Transmission and exchange of VAT-relevant payment data a) Amendments to the Directive on the common system of VAT as regards requirements for payment service providers b) Amendments to the Regulation on administrative cooperation in the field of VAT as regards measures to combat VAT fraud General approach

Contents

  1. Kerngegevens
  2. Tekst
  3. Meer informatie
  4. Parlementaire Monitor

1.

Kerngegevens

Document­datum 31-10-2019
Publicatie­datum 01-11-2019
Kenmerk 13519/19
Van Presidency
Externe link origineel bericht
Originele document in PDF

2.

Tekst

Council of the European Union Brussels, 31 October 2019 (OR. en)

13519/19 Interinstitutional Files:

2018/0412(CNS) i 2018/0413(CNS) i FISC 412 ECOFIN 942

NOTE

From: Presidency

To: Council

No. prev. doc.: 13374/19 FISC 406 ECOFIN 930

Subject: Transmission and exchange of VAT-relevant payment data a) Amendments to the Directive on the common system of VAT as regards requirements for payment service providers

  • b) 
    Amendments to the Regulation on administrative cooperation in the field of VAT as regards measures to combat VAT fraud

‒ General approach

  • I. 
    INTRODUCTION
  • 1. 
    In December 2018, the Commission tabled two legislative proposals concerning t ransmission and exchange of VAT-relevant payment data :
    • i) 
      Directive amending Directive 2006/112/EC i as regards introducing certain requirements for payment service providers; 1

1 Doc. 15508/18.

2 Doc. 15509/18.

  • 2. 
    These two legislative proposals are aimed at facilitating tax fraud detection by the authorities of Member States and at complementing the current VAT regulatory

    framework as recently modified by the VAT E-commerce Directive 3 . The objective of the proposals are:

    • i) 
      to put in place EU rules which will enable Member States to collect in a harmonised way the records made electronically available by the payment service providers; and
    • ii) 
      to set up a new central electronic system for the storage of the payment information and for the further processing of this information by anti-fraud officials in the Member States within the Eurofisc framework (Eurofisc is the network for the multilateral exchange of early-warning signals to fight VAT fraud, established pursuant to Chapter X of Regulation (EU) No 904/2010 i).
  • 3. 
    The opinion of the European Economic and Social Committee was issued on 15 May

    2019 4 . The opinion of the European Parliament is pending.

II. STATE OF PLAY

  • 4. 
    Following the preparatory work done during Romanian Presidency term, the Finnish

    Presidency has continued technical work on this dossier, in order to address the concerns raised by Member States on the original Commission proposals.

  • 5. 
    Following the 23 October 2019 meeting of the Working Party on Tax Questions, the

    Presidency took into account a number of remarks raised by delegations and submitted the compromise text for discussion at the meeting of the Committee of Permanent Representatives (Part 2), which took place on 30 October 2019.

3 Council Directive (EU) 2017/2455 of 5 December 2017 amending Directive 2006/112/EC i and Directive 2009/132/EC i as regards certain value added tax obligations for supplies of

services and distance sales of goods (OJ L 348, 29.12.2017, p. 7). 4 OJ C 240, 16.7.2019, p. 33.

  • 6. 
    At that meeting of the Committee of Permanent Representatives (Part 2), no objections of substance were raised by any Member State on the compromise text that is set out in the

    Annex to this note, which also included the starting date of application of these two legislative acts being set at 1 January 2024. However, some delegations have indicated that they are not yet in a position to lift their scrutiny reservations, which, in some cases were also linked with the ongoing scrutiny process by national Parliaments.

III. WAY FORWARD

  • 7. 
    The Presidency believes that the compromise text discussed by the Committee of Permanent Representatives (Part 2) strikes the right balance between a number of diverging concerns that were raised by a number of delegations in the process of negotiations on this dossier.

    Therefore the Presidency hopes that the remaining scrutiny reservations will be lifted at the forthcoming meeting of the ECOFIN Council and all delegations will be in a position to accept the compromise text attached to this note.

  • 8. 
    Against this background, the Council is invited to reach a general approach on the draft

    Directive and on the draft Regulation, on the basis of the Presidency compromise texts, set out

    in the Annex to this note, with a view to adopting the Directive and the Regulation, subject to

    legal-linguistic revision.

ANNEX

DRAFT

COUNCIL DIRECTIVE

amending Directive 2006/112/EC i as regards introducing certain requirements for payment service providers

THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 113 thereof,

Having regard to the proposal from the European Commission,

After transmission of the draft legislative act to the national parliaments,

Having regard to the opinion of the European Parliament 5,

Having regard to the opinion of the European Economic and Social Committee 6 ,

Acting in accordance with a special legislative procedure,

Whereas:

5 OJ C , , p. .

6 OJ C , , p. .

  • (1) 
    Council Directive 2006/112/EC i 7 lays down the general value added tax (VAT) accounting obligations for taxable persons.
  • (2) 
    The growth of electronic commerce (‘e-commerce’) facilitates the cross-border sale of goods and services to final consumers in Member States. In this context cross-border ecommerce refers to supplies upon which the VAT is due in one Member State but the supplier is established in another Member State, or in a third country or third territory. However, fraudulent businesses exploit e-commerce opportunities in order to gain

    unfair market advantages by evading their VAT obligations. Where the principle of taxation at destination applies, because consumers have no accounting obligations, the Member States of consumption need appropriate tools to detect and control those fraudulent businesses. It is important to fight cross-border VAT fraud caused by the fraudulent behavior of some traders in the area of cross-border e-commerce.

  • (3) 
    For the vast majority of online purchases made by European consumers, payments are executed through payment service providers. In order to provide payment services, a payment service provider holds specific information to identify the recipient, or payee, of that payment together with details on the amount and date of the payment and the

    Member State of origin of the payment as well as information if the payment is initiated at the physical premises of the merchant. This is particularly the case in the context of a cross-border payment where the payer is located in one Member State and the payee is located in another Member State or in a third country or third territory. This information is necessary for tax authorities to carry out their basic tasks of detecting fraudulent businesses and controlling VAT liabilities. It is therefore necessary that this information, which is held by payment service providers, is made available to the tax authorities of the Member States to help them identify and fight VAT fraud.

7 Council Directive 2006/112/EC i of 28 November 2006 on the common system of value added tax (OJ L 347, 11.12.2006, p. 1).

  • (4) 
    It is important to oblige payment service providers to keep sufficiently detailed records and report certain cross-border payments determined as such by the location of the

    payer and of the payee as part of this new measure to fight VAT fraud. It is therefore necessary to define the specific concept of the location of the payer and of the payee and also the means for its identification. The location of the payer and of the payee should only trigger the record keeping and reporting obligation for the payment service providers established in the Union and it should be without prejudice to the rules laid down in this Directive and in Council Implementing Regulation (EU) No 282/2011 i 8 as regards the place of a taxable transaction.

  • (5) 
    On the basis of information they already hold, payment service providers are able to identify the location of the payee and the payer in relation to the payment services they provide, using an identifier of an individual payment account or an identifier of the payer or payee and their location.
  • (6) 
    Alternatively, the location of the payer or the payee should be determined by means of a business identifier of the payment service provider acting on behalf of the payer or

    the payee. where the funds are transferred to a payee without any payment account being created in the name of a payer, where the funds are not credited to any payment account or where there is no other identifier of the payer or the payee.

8 Council Implementing Regulation (EU) No 282/2011 i of 15 March 2011 laying down implementing measures for Directive 2006/112/EC i on the common system of value added tax (OJ L 77, 23.3.2011, p. 1).

  • (7) 
    In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council 9 , it is important that the obligation on a payment service provider to retain and provide information in relation to a cross-border payment be proportionate and limited to what is necessary for Member States to fight VAT fraud. Furthermore, the only

    information relating to the payer that should be retained is the location of the payer. With regard to information relating to the payee and the payment itself, payment service providers should only be required to retain and transmit to tax authorities information which is necessary for tax authorities to detect possible fraudsters and to carry out tax controls. Payment service providers should therefore be required to retain records only on cross-border payments which are likely to indicate economic activities. The introduction of a ceiling based on the number of payments received by a payee over the course of a calendar quarter would give an indication that those payments were received as part of an economic activity, thereby excluding payments for non-commercial reasons. Where such a ceiling is reached, the record keeping and reporting obligation of the payment service provider would be triggered.

  • (8) 
    Several payment service providers may be involved in one single payment from a payer to a payee. That single payment may give rise to several transfers of funds between the different payment service providers. It is necessary that all payment service providers involved in a given payment, unless a specific exclusion is

    applicable, have a record keeping and reporting obligation. These records and reports should contain information on the payment from the initial payer to the final payee and not on the intermediate transfers of funds between the payment service providers.

9 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC i (General Data Protection

Regulation) (OJ L119, 04.05.2016, p.1).

  • (9) 
    The record keeping and reporting obligation should also arise in cases where a payment service provider receives funds or acquires payment transactions on behalf of the payee and not only where a payment service provider transfers funds or issues payments

    instruments for the payer.

  • (10) 
    Obligations stipulated in this Directive should not apply to payment service providers falling outside the scope of Directive (EU) 2015/2366. Therefore, when the payment service providers of the payee are not located in a Member State, the payer’s payment service providers should keep records and report the information on the cross-border payment. Conversely, in order for the record keeping and reporting obligation to be

    proportionate, when both the payer’s and the payee’s payment service providers are located in a Member State, only the payee’s payment service providers should keep records of that information. For the purposes of the record keeping and reporting obligation, a payment service provider should be considered to be located in a Member State when his BIC or unique business identifier refers to that Member State.

  • (11) 
    Due to the significant volume of information and its sensitivity in terms of the protection of personal data, it is necessary and proportionate that payment service providers retain records of the information in relation to cross-border payments for a three-year period in order to assist Member States in fighting VAT fraud and detecting fraudsters. This period provides sufficient time for Member States to carry out controls effectively and to investigate suspected VAT fraud or to detect VAT fraud.
  • (12) 
    The information to be retained by the payment service providers should be collected by and exchanged between the Member States in accordance with Council Regulation

    (EU) No 904/2010 10 which lays down the rules for administrative cooperation and exchange of information in order to fight VAT fraud.

  • (13) 
    VAT fraud is a common problem for all Member States but individual Member States do not necessarily have the information to ensure that VAT rules regarding crossborder

    e-commerce are correctly applied and to fight VAT fraud concerning crossborder e-commerce. Since the objective of this Directive, — the fight against VAT fraud — cannot be sufficiently achieved by the Member States individually if there is a cross-border element and due to the need to obtain information from other Member States, but can be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality, as set out in that Article, this Directive does not go beyond what is necessary in order to achieve that objective.

  • (14) 
    This Directive respects the fundamental rights and observes the principles recognised by the Charter of Fundamental Rights of the European Union. In particular, this

    Directive fully respects the right of protection of personal data laid down in Article 8 of the Charter. The payment information retained and disclosed in accordance with this Directive should be processed only by the anti-fraud experts of tax authorities within the limits of what is proportionate and necessary to achieve the objective of fighting VAT fraud. The Directive also respects the rules laid down Regulation (EU) 2016/679 of the European Parliament and of the Council and in Regulation (EU) 2018/1725 of the European Parliament and of the Council 11 .

10 Council Regulation (EU) No 904/2010 i of 7 October 2010 on administrative cooperation and combating fraud in the field of value added tax (OJ L 268, 12.10.2010, p.1).

11 Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 i and Decision No 1247/2002/EC (OJ L 295,

21.11.2018, p. 39).

  • (15) 
    The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council and delivered an opinion on 14 March 2019 12

Directive 2006/112/EC i is amended as follows:

  • (1) 
    Chapter 4 of Title XI is amended as follows:

    (a) the following Section 2a is inserted:

    ‘Section 2a

    General obligations for payment service providers’;

12 OJ C […], […], p. […].

(b) the following Articles from 243a to 243e are inserted:

‘Article 243a

For the purposes of this Section, the following definitions shall apply:

  • (1) 
    ‘payment service provider’ means a body listed in points (a) to (d) of Article 1(1) of Directive (EU) 2015/2366 (*), or a natural or legal person benefiting from an exemption in accordance with Article 32 of that Directive;
  • (2) 
    ‘payment service’ means the business activities set out in points (3) to (6) of Annex 1 to Directive (EU) 2015/2366;
  • (3) 
    ’payment’ means an act as defined in points 5 or 22 of Article 4 of Directive (EU) 2015/2366, save for the exclusions provided for in Article 3 of that Directive;
  • (4) 
    ‘payer’ means a natural or legal person as defined in point 8 of Article 4 of Directive (EU) 2015/2366;
  • (5) 
    ‘payee’ means a natural or legal person as defined in point 9 of Article 4 of Directive (EU) 2015/2366;
  • (6) 
    'home Member State' means the Member State as defined in point 1 of Article 4 of Directive (EU) 2015/2366;

(6a) ‘host Member State’ means the Member State as defined in point 2 of

Article 4 of Directive (EU) 2015/2366;

(6b) ‘payment account’ means an account as defined in point 12 of Article 4 of

Directive (EU) 2015/2366;

  • (7) 
    'IBAN' means an international payment account number identifier defined in point 15 of Article 2 of Regulation (EU) No 260/2012 i of the European Parliament and of the Council (**);

(*) Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC i, 2009/110/EC i and 2013/36/EU and Regulation (EU) No 1093/2010 i, and repealing Directive 2007/64/EC i (OJ L 337, 23.12.2015, p. 35).

(**) Regulation (EU) No 260/2012 i of the European Parliament and of the Council of 14 March 2012 establishing technical and business requirements for credit transfers and direct debits in euro and amending Regulation (EC) No 924/2009 i (OJ L 94, 30.3.2012, p. 22).

Article 243b

  • 1. 
    Member States shall require payment service providers to keep sufficiently detailed records of payees and of payments in relation to the payment services they provide for each calendar quarter to enable the competent authorities of the Member States to carry out controls of the supplies of goods and services which, in accordance with the provisions of Title V of this Directive are deemed to take place in a Member State, in order to achieve the objective of fighting VAT fraud.

    The requirement referred to in subparagraph 1 shall apply only to payment services provided as regards cross-border payments. A payment shall be considered a crossborder payment when the payer is located in one Member State and the payee is located in another Member State, in a third territory or in a third country.

  • 2. 
    The requirement to which payment service providers are subject under paragraph 1 shall apply where, in the course of a calendar quarter, a payment service provider provides payment services corresponding to more than 25 cross-border payments to the same payee.

    The cross-border payments referred to in subparagraph 1 shall be calculated by reference to the payment services provided by the payment service provider per Member State and per identifiers referred to in Article 243c(2). Where the payment service provider has information that the payee has several identifiers the calculation shall be made per payee.

  • 3. 
    The requirement referred to in paragraph 1 shall not apply to payment services provided by the payment service providers of the payer as regards each payment where at least one of the payment service providers of the payee is located in a Member State according to the BIC or any other business identifier code that unambiguously identifies the payment service provider and its location. A payment service provider of the payer shall in any case include these payment services in the calculation referred to in paragraph 2.
  • 4. 
    Where the requirement for payment service providers in paragraph 1 is applicable, the records shall:

    (a) be kept by the payment service provider in electronic format for a period of three calendar years from the end of the calendar year of the date of the

    payment;

    (b) be made available in accordance with Article 24b of Regulation (EU) No 904/2010 i (*) to the home Member State of the payment service provider, or to the host Member States when the payment service provider provides payment services in Member States other than the home Member State.

    (*) Council Regulation (EU) No 904/2010 i of 7 October 2010 on administrative cooperation and combating fraud in the field of value added tax (OJ L 268, 12.10.2010, p. 1).

    Article 243c

  • 1. 
    For the application of the second subparagraph of Article 243b(1) and without prejudice to the dispositions of Title V of this Directive, the location of the payer shall be considered to be in a Member State corresponding to either:

    (a) the IBAN of the payer’s payment account or any other identifier which unambiguously identifies the payer and his location;

    (b) where none of the identifiers referred to in subparagraph (a) is applicable, the BIC or any other business identifier code that unambiguously identifies the

payment service provider acting on behalf of the payer and its location;

  • 2. 
    For the application of the second subparagraph of Article 243b(1), the location of the payee shall be considered to be in a Member State, third country or third territory corresponding to either:

    (a) the IBAN of the payee's payment account or any other identifier which unambiguously identifies the payee and his location;

    (b) where none of the identifiers referred to in subparagraph (a) is applicable, the

    BIC or any other business identifier code that unambiguously identifies the

    payment service provider acting on behalf of the payee and its location.

    Article 243d

  • 1. 
    The records kept by the payment service providers, in accordance with Article 243b, shall contain the following information:

    (a) the BIC or any other business identifier code that unambiguously identifies the payment service provider;

    (b) the name or the business name of the payee, as it is in the records of the payment services provider;

    (c) any VAT identification number or other national tax number of the payee, if available;

    (d) the IBAN or, if the IBAN is not available, any other identifier which unambiguously identifies the payee and his location;

    (e) the BIC or any other business identifier code that unambiguously identifies the payment service provider acting on behalf of the payee and its location where the payee receives funds without having any payment account;

    (f) the address of the payee if available and as it is in the records of the payment services provider;

    (g) any payment referred to in Article 243b(1);

    (h) any payment refunds identified as such for payments referred to in point (g).

  • 2. 
    The information referred to in points (g) and (h) of paragraph 1 shall contain the following details:

    (a) the date and time of the payment or of the payment refund;

    (b) the amount and the currency of the payment or of the payment refund;

    (c) the Member State of origin of the payment received by the payee or on his behalf, the Member State, third territory or third country of destination of the refund, as appropriate, and the information used to determine the origin or the destination of the payment or of the payment refund in accordance with Article 243c;

    (d) any reference which unambiguously identifies the payment;

    (e) where applicable, information that the payment is initiated at the physical premises of the merchant.’

Article 2

  • 1. 
    Member States shall adopt and publish, by 31 December 2023 at the latest, the laws, regulations and administrative provisions necessary to comply with this Directive.

They shall forthwith communicate to the Commission the text of those provisions.

They shall apply those provisions from 1 January 2024.

When Member States adopt those provisions, the latter shall contain a reference to this Directive or be accompanied by such a reference on the occasion of their official

publication. Member States shall determine how such reference is to be made.

  • 2. 
    Member States shall communicate to the Commission the text of the main provisions of national law which they adopt in the field covered by this Directive.

    Article 3

This Directive shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

Article 4

This Directive is addressed to the Member States.

Done at Brussels,

For the Council

The President DRAFT

COUNCIL REGULATION

amending Regulation (EU) No 904/2010 i as regards measures to strengthen administrative

cooperation in order to combat VAT fraud

THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article

113 thereof,

Having regard to the proposal from the European Commission,

After transmission of the draft legislative act to the national parliaments,

Having regard to the opinion of the European Parliament 13 ,

Having regard to the opinion of the European Economic and Social Committee 14 ,

Acting in accordance with a special legislative procedure,

Whereas:

13 OJ C,, p. .

14 OJ C,, p. .

  • (1) 
    Council Regulation (EU) No 904/2010 i 15 inter alia lays down rules on the storage and

    exchange of specific information through electronic means.

  • (2) 
    The growth of electronic commerce (‘e-commerce’) facilitates the cross-border sale of goods and services to final consumers in Member States. In this context a cross-border e-commerce refers to supplies upon which the VAT is due in a Member State and the supplier is established in another Member State, or in a third country or third territory.

    However, fraudulent businesses, established either in one Member State or in a third country or in a third territory, exploit e-commerce opportunities in order to gain unfair market advantages by evading their VAT obligations. Where the principle of taxation at destination applies, because consumers have no accounting obligations, the Member States of consumption need appropriate tools to detect and control these fraudulent businesses. It is important to fight cross-border VAT fraud caused by the fraudulent behavior of some traders in the area of cross-border e-commerce.

  • (3) 
    The traditional cooperation to combat VAT fraud is done between Member States tax authorities and is based on records held by the businesses directly involved in the

    taxable transaction. In cross-border business-to-consumers’ supplies, typical within the field of e-commerce, this information may not be directly available and thus new tools are necessary for tax authorities to fight VAT fraud in an effective way.

15 Council Regulation (EU) No 904/2010 i of 7 October 2010 on administrative cooperation and combating fraud in the field of value added tax (OJ L 268, 12.10.2010, p. 1).

  • (4) 
    For the vast majority of cross-border online purchases made by European consumers, payments are provided through payment service providers. In order to provide a

    payment, a payment service provider holds specific information in order to identify the recipient or payee of that cross-border payment together with details of the amount and date of the payment and the Member State of origin of the payment. This information is necessary for tax authorities to carry out their basic tasks to detect fraudulent businesses and to determine VAT liabilities in relation to cross-border business-toconsumers’ supplies. It is therefore necessary and proportionate that the VAT-relevant information, held by a payment service provider, is made available to the Member States and that Member States store and transmit this information to a central electronic information system in order to identify and fight VAT fraud particularly as regards business to consumer supplies.

  • (5) 
    Therefore giving Member States the tools to collect, store and transmit and giving

    Member States’ Eurofisc liaison officials an access to this information in relation to cross-border payments is a necessary and proportionate measure to fight effectively against VAT fraud. These tools are essential as tax authorities need this information for VAT control purposes, to protect public revenues but also legitimate businesses in the Member States which in turn protects employment and European citizens.

  • (6) 
    It is important that the processing of information by the Member States, relating to payments, should be proportionate to the objective of fighting VAT fraud. Therefore, information on consumers or payers and on payments not likely to be connected to economic activities should not be collected, stored and transmitted by the Member States.
  • (7) 
    The record-keeping obligations of payment service providers in Article 243b of

    Directive 2006/112/EC i 16 4 require national competent authorities to collect, store,

    transmit and process the information relating to payments.

  • (8) 
    A central electronic information system ‘CESOP’ where Member States transmit payment information they collect and store at national level, would achieve the

    objective of fighting VAT fraud more effectively. This system should store, aggregate and analyse, in relation to individual payees, all VAT relevant information regarding payments transmitted by Member States. CESOP should allow for a full overview of payments received by payees from payers located in the Member States and make available to the Eurofisc liaison officials the result of specific analysis. This information system should recognise multiple records of the same payments (e.g. a same payment could be reported both from the bank and the card issuer of a given payer), clean the information received from the Member States (e.g. remove duplicates, correct error in data, etc.) and permit Eurofisc liaison officials of Member States to cross-check payment data with the VAT information they dispose of, make enquiries for the purpose of an investigation into suspected VAT fraud or to detect VAT fraud and add supplementary information.

16 Council Directive 2006/112/EC i of 28 November 2006 on the common system of value added tax (OJ L 347, 11.12.2006, p. 1).

  • (9) 
    Taxation is an important objective of general public interest of the Union and of the Member States and this has been recognised in relation to the restrictions that may be imposed on the obligations and rights under Regulation (EU) 2016/679 of the European

    Parliament and of the Council 17 5and in respect of the protection of information under

    Regulation (EU) 2018/1725 of the European Parliament and of the Council 18 . Limitations in relation to data protection rights are necessary due to the nature and volume of that information which originates from payment service providers and should be based on the specific and predefined conditions and details laid down in Articles 243b to 243d of Directive 2006/112/EC i. Since payment data are particularly sensitive, clarity is needed at all stages of data handling on who is the controller or processor in accordance with Regulation (EU) 2016/679 and Regulation (EU) 2018/1725. The responsibilities of the Member States and the Commission in this respect are therefore to be laid down in Commission implementing acts in accordance with the procedure provided for in paragraph 2 of Article 58 of Regulation (EU) No 904/2010 i.

17 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC i (General Data Protection

Regulation) (OJ L 119, 4.5.2016, p. 1). 18 Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October

2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 i and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).

  • (10) 
    Therefore, it is necessary to apply restrictions to the data subject rights in accordance with paragraph 5 of Article 55 of Regulation (EU) No 904/2010 i. In fact, the full

    application of the rights and obligations of the data subjects would seriously undermine

    the effectiveness of the fight against VAT fraud and might allow the data subjects to

    obstruct ongoing analysis and investigations due to the massive volume of information

    sent by the payment service providers and the possible proliferation of requests from

    data subjects to the Member States, the European Commission or both. This would

    impede the effectiveness of the system and the capacity of tax authorities to pursue the

    objective of this Regulation by jeopardizing enquiries, analysis, investigations and

    procedures carried out in accordance with this Regulation. Therefore, the objective of

    fighting VAT fraud cannot be achieved by other less restrictive means of equal

    effectiveness. Furthermore, these restrictions respect the essence of the fundamental

    rights and freedom and are necessary and proportionate measures in a democratic

    society.

  • (11) 
    Only the Eurofisc liaison officials should access the payment information stored in

    CESOP and only with the objective of fighting VAT fraud. That information could be used, in addition to the assessment of VAT, also for the assessment of other levies, duties and taxes as established by Regulation (EU) No 904/2010 i. The information should not be used for other purposes, such as for commercial purposes.

  • (12) 
    When processing the information, each Member State should respect the limits of what is proportionate and necessary for the purpose of investigation into suspected VAT

    fraud or to detect VAT fraud.

  • (13) 
    However, it is important, in order to safeguard the rights and obligations under

    Regulation (EU) 2016/679, that information in relation to payments should not be used for automated individual decision-making and should therefore always be verified by reference to other tax information available to the tax authorities of the Member States.

  • (14) 
    It is necessary and proportionate that payment service providers retain records of the information in relation to payments for a three years period to assist Member States fight tax fraud and detect fraudsters. This period provides sufficient time for Member States to carry out controls effectively and investigate into suspected VAT fraud or detect VAT fraud, and it is proportionate considering the massive volume of the payment information and its sensitivity in terms of protection of personal data.
  • (15) 
    Each Member State’s Eurofisc liaison officials should be able to access the information in relation to the payments for the purpose of fighting VAT fraud. Duly accredited

    persons of the Commission should access the information only for the purpose of developing and maintaining the central electronic information system. Both groups of users should be bound by the confidentiality rules laid down in this Regulation.

  • (16) 
    As the implementation of the central electronic information system will require new technological developments, it is necessary to defer the application of this Regulation to allow Member States and the Commission to develop these technologies.
  • (17) 
    VAT fraud is a common problem for all Member States. Member States alone do not have the information necessary to ensure that the VAT rules regarding cross-border ecommerce are correctly applied and to fight VAT fraud on cross-border e-commerce. Since the objective of this Regulation, the fight against VAT fraud, cannot be

    sufficiently achieved by the Member States in the cases of cross-border e-commerce but can be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality, as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve that objective.

  • (18) 
    This Regulation respects the fundamental rights and observes the principles recognised by the Charter of Fundamental Rights of the European Union. In particular, this

    Regulation fully respects the right of protection of personal data laid down in article 8 of the Charter. In that regard, this Regulation strictly limits the amount of personal data that will be made available to the Member States. The processing of payment information pursuant to this Regulation should only occur for the purpose of fighting VAT fraud. The payment data transmitted to and further processed in CESOP should be processed only by the Eurofisc liaison officials of tax authorities within the limits of what is appropriate to achieve the objective of fighting VAT fraud, particularly as regards business to consumers supplies.

  • (19) 
    The European Data Protection Supervisor was consulted in accordance with paragraph 1 of Article 42 of Regulation (EU) 2018/1725 and delivered an opinion on 14 March

    2019 19 7

19 OJ C […], […], p. […].

HAS ADOPTED THIS REGULATION:

Article 1

Amendments to Regulation (EU) No 904/2010 i

Regulation (EU) No 904/2010 i is amended as follows:

  • (1) 
    in Article 2, the following points (s) to (v) are added:

    ‘(s) ‘payment service provider’ means a body listed in points (a) to (d) of paragraph 1 of Article 1 of Directive (EU) 2015/2366 of the

    European Parliament and of the Council(*) or a natural or legal person benefiting from an exemption in accordance with Article 32 of that Directive;

    (t) ’payment’ means an act defined in point 5 or 22 of Article 4 of Directive (EU) 2015/2366, save for the exclusions provided for in Article 3 of that Directive;

(u) ‘payer’ means a natural or legal person as defined in point 8 of Article 4 of Directive (EU) 2015/2366;

(v) ‘payee’ means a natural or legal person as defined in point 9 of Article 4 of Directive

(EU) 2015/2366.

(*) Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC i, 2009/110/EC i and 2013/36/EU and Regulation (EU) No 1093/2010 i, and repealing Directive 2007/64/EC i (OJ L 337, 23.12.2015, p. 35)’

  • (2) 
    CHAPTER V is amended as follows:

    (a) the title of Chapter V is replaced by the following:

    ‘COLLECTION, STORAGE AND EXCHANGE OF SPECIFIC INFORMATION’;

    (b) the following heading Section 1 is inserted:

    ‘SECTION 1

    Automated access to specific information stored in national electronic systems’;

    (c) the following heading Section 2 is inserted after Article 24:

    SECTION 2

    Collection of specific information and central electronic system’;

    (d) the following Articles 24a to 24f are inserted:

    ‘Article 24a

The Commission shall develop, maintain, host and technically manage a central electronic system of payment information (‘CESOP’) for the purpose of investigations

into suspected VAT fraud or to detect VAT fraud.

Article 24b

  • 1. 
    Each Member State shall collect and may store in a national electronic system the information on the payees and the payments referred to in Article 243b of Directive 2006/112/EC i(*).
  • 2. 
    Each Member State shall collect the information referred to in paragraph 1 from payment service providers:

    (a) no later than the end of the month following the calendar quarter to which the information relates;

    (b) by means of an electronic standard form

  • 3. 
    The central liaison office, or the liaison departments or competent officials designated by the competent authority of each Member State shall transmit to CESOP the information referred to in paragraph 1 no later than the tenth day of the second month following the calendar quarter to which the information relates.

    (*) Council Directive 2006/112/EC i of 28 November 2006 on the common system of value added tax (OJ L 347, 11.12.2006, p. 1).

Article 24c

  • 1. 
    The CESOP shall have the following capabilities:

(a) to store the information transmitted in accordance with paragraph 3 of Article 24b;

(b) to aggregate the information stored, in accordance with point (a), in respect of each individual payee;

(c) to analyse the information stored, in accordance with points (a) and (b), together with the relevant targeted information communicated or collected pursuant to

this Regulation;

(d) to make the information referred to in points (a), (b) and (c) accessible to Eurofisc liaison officials referred to in paragraph 1 of Article 36.

  • 2. 
    CESOP shall retain the information referred to in points (a) to (c) of paragraph 1 for a maximum period of five years from the expiry of the year when the information was transferred into the system.

Article 24d

The access to CESOP shall only be granted to Eurofisc liaison officials, who hold a personal user identification for CESOP and where that access is in connection with an investigation into suspected VAT fraud or is to detect VAT fraud.

Article 24f

The following measures, tasks, technical details, format of the standard electronic form, information elements, practical arrangements and security procedure shall be adopted in accordance with the procedure provided for in paragraph 2 of Article 58:

(a) the technical measures for establishing and maintaining CESOP;

(b) the tasks of the Commission in technically managing CESOP;

(c) the technical details of the infrastructure and tools required to guarantee the connection and overall operability between the national electronic systems referred to in Article 24b and CESOP;

(d) electronic standard forms referred to in point (b) of paragraph 2 of Article 24b;

(e) the information and the technical details concerning the access to the information referred to in point (d) of paragraph 1 of Article 24c;

(f) the practical arrangements to identify the Eurofisc liaison official who will have access to CESOP in accordance with Article 24d;

(g) the procedures that the Commission will put in place at all times to ensure the appropriate technical and organisational security measures for the development and operation of the CESOP;

(h) the roles and responsibilities of the Member States and the Commission as regards the functions of controller and processor under Regulation (EU) 2016/679 and Regulation (EU) 2018/1725.

Article 24g

  • 1. 
    The costs of establishing, operating and maintaining CESOP shall be borne by the general budget of the Union. These costs shall include those of the

    secure connection between CESOP and Member States’ national systems, and also the services necessary to carry out the capabilities which are listed in paragraph 1 of Article 24c.

  • 2. 
    Member States shall bear the costs of and shall be responsible for all

necessary developments to their national electronic system, referred to in

paragraph 1 of Article 24b.

  • (3) 
    in Article 37, the following subparagraph is added:

    ‘The annual report shall at least indicate:

    (i) the total number of accesses to CESOP;

    (ii) the operational results based on the information processed pursuant to Article 24d, as identified by Eurofisc Liaison Officials;

    (iii) a quality assessment of the data processed in CESOP.'

  • (4) 
    in Article 55, the following paragraph 1a is inserted:

‘1a. The information referred to in Section 2 of Chapter V shall only be used for the purposes referred to in paragraph 1, where it has been verified by reference to other

tax information available to the competent authorities of the Member States.’

Article 2

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

It shall apply from 1 January 2024.

This Regulation shall be binding in its entirety and directly applicable in all

Member States. Done at Brussels,

For the Council

The President

 
 
 

3.

Meer informatie

 

4.

Parlementaire Monitor

Met de Parlementaire Monitor volgt u alle parlementaire dossiers die voor u van belang zijn en bent u op de hoogte van alles wat er speelt in die dossiers. Helaas kunnen wij geen nieuwe gebruikers aansluiten, deze dienst zal over enige tijd de werkzaamheden staken.