Netherlands: Proposed legislation implementing cross-border payment reporting obligation beginning 2024

The Deputy Minister of Finance on 24 October 2022 presented proposed legislation to the Lower House of Parliament implementing the Central Electronic System of Payment Information (CESOP)—a centralized European system for collecting and exchanging cross-border payment information aimed at detecting and combatting value added tax (VAT) fraud in cross-border internet sales of goods and services—effective 1 January 2024.

CESOP will increase the options for monitoring the remittance of VAT by making use of the payment data on cross-border payments, including payments made by a payer to a beneficiary in another Member State or a non-EU country. The obligation of payment service providers to provide this payment data to tax authorities will enable anti-fraud experts to analyze this data analyzed at the EU level.

The scope of the rules is broad and will affect virtually all payment service providers involved with cross-border payments, including payment service providers with an exemption under Payment Service Directive 2 (PSD2) (Directive (EU) 2015/2366). Platforms that settle payments between a seller and a buyer may also fall under the rules.

The proposed legislation incorporates virtually all of the EU rules relating to CESOP and is substantially consistent with draft legislation that was previously opened for consultation. However, there are some notable aspects of the proposed legislation:

• Penalty clause: The proposed legislation includes a new penalty clause. The failure of payment service providers to comply with their obligations due to intent or gross negligence could result in a pecuniary penalty of the sixth category, for which the maximum penalty is €900,000. This is considerable compared to other countries. In a number of neighboring countries, the penalty is a fraction of this amount and in Sweden approximately half this amount. It should however be noted that quite a few countries have not yet published their penalty regime. The penalty can be imposed in the Netherlands with a maximum retroactive effect of five years, which is longer than the period of three years (after the end of the calendar year of the date of payment) that applies to the length of time records must be retained in the CESOP registers. By including a broader penalty provision, the proposed legislation would create a situation where payment service providers are no longer legally required to retain the registers, but destroying them after three years could make it difficult for them to meet the burden of proof required for the purposes of the penalty.
• Temporary IT solution: In the explanatory notes to the proposed legislation, the Deputy Minister states that a temporary IT solution for submitting reports will be available as of 1 January 2024. The IT specifications of this solution should be known no later than 1 January 2023. A permanent solution will not be introduced until after 1 January 2025.
• Relationship to DAC7: The objective of this legislation deviates from DAC7 (Council Directive (EU) 2021/514 dated 22 March 2021). The main objective of DAC7 is to increase transparency about the income sellers realize via platforms. CESOP is aimed at identifying specific transactions so that these can be used to determine the taxable amount for VAT purposes. The Deputy Minister was also concerned about being able to cross-check VAT identification numbers (VIES and OSS data), which appears to have been solved.
• Reference to PSD2: In several places the proposed legislation refers directly to PSD2. The Council of State has expressed concern about this dynamic reference to legislation and pointed out the differences between the definitions in PSD2 and the way in which these were implemented in the Financial Supervision Act. The Deputy Minister has dismissed those concerns, stating that there is no latitude in national policy in this context. This conflict could place payment service providers in a difficult position, if under the Financial Supervision Act they do not need a registration, but due to the reference to PSD2 they will nevertheless have to comply with the CESOP obligations.

Read an October 2022 report prepared by the KPMG member firm in the Netherlands, which includes a detailed explanation [PDF 910 KB] about how CESOP will function based on current EU rules