These Questions & Answers outlines the scope, requirements, timelines, and other technical details of the EPC Verification Of Payee (VOP) scheme.
1. Can the VOP scheme be used for SEPA Direct Debits?
The EPC Verification Of Payee (VOP) scheme is designed to allow the payment service providers (PSPs) in the European Economic Area (EEA) to comply with the new regulatory requirements outlined in the EU Instant Payments Regulation (IPR) within the given deadlines. The first version of the VOP rulebook limits itself to verifications of a payee related to a SEPA Credit Transfer (SCT) or a SEPA Instant Credit Transfer (SCT Inst).
2. Will it be mandatory for PSPs to adhere to the scheme?
All current and future SEPA Credit Transfer (SCT) and/or SEPA Instant Credit Transfer (SCT Inst) scheme participants affected by the amended SEPA Regulation provisions on verification of payee must adhere to the VOP scheme and register into and fund the EPC Directory Service (EDS), for an initial period of 3 years starting from October 2025, to ensure VOP cross-border reachability and interoperability in accordance with the provisions of the amended SEPA Regulation.
Some PSPs might not (yet) be affected by the amended SEPA Regulation provisions on verification of payee (e.g., because they are located in one of the three non-EU member states of the EEA), or might decide to not adhere to the VOP scheme (and EDS) for other reasons.
To this end, the EPC established a formal opt-out possibility for SCT and/or SCT Inst scheme participants from adhering to the VOP scheme in 2025, and from registering in and funding the EDS. Scheme participants wishing to use this opt-out, must declare it by 31 January 2025 close of business, clarifying the reason for opting out.
Possible reasons for opting out can be:
- The scheme participant is located in an EU Member State outside the Euro Area and is not yet impacted by the verification of payee obligations stemming from the amended SEPA regulation and entering into force on 9 October 2025.
- The amended SEPA Regulation is not applicable to the concerned scheme participant (e.g., the scheme participant offers accounts that do not fall under the definition of 'payment account’ in line with applicable EU law and jurisprudence).
- The country in which the scheme participant is based is not subject to the new requirements of the amended SEPA Regulation (e.g., it is located outside of the EEA, Norway, Liechtenstein or Iceland) and it has not yet introduced equivalent requirements at local level.
- The scheme participant plans to terminate its adherence to the SCT or to the SCT Inst scheme before 9 October 2025.
The concrete 2025 termination date must then be communicated so that the Register of SCT/SCT Inst scheme participants can be updated accordingly. - Other.
More details can be found here.
3. Will it be mandatory for EMIs and PIs that are SCT/SCT Inst scheme participants to adhere to the VOP scheme by October 2025?
For SCT/SCT Inst scheme participant EMIs and PIs, the same principles of which under FAQ 2 apply. SCT/SCT Inst scheme participant PIs and EMIs located in the Eurozone are required to offer a VOP service as of 9 October 2025. Those located outside the Eurozone are required to offer a VOP service as of 9 July 2027.
Accordingly, for opt-out purposes, the reason field "The scheme participant is located in an EU Member State outside the Euro Area and is not yet impacted by the verification of payee obligations stemming from the amended SEPA regulation and entering into force on 9 October 2025" as mentioned under FAQ 2 should be used.
4. Can the PSPs in SEPA countries which are not EU member states (such as UK and CH) adhere to the VOP scheme?
The VOP scheme rulebook will be effective on 5 October 2025. As of that date, in principle any PSP able to comply with all the rules specified in this rulebook can adhere.
However, SCT and/or SCT Inst scheme participants incorporated in Iceland, Liechtenstein and Norway (EEA countries), or in a non-EEA SEPA country may not yet be in a position to adhere to the VOP scheme. This until either the IPR is incorporated in their legal system (for the EEA countries) or relevant legal equivalence requirements (e.g., for the use of the VOP API) are adopted in the local laws (for non-EEA SEPA countries’ PSPs wishing to voluntarily adhere to the VOP scheme). The EPC will in due course provide further information regarding the possibility that EEA and non-EEA SEPA PSPs adhere to the VOP scheme (and to the EDS).
5. Could a non-SEPA based PSP adhere to the VOP scheme?
The section 4.4 Eligibility for participation of the VOP scheme rulebook outlines which entities can adhere to this scheme.
PSPs which are not incorporated and licensed in a SEPA country or territory, cannot adhere to the VOP scheme.
6. Is it already determined when exactly the VOP scheme adherence process will be available?
The EPC plans to open VOP scheme adherence process by March 2025.
7. When does the execution time start when a RVM is used?
The Timestamp (attribute AT-T056) is always set by the Requesting PSP. In case the Requesting PSP uses an RVM, the PSP needs to send it to the RVM together with the VOP request, regardless of the protocol and interface used between the Requesting PSP and its RVM.
8. When will the EDS specifications be available?
The publishing of the EDS logical data model, the EDS Web Graphical User Interface (GUI) specifications, the onboarding and authentication specifications for RVMs to access the EDS, as well as the API interface to access, update and download the EDS, will be published by the EPC at a later stage, expected within Q1-2025.
9. Is there an end-to-end process flow available?
The final EDS technical specifications will be published by the EPC at a later stage, expected within Q1-2025.
A high level conceptual workflow, including the EDS, is available in the VOP scheme rulebook section 1.3
Some technical process flows are already available in the VOP API Specifications and in the API Security Framework.
10. Is there any certification testing that need to be carried out for VOP before going live?
The VOP Task Force is assessing the interoperability topic and more information will be communicated at a later stage, expected within Q1-2025.
11. Is it planned to publish standards for ISO20022-messages for the customer-to-bank-sphere related to the VOP scheme?
At the moment, only inter-PSP API specifications were published, and it is not foreseen to publish ISO20022 messages for the customer-to-bank space.
12. Does the EPC certify the RVMs? What are the conditions to become RVM?
More details about the role of RVM and the related conditions will be published by the EPC at a later stage, expected within Q1-2025. A call for interest was launched on 22 November 2024 inviting organisations to express their intention to offer their services as VOP scheme compliant RVM. This call was open until 20 December 2024. Thereafter, in January 2025, an informational RVM forum will be organised. More details can already be found here.
13. In case both the Requesting and Responding PSPs use the same RVM is it mandatory to use the published VOP APIs?
All VOP scheme participants must at least support the inter-PSP API specifications set by the EPC. This ensures SEPA wide reachability and interoperability.
However, VOP scheme participants are free to use on top of these EPC API specifications, other messaging languages with other VOP scheme participants if the PSPs concerned are all part of the same closed group.
In other words, inter-PSP API specifications set by the EPC do not exclude all other possibilities, but all PSPs must at least be able to support minimum one set of specifications (the EPC ones).
It should be noted that if VOP scheme participant bilaterally or multilaterally, e.g. within a “closed group” or community, decide to apply rules and/or technical specifications different than the ones specified in the EPC VOP scheme rulebook, then the VOP scheme Rulebook’s liability provisions do not apply.
14. Should the reason code provided in the VOP Response be displayed back to customer (Requester)?
According to the IPR, the Requesting PSP must notify the Requester about the outcome of the VOP check. It is up to the Requesting PSP to decide how to comply with this requirement.
15. In case a customer (Requester) wants to execute a payment by discarding the VOP result and the warning message (i.e., in case of no match/verification check not possible/no response) and it has resulted in financial loss, who will be liable?
For liability related questions, please refer to the Regulation (EU) 260/2012 as modified by the Regulation (EU) 886/2024 (Instant Payments Regulation - IPR), and to the Clarification of requirements of the IPR published by the European Commission on July 23rd.