As of 1 January 2024, new rules on collection and reporting of data on cross-border payments related to e-commerce and introduction of certain requirements for payment service providers will enter into force.
New rules on collection and reporting of data on cross-border payments related to e-commerce and introduction of certain requirements for payment service providers will enter into force on 1 January 2024.
The legislative package on collection of payment data, which has been adopted by the Council of Europe, obliges payment service providers established in the EU to:
- report the cross-border payments to merchants processed by them;
- keep registers of the payments they process and of the payees of such transfers of funds.
The data collected will be stored and processed in the Central Electronic System of Payment Information (CESOP), which has been created in accordance with the amendments to Regulation (EU) 904/2010.
Important! Payment service providers are not the payee, they are intermediaries.
Reporting of payment data
The reporting period shall be quarterly, and data on cross-border payments shall be transmitted in the month following the quarter to which they relate. The first reporting of data is for the period January-March 2024 and should be done from 1 to 30 April 2024.
Payment service providers will submit a standard form and the information they will fill in is necessary to identify the sellers and combat VAT fraud in e-commerce. They will transmit data on sellers who have received 25 or more cross-border payments per quarter. No data on the buyer (“payer”) shall be collected except for the alleged Member State of origin of the cross-border payment.
Important! A payment shall be considered to be a cross-border payment where the payer is located in one Member State and the payee is located in another Member State, in a third territory or in a third country.
Payment service providers are required to keep detailed records of the payees and payments they receive for each calendar quarter and to report on a quarterly basis as of January 2024 and will be required to send the data to the Member States at the latest by the end of the month following the calendar quarter to which the data relate.
The European Commission has published on its official website Guidelines for the reporting of payment data from payment service providers and transmission to the Central Electronic System of Payment Information (CESOP), as well as Payment Data XSD User Guide
Which providers must report cross-border payment data?
The obligation to report cross-border payments only applies to payment service providers as defined in Article 243a(1) of Directive 2006/112/EC providing payment services in the European Union. Payment service providers that do not carry out this activity in the European Union do not have to report cross-border money remittances.
The scope of the reporting obligation is limited to the following four categories of payment service providers:
- Credit institutions, which covers e.g. fully licensed banks established in Europe as well as European branches of credit institutions that have their head office outside the EU and which provide payment services;
- E-money institutions, which covers all payment service providers providing payment services via electronic money (“e-money”) e.g. electronic wallet providers and electronic voucher/card providers;
- Payment institutions that do not qualify for any of the other categories listed in the PSD2. It can include companies that provide payment services such as issuing of credit/debit cards, acquiring of payment transaction, processing of payments, initiation of payments, platforms, which provide payment services and act on behalf of both the payer and payee, etc.; (e.g. E-Mag, AliExpress, etc.);
- Post-office giro institutions which provide payment services.
- Payment service providers providing the following payment services will be subject to the reporting obligation:
- Executing payment transactions and transfers of funds on payment accounts
- Executing payment transactions covered by a credit line
- Issuing of payment instruments and acquiring of payment transactions
- Money remittances.
This means that payment service providers that provide services linked to operating a payment account, cash deposit and withdrawal, payment initiation services and account information service provision, are not in scope of the reporting obligation.
Which payments must be reported?
The payments to be reported in CESOP correspond to the transfer of funds from individuals or companies to another natural person or legal entity that is intended to receive the funds.
The reporting obligation is limited by two additional conditions:
- The payment reported must be a cross-border payment.
- The payment service provider providing payment services in a Member State must execute at least 25 cross-border payments in that Member State per quarter to a single payee in order to trigger the reporting obligation.
Territorial scope
The territorial scope of the reporting obligation applies to all countries of the European Economic Area (EEA), which includes the Member States of the European Union, as well as Iceland, Liechtenstein and Norway. Payment service providers from EEA countries are in the scope of the reporting obligation when providing payment services in a Member State, even without having a physical presence in the European Union.
Only payments initiated by payers in the European Union shall be reported. The payee may be located in another Member State, third territory or third country. An individual or a legal entity may be the intended recipient of funds that have been the subject of a payment transaction.
Important: Payment service providers and other stakeholders can find up-to-date information on the new requirements entering into force on 1 January 2024 on the website of the EU Commission.
It should be highlighted that Article 4 of Commission Implementing Regulation (EU) 2022/1504 of 6 April 2022 laying down detailed rules for the application of Council Regulation (EU) No 904/2010 as regards the creation of a central electronic system of payment information (CESOP) to combat VAT fraud establishes the standardised XML format of the standard electronic form with which payment service providers will report data on cross-border payments to the National Revenue Agency. The Regulation is directly applicable and the EU Commission has already published reporting guidelines as well as a technical user guide available on the website of the EU Commission under TAXATION section – CESOP.
How PSPs can prepare for transmission of data in the Republic of Bulgaria?
In order to prepare for the performance of your obligations as a PSP, you should consider the following:
As a first step, you should make the necessary changes and settings in your information systems in order to generate the data on the payees and payments in the electronic register, which you are obliged to keep in accordance with Article 123a of the VAT Act. It is necessary to provide for a possibility of extracting the information from the register and providing it in a file corresponding to the XML format and XSD schema defined by the European Commission. In this regard, you can use the Guidelines for the reporting of payment data from payment service providers and transmission to the Central Electronic System of Payment information (CESOP) as well as the Payment Data XSD User Guide published by the European Commission on its official website.
The transmission of data to the national CESOP system by payment service providers will be carried out via an electronic service on the NRA’s electronic portal. In accordance with the rules for access to the electronic portal, data can only be transmitted by persons that are registered in the NRA Register.
Persons established in the Republic of Bulgaria have active registration with the Registry Agency, i.e. they have a UIC from the Commercial Register (BULSTAT UIC), and respectively they are registered in the register of the NRA.
Persons established in another EU Member State or EEA country having the right to provide within the territory of the country payment services in the scope of the payment services reported to CESOP and not currently registered in the NRA register, before the transmission of information from the electronic register of payees and payments kept by them, should request a registration in the NRA register with issuing of an official number pursuant to Article 84(3) of the Tax and Social Security Procedure Code. Persons established in another EU Member State or EEA country that are registered in the NRA register with an official number on another basis should not apply for a registration in the register on this basis.
The electronic service will be accessible with a QES of the payment service provider or to an authorised person with the right to full or partial access, in accordance with the rules for use of the NRA’s electronic administrative services provided with a qualified electronic signature, approved by Order No. Z-CU-2567 of 23 July 2021 of the Director General of the NRA.
See more in the NRA's letter to Payment Service Providers