The Dutch State Secretary of Finance submitted a draft legislative proposal to implement the EU Payment Services Directive (Council Directive (EU) 2020/284) into domestic law on 24 October 2022. The proposal is expected to be implemented as from 1 January 2024.
The directive introduces new reporting obligations for payment service providers (PSPs) where cross-border payments relating to e-commerce transactions originate from EU member states. Specifically, PSPs will be required to keep electronic records of data relating to those payments for three calendar years and to share the data with the local tax authorities, who will then share the data with the tax authorities in other EU member states. A new centralised EU-wide electronic database, called the Central Electronic Payment Information System (CESOP), will be set up to store, further process and facilitate the sharing of payment information among tax authorities. EU member states are required to implement the directive into domestic law by 31 December 2023.
The payment of most online purchases made by consumers in the EU is executed through PSPs, which have relevant information to identify the payee, as well as details of the date, amount and member state where the payment originated. The directive acknowledges that such information is particularly vital in the context of a cross-border payment where the payer and payee are located in two different EU member states or where the payee is in a third jurisdiction. The directive aims to give the tax authorities greater insight into cross-border payments to help them detect and prevent the exploitation of e-commerce opportunities that are used to avoid VAT obligations and engage in VAT fraud in this area.
The recordkeeping and reporting rules on cross-border payments will apply to all PSPs established within the EU. The term “payment service provider” encompasses a broad group of credit institutions, e-money institutions, post office “giro” institutions, payment institutions, as well as individuals or legal persons that are covered by an exemption under the PSD II directive (the directive that regulates payment services between consumers and businesses). As explained below, the requirement to share information will apply to both the payer's PSP and the payee’s PSP.
A PSP will be considered to be located in an EU member state when its business identifier code (BIC) or unique business identifier refers to that member state.
Payments from a payer in one EU member state to a payee in another EU member state and payments from a payer in an EU member state to a payee located outside the EU fall within the scope of the recordkeeping and reporting obligations.
Where the PSPs of both the payee and the payer are located in two different EU member states, only the payee’s PSP will be required to keep records and comply with the reporting requirement. Where the payee’s PSP is not located in an EU member state, the payer’s PSP will be subject to the recordkeeping and reporting obligations.
Payments between a payer and payee in the same EU member state are not covered by the rules as these are not cross-border payments.
Payment information will only have to be recorded and provided if an EU or non-EU payee receives more than 25 payments per quarter.
Failure to comply with the rules intentionally or due to gross negligence could give rise to an administrative fine of (currently) up to EUR 900,000 (under Dutch law). Examples of noncompliance include failure to provide required information and where information is provided that should not have been provided (e.g., because information is about a payee who has not received more than 25 payments). The fine can be imposed retroactively for up to five years.
Based on the new rules, the following information will have to be reported to the tax authorities where an EU or non-EU payee receives more than 25 payments per quarter:
For each payment transaction or refund, at least the date and time of execution of the payment, the amount and currency of the payment and the member state of origin of the funds must be recorded and provided. Certain information relating to refunds should also be recorded.
This information must be retained by the PSP for three calendar years and submitted to the tax authorities each quarter by the last day of the month following the relevant quarter:
EU member states must ensure that information is shared with other EU member states through CESOP no later than 10 days after the above deadlines. Subsequently, Eurofisc officials can view the payment information sent by other member states through CESOP.
In its feasibility study, the Dutch tax administration indicated that it will not be possible to implement a “future-proof” proposal by the 31 December 2023 deadline, so the authorities are developing a temporary alternative. Specifics of the design of the temporary alternative are unclear, as is transposition to a permanent system. For institutions affected by the new rules, it is hoped that the transition from the temporary system to the permanent system will create minimal additional administrative burdens.
The Dutch legislative proposal is based on the EU directive, which is silent on items such as the digital (reading) format for submitting the data, which means that each EU member state will have to determine their own rules, potentially resulting in differing interpretations.
Hopefully the tax authorities will communicate this in a timely manner so PSPs are sufficiently aware of their administrative obligations. The effectiveness of the rules will depend on the analytic capabilities of the data; hence, effectiveness could be impaired if the IT systems and administration of the tax authorities are unable to extract and analyse the data efficiently. It is also disappointing that the tax administration mentions in its feasibility study that it will not be possible—even on a temporary basis—to carry out cross-checks with VIES and OSS data, which could complicate the use of the collected data by the authorities. In any case, potentially affected PSPs and payees should begin to assess the impact of the rules on their operations and whether their IT systems are sufficiently robust to capture the required data.
Ingmar Benschop
ingmar.benschop@bdo.nl
Madeleine Merkx
madeleine.merkx@bdo.nl