New reporting obligations for payment service providers with reference to cross-border payment (“CESOP”)

on by
Nuovi obblighi di segnalazione per i Prestatori dei Servizi di Pagamento con riferimento ai pagamenti transfrontalieri (“CESOP”) - New reporting obligations for payment service providers with reference to cross-border payment (“CESOP”)

Edited by Alessia Zanatto, Luca Maroni and Mariagrazia Di Laudo

On 3 November 2023, Legislative Decree no. 153 of 18 October 2023 (hereinafter, “Implementing Decree”) was published in the Italian Official Gazette. The Implementing Decree has implemented in Italy the Council Directive (EU) 2020/284 of 18 February 2020 (hereinafter, “CESOP Directive”) amending Council Directive 2006/112/EC with regards to the introduction starting from 1 January 2024 of certain obligations for Payment Service Providers (hereinafter, “PSPs”) with reference to “cross-border” payments. The Implementation Decree entered into force on 18 November 2023 and will apply to cross-border payments made from 1 January 2024. These new obligations are part of the European Union’s action plan to fight VAT fraud in e-commerce.

Please see below a summary of the new obligations as well as the highlights of the implementation of the CESOP Directive in Italy.

A new EU platform called Central Electronic System of Payment information (hereinafter, “CESOP”) has been created for the reporting and storage of cross-border payment information and for the further processing of such data by Member states’ anti-fraud officers. The data will be made available to the local Tax Authorities under specific conditions, in line with current data protection legislation.

The new obligations require PSPs to (i) transmit on a quarterly basis certain data on cross-border payments to the tax authorities of the relevant Member states, starting from those made from 1 January 2024; as well as (ii) store the relevant data for a period of three years starting from the end of the year in which the original payments were carried out.

Having received the data from the PSPs, the Italian tax authorities transmit them to CESOP by the 10th day of the second month following the end of the reporting period.

CESOP Directive in Italy

The Implementing Decree provided for the amendment of Presidential Decree no. 633 of 26 October 1972 (the “Italian VAT Law”), with the addition of Title II-bis “General obligations of payment service providers”, including the new Articles from 40-bis to 40-sexies.

The “Entities in scope” of the new obligations are the PSPs as defined pursuant to Legislative Decree no. 11 of 27 January 2010 (implementing in Italy PSD Directive), i.e. “electronic money institutions and payment institutions as well as, credit institutions, Poste Italiane S.p.A. [Italian post office giro institutions which is entitled under national law to provide payment services], the European Central Bank, national central banks, national and local public bodies when not acting in their capacity as monetary authority or other public authorities”.

The obligation to collect and report the payment information is related to cross-border payments, i.e. payments made by a payer located in a EU Member State to a payee located in another jurisdiction (i.e. in another EU Member State, in a third territory or in a third country).

The obligation to report the cross-border data is triggered when a PSP processes more than 25 cross-border payments towards the same payee during a calendar quarter.

Cross-border payments data for which Italy is the “Member State of origin” of the PSP (i.e. the Member State in which a PSP has requested and obtained its payment license, which may be the Member State in which the PSP has its registered office or head office) must be reported to the Italian tax authorities. In the event that a PSP operates in different Member States, other than the Member State of origin, the data of the cross-border payments for which Italy is the “host Member State” (i.e. any Member State, other than the Member State of origin, in which the PSP is providing payment services either via an agent, a branch or directly) must be reported to the Italian tax authorities.

In case the PSPs of the payer and of the payee are located within the territory of the European Union (as inferred by the BIC or any other available identification code), the reporting obligation shall fall exclusively on the PSP of the payee.

This reporting will take place on a quarterly basis starting from January 2024 and will require PSP’s to submit the data to the local tax authorities of the Member States of origin or of the host Member State at the latest by the end of the month following the calendar quarter to which the data refers.

With specific reference to the obligation to store the data of the cross-border payments subject to transmission, as anticipated, they must be stored for a period of three years starting from the end of the year in which the original payments were carried out.

The documents/information that PSPs will need to store are:

  • the BIC or any other business identifier code that unambiguously identifies the PSP;
  • the name or business name of the payee, as it appears in the records of the PSP;
  • if available, any VAT identification number or other national tax number of the payee;
  • the IBAN or, if the IBAN is not available, any other identifier which unambiguously identifies, and provides info on the location of the payee;
  • the BIC or any other business identifier code that unambiguously identifies, and gives the location of, the payment service provider acting on behalf of the payee where the payee receives funds without having any payment account;
  • if available, the address of the payee as it appears in the records of the PSP;
  • the details of any cross-border payment and the details of any payment refunds, i.e.:
    • the date and time of the payment or of the payment refund;
    • the amount and the currency of the payment or of the payment refund;
    • the Member State of origin of the payment received by or on behalf of the payee, the Member State of destination of the refund, as appropriate, and the information used to determine the origin or the destination of the payment or of the payment refund;
    • any reference which unambiguously identifies the payment;
    • where applicable, information that the payment is initiated at the physical premises of the merchant.

Moreover, the Implementing Decree specifies the penalties applicable in case of violation of the report/storage obligations. In particular:

  • In case of violations regarding the storage of the CESOP data, according to art. 9(1), of the Legislative Decree no. 471/1997, fixed administrative penalties in a range from Euro 1,000 to 8,000 are applicable;
  • In case of violation of the filing obligations, according to art. 10(1), of the Legislative Decree no. 471/1997, fixed administrative penalties in a range from Euro 2,000 to 21,000 are applicable.

Method of transmitting data to the Italian tax authorities

On 20 November 2023, the Director of the Italian tax authorities published Provision no. 406675/2023 (hereinafter, “Provision”), together with the technical specifications, in which are provided the details/technical specification for the submission of the data to the Italian tax authorities.

Please find below the highlights of the Provision.

The cross-border payment data, organized in .XML (Extensible Markup Language) files compliant with the technical specifications attached to the Provision, must be transmitted to the Italian tax authorities using the Data Interchange System, so called “Sistema di Interscambio Dati” (“SID”). PSPs are required to register to the SID if they are not already registered. Only PSPs who are already registered to the Italian tax authorities’ portals (Fisconline or Entratel) can register to the SID.

Moreover, PSPs are required to register in the Electronic Register of Addresses, so called “Registro Elettronico degli Indirizzi” (REI), communicating their registered/certified email address (so called “PEC address”) to receive and reply to the Italian tax authorities’ requests regarding these obligations.

The Italian tax authorities will make available to PSPs a “client control software” aimed at formally checking the .XML files prepared by the PSPs (containing the data of cross-border payments to be communicated), encrypting and signing the .XML file with the electronic certificate released to the PSP as responsible for the data contained in the file.

In the event of a positive outcome of the formal check, the client control software will generate two electronic files (one containing the compressed, encrypted and signed data, the other containing the digital signature), to be transmitted jointly to the SID alternatively:

  • via PEC to the designated addresses of the Italian tax authorities, using the PEC address communicated during registration to the SID; or
  • through an interchange node (FTP) registered with the Italian tax authorities.

The transmission of the cross-border payment data to the Italian tax authorities is deemed to have occurred when the reception of the aforementioned pair of electronic files is completed, following the positive result of their processing by the Italian tax authorities systems, communicated through a processing receipt, following the sending of a receipt attesting the acceptance of the files. In case of a negative outcome of the processing by the Italian tax authorities systems, the data will be considered as omitted.

The files received by the Italian tax authorities systems will in turn be transmitted to the CESOP systems, which will carry out further checks. In any case, the submission of cross-border payment data will be considered as completed only following the positive outcome of the processing of the files by the CESOP systems, communicated via the issuance of a further receipt to the PSP. Following these additional checks carried out by CESOP, the file may be totally or partially rejected.

In case of omissions and/or errors in the data sent, the PSPs may transmit an “Amending Communication”, according to the procedures indicated in the technical specifications attached to the Provision, in order to (i) completely delete all data already transmitted and acquired by CESOP referring to a specific quarter; or (ii) to amend, add or delete the data transmitted to the CESOP relating to individual merchants for a given quarter and year.

The technical specifications attached to the Provision would also allow the preparation of a “Zero/nil CESOP communication”, to inform the Italian tax authorities and/or CESOP of the absence of data to be communicated for the reference quarter. Clarifications from the Italian tax authorities on this point are awaited.

As regards the storage of the data received from PSPs, the Italian tax authorities will proceed pursuant to article 5, paragraph 1, letter e) of EU Regulation 2016/679 (ie GDPR), storing the data for the time necessary for carrying out its institutional assessment activities and any subsequent litigation.

Let’s Talk

For more information

Contact Alessia Zanatto – Partner, PwC TLS Avvocati e Commercialisti

Discover more from Tax and Legal Services | PwC Italia

Subscribe now to keep reading and get access to the full archive.

Continue reading