CESOP - Transmission of payment information by payment service providers in the context of the fight against VAT fraud

Last update

Go to online services and forms

Since 1st January 2024, payment service providers (PSP) are required to transmit information on:

  • cross-border payments originating from Member States; and
  • on the beneficiaries ('the payees') of these cross-border payments.

Payment service providers offering payment services in the EU will have to monitor the payees of cross-border payments and transmit information on those who receive more than 25 cross-border payments per quarter to the administrations of the Member States

This information will then be centralised in a European database: the Central Electronic System of Payment information (CESOP). The information will be stored, aggregated and cross-checked with other European databases.

All information in CESOP will then be made available to anti-fraud experts of Member States via the Eurofisc network.

The objective of this new measure is to give tax authorities of the Member States the right instruments to detect possible e-commerce VAT fraud.

Who is concerned

The reporting obligation is only applicable to the payment service providers defined in Article 243a of the Council Directive (EU) 2020/284 and which provide payment services in the European Union. PSP who do not provide payment services in the European Union do not have to fulfil any reporting obligation.

As regards the definition of what a payment service provider is, article 243a refers to the definitions laid down in Directive (EU) 2015/23664 ('PSD2'). However, not all payment service providers covered by the PSD2 are automatically subject to the CESOP reporting obligation. Indeed, article 243a limits the scope of the reporting obligation to the following 4 categories of payment service providers:

  • credit institutions, which covers e.g. fully licensed banks established in Europe as well as European branches of credit institutions that have their head office outside the EU and which provide payment services;
  • e-money institutions, which covers all payment service providers providing payment services via electronic money ('e-money'), e.g. electronic wallet providers and electronic voucher/card providers;
  • payment institutions, which is a residual category that can cover all companies providing payment services that do not qualify for any of the other categories listed in the PSD2. It can include companies that provide payment services such as the issuance of credit/debit cards, acquisition of payment transaction, processing of payments, initiation of payments, platforms which provide payment services and act on behalf of both the payer and payee, etc.;
  • post-office giro institutions which provide payment services.

Prerequisites

Setting up a business eSpace on MyGuichet.lu

You must have a business eSpace on the MyGuichet.lu platform. To create an eSpace, you must have an authentication product, i.e.:

  • a LuxTrust product; or
  • a Luxembourg identity card with an activated electronic certificate; or
  • an eIDAS means of identification from another Member State of the European Union (EU) or the European Economic Area (EEA).

If you would like to use:

If you do not have a Luxembourg national identification number (matricule), please see our dedicated information page on how to obtain such a number.  

All notifications concerning your procedures (in particular validation messages or messages concerning the transmission of files) are sent to the email address entered when the business eSpace was created. It is therefore recommended to have an functional mailbox or an email address that can be accessed by more than one person.

Certification of the CESOP business eSpace

Request for certification

Before you can transmit the required reports, you must complete an online CESOP business eSpace certification procedure using MyGuichet.lu (see 'Online services and forms') in order to prove that you are an authorised representative of the Payment Service Provider (PSP).

Supporting documents

You must provide the following for the certification of a CESOP business eSpace:

  • a duly signed mandate (see 'Online services and forms'); and
  • a recent extract from the Trade and Companies Register providing proof that the signatory is duly authorised to act on behalf of the legal person.

Inviting other persons to the certified business eSpace

You can invite other persons/colleagues to join your certified business eSpace on MyGuichet.lu. They will have access to the same information as you, irrespective of the role they were assigned.

Please note: PSPs must keep track of the persons who have access to their certified business eSpace.

Consequently, it is strongly recommended to:

  • appoint at least 2 administrators for the certified business eSpaces; and
  • create a business eSpace exclusively dedicated to CESOP in order to restrict the access rights to your different business eSpaces only to the people concerned.

Once the Luxembourg national authorities have checked and accepted the information provided, users will be granted access to their MyGuichet.lu certified business eSpace. They will find the procedure for submitting the file with the payments for the quarter under the name 'AED - Upload a CESOP payment data message' (see 'Online services and forms').

Deadlines

The 1st transmission of transaction files by payment service providers to the tax authorities of member countries must take place before the end of April 2024.

Reporting periods for PSP and submission deadlines:

  • 1st Period, Q1 (January- March): 30 April
  • 2nd Period, Q2 (April-June): 31 July
  • 3rd Period, Q3 (July-September): 31 October
  • 4th Period, Q4 (October-December): 31 January

How to proceed

File validation with the EC module

You must validate your files beforehand using the validation module provided by the EC in order to avoid uploading PDMs (Payment Data Message) that will be rejected straight away.

Transmission of reports via MyGuichet.lu

The CESOP Payment Data message (PDM), i.e. the XML file reporting the cross-border payments for a given quarter, must be transmitted using the MyGuichet.lu platform or the MyGuichet.lu mobile app. This is a procedure requiring authentication.

This is an authenticated procedure which requires a LuxTrust product (private or professional) or an eIDAS means of authentication.

Before the end of the month following the calendar quarter (before the end of the months of April, July, October and January) of the reporting period, you will be able to

  • launch the procedure via your MyGuichet.lu business eSpace; and
  • transmit the XML file with the quarterly cross-border payments to report.

Due to technical constraints, only a single 20 MB file is accepted per procedure. It can be in XML or ZIP format, provided that the size of the unzipped file is less than 900 MB. The ZIP file may only contain one XML file and must not be encrypted or password-protected.

If you split your message into several files – due to the size restrictions or for organisational reasons – you will have to create and transmit as many procedures as there are files to submit. All the filenames must conform to the naming convention proposed by the European Commission (EC) in the documentation: PMT-<quarter>-<year>-<countryMS>-<pspID>-<partNumber>-<totalParts>.

File validation by the AED

The AED's systems will also validate the XML files submitted:

  • if the file had no errors and was forwarded to the EC: you will receive an acknowledgement message in your MyGuichet.lu business eSpace;
  • if the validation finds errors in the uploaded file (FULL REJECTION): it will not be sent to the EC’s central CESOP. Instead, the system will send a list of the errors found to the PSP's business eSpace on MyGuichet.lu.

In this case, the user’s message will be considered as null and void (it will not reach central CESOP). So you will have to start a new procedure in order to upload a correct XML file (a transactions file with a MessageTypeIndic element with value CESOP100, i.e. new data) before the end of the month following the calendar quarter of the reporting period.

All messages transmitted by the national tax administrations will be validated by the EC’s CESOP central system syntactically and semantically.

Subsequently, the Luxembourg tax administration's systems will deliver to the users’ MyGuichet.lu business eSpace the ‘Validation result message’ (IE3V01 as defined in the XSD User Guide) generated by EC’s central CESOP, indicating if the validation has been successful.

Considering that some rules require to check historical data, only EC’s CESOP central system can determine if a message is fully valid. Hence, it could happen that a file forwarded by the national tax administration could be rejected by EC’s CESOP central system validations as PARTIALLY REJECTED.

In this case, you must:

  • follow the correction mechanism described in the documentation (respecting the correlation IDs, an appropriate MessageTypeIndic, etc.); and then
  • create a new CESOP file transmission procedure in your MyGuichet.lu business eSpace in order to upload the correction file.

Online services and forms

Online services

AED - Request for certification of a CESOP business eSpace

Other language(s)

AED - Upload a CESOP payment data message

Other language(s)

Downloadable forms

Note: view tips for using PDF forms.

Mandate to certify a CESOP business eSpace

Last update 18.10.2023

PDF433 Kb

Other language(s)

Who to contact

CESOP Service

Related procedures and links

Procedures

Application for allocation of a national identification number in the National Registry of Natural Persons for professional purposes

Links

Further information

Legal references

Your opinion matters to us

Tell us what you think of this page. You can leave us your feedback on how to improve this page. You will not receive a reply to your feedback. Please use the contact form for any specific questions you might have.

Fields marked with an asterisk (*) are mandatory.

Did you find what you were looking for?*
How would you rate this page?*
Very poor
Very good

Leave a comment to help us improve this page. Do not provide any personal information such as your email address, name, telephone number, etc.

0/1000

Please rate this page

Your opinion has been submitted successfully!

Thank you for your contribution. If you need help or have any questions, please use the contact form.

Would you like to help us make digital public services more user-friendly by submitting your suggestions for improvement?

Then visit Zesumme Vereinfachen, the online participation platform dedicated to administrative simplification in Luxembourg.

Let's simplify things together

An error occurred

Oops, an error has occurred.