary adjustments to their systems and processes. Initially, this involves collecting the necessary information and setting up the appropriate IT technical processes.
Should businesses worry about the new obligations? Not immediately. The new measures are aimed at combating fraud and should be seen in that context. However, it is clear that tax administrations are increasingly focusing on cross-border transactions. We can think of the Commission's plans to replace the Intrastat declaration with (almost) real-time reporting (see our earlier posts on ViDA).

Entry into force

The law will enter into force on January 1, 2024, and the first reporting must be
 submitted before the end of April 2024. All Member States must have transposed Directive (EU) 2020/284 into national law by December 31, 2023.

Sources: Law of April 7, 2023 (Official Gazette April 18, 2023) - Directive (EU) 2020/284 of the Council of February 18, 2020 - Regulation (EU) 2020/283 of the Council of February 18, 2020.