Can a SEPA mandate be signed electronically?

Yes, without restriction. EU regulation 260/2012 (art. 5) and the EPC (European Payments Council, SDD B2B rulebook) explicitly allow electronic signature for SEPA mandates. Art. 1366 of the French Civil Code guarantees legal validity. European banks have accepted AES-signed mandates since 2015.

Difference between SEPA Core and SEPA B2B?

SEPA Core (Direct Debit Core): for individuals and businesses. The debtor has an 8-week refund right after debit (no reason needed) + 13 months for unauthorised debit. SEPA B2B: reserved for business-to-business relationships. The debtor HAS NO refund right — the debit is final. More secure for the creditor but requiring debtor vigilance.

Which signature level: SES, AES or QES?

Advanced signature (AES) is the recommended standard for a B2B SEPA mandate. It satisfies the SCA (Strong Customer Authentication) requirement of PSD2 through dual factor (phone possession + SMS OTP). QES is used for very high-stakes direct-debit authorisations (> €100,000/year).

UMR = Unique Mandate Reference. It's an alphanumeric identifier of max 35 characters, generated by the creditor, uniquely identifying the creditor-debtor-mandate triple. The UMR must be communicated to the debtor in the mandate. Without a valid UMR, the debit is rejected by the bank. Our flow generates the UMR automatically per GBAR conventions.

What if the debtor disputes a debit?

For SEPA Core: the debtor can request refund without reason within 8 weeks, or up to 13 months for unauthorised debit. For SEPA B2B: NO refund right — the debtor must resolve the dispute with the creditor outside the bank. The AES-signed mandate + eIDAS audit trail is then the critical evidence on the creditor's side to demonstrate debit legitimacy.

Must the debtor's bank be notified?

Yes for SEPA B2B: the debtor's bank must receive a copy of the mandate BEFORE the first debit, to verify authorisation. Our flow automatically generates bank notification (via EBICS or Swift flow, or secure portal upload). For SEPA Core, notification is not required.

How long should the SEPA mandate be kept?

EU regulation 260/2012 requires the creditor to keep it 13 months minimum after the last debit (for disputes). In practice, 10-year retention recommended for accounting and tax audits. Certyneo automatically archives 10 years, free of charge, with access to signed PDF + eIDAS audit trail.

Is the electronically signed mandate enforceable against the bank?

Yes. The eIDAS proof PDF (legal representative identity, qualified timestamp, PSD2 SCA-compliant SMS OTP) constitutes irrefutable evidence, enforceable against the debtor's bank in case of dispute. All European banks have accepted AES-signed mandates since 2015.

EU regulation 260/2012 · PSD2 SCA · eIDAS AES

Sign a B2B SEPA mandate online, in 2 minutes

B2B SEPA direct-debit mandate between a debtor and a creditor, signed electronically with the same legal value as paper. Compliant with EU regulation 260/2012 (Single Euro Payments Area), PSD2 (Strong Customer Authentication) and eIDAS — AES advanced signature recommended, automatic UMR (Unique Mandate Reference) generation.

Legal framework: EU regulation 260/2012
Signature level: AES eIDAS recommended
Legal archive: 13 months after last debit

What is a B2B SEPA mandate?

The B2B SEPA direct-debit mandate is the authorisation given by a business (debtor) to a creditor to automatically debit its bank account, per EU regulation 260/2012 of 14 March 2012 which created the Single Euro Payments Area. Unlike the SEPA Core mandate (used for individuals, with 8-week refund right), the B2B SEPA mandate is irrevocable once debited — secure for the creditor but requiring increased debtor vigilance. Each mandate receives an automatically generated UMR (Unique Mandate Reference), identifying the creditor-debtor pair.

Why sign a SEPA mandate electronically?

Automatic UMR + creditor ICS

Our flow automatically generates the UMR (Unique Mandate Reference, max 35 characters) compliant with GBAR requirements adopted by all European Clearing and Settlement Mechanisms. The creditor's ICS (Creditor Identifier) is included in the signed PDF.

PSD2 SCA — strong authentication built in

PSD2 mandates strong authentication for payments > €30. Our AES signature with SMS OTP satisfies the SCA (Strong Customer Authentication) requirement at 2 factors (phone possession + OTP code knowledge).

Multi-signer B2B workflow

A B2B SEPA mandate binds the debtor (legal representative + optionally the CFO) and is notified to the creditor + debtor's bank. Our flow handles multi-signers on the debtor side + automatically generates bank notification.

13-month post-last-debit archive

EU regulation 260/2012 requires the creditor to keep the mandate for 13 months after the last debit (for disputes). Our 10-year archive amply covers this + supports ACPR / DGCCRF audits.

Sign a B2B SEPA mandate in 4 steps

From drafting the mandate to bank notification, in under 5 minutes.

1. Prepare the mandate
Upload the standardised B2B SEPA form or use our template: debtor IBAN + BIC, full identity (company name, registration number), creditor ICS, UMR (auto-generated), debit type (one-off/recurring), maximum authorised amount.
2. Add the signers
Debtor legal representative (manager, president) + optionally CFO (per internal powers). Personalised secure link + PSD2 SCA-compliant SMS OTP for each signer.
3. Choose the eIDAS level
Advanced signature (AES) recommended for a B2B SEPA mandate: presumption of reliability (art. 1367 CCiv), SMS OTP satisfies PSD2 SCA. QES is used for direct-debit authorisations > €100,000 or multi-subsidiary groups.
4. Sign and notify the bank
Debtor representatives sign from their phone. Automatic notification to debtor's bank (signed PDF + UMR via EBICS or Swift flow). 10-year archive with eIDAS audit trail.

Frequently asked questions

Can a SEPA mandate be signed electronically?: Yes, without restriction. EU regulation 260/2012 (art. 5) and the EPC (European Payments Council, SDD B2B rulebook) explicitly allow electronic signature for SEPA mandates. Art. 1366 of the French Civil Code guarantees legal validity. European banks have accepted AES-signed mandates since 2015.
Difference between SEPA Core and SEPA B2B?: SEPA Core (Direct Debit Core): for individuals and businesses. The debtor has an 8-week refund right after debit (no reason needed) + 13 months for unauthorised debit. SEPA B2B: reserved for business-to-business relationships. The debtor HAS NO refund right — the debit is final. More secure for the creditor but requiring debtor vigilance.
Which signature level: SES, AES or QES?: Advanced signature (AES) is the recommended standard for a B2B SEPA mandate. It satisfies the SCA (Strong Customer Authentication) requirement of PSD2 through dual factor (phone possession + SMS OTP). QES is used for very high-stakes direct-debit authorisations (> €100,000/year).
What is the UMR?: UMR = Unique Mandate Reference. It's an alphanumeric identifier of max 35 characters, generated by the creditor, uniquely identifying the creditor-debtor-mandate triple. The UMR must be communicated to the debtor in the mandate. Without a valid UMR, the debit is rejected by the bank. Our flow generates the UMR automatically per GBAR conventions.
What if the debtor disputes a debit?: For SEPA Core: the debtor can request refund without reason within 8 weeks, or up to 13 months for unauthorised debit. For SEPA B2B: NO refund right — the debtor must resolve the dispute with the creditor outside the bank. The AES-signed mandate + eIDAS audit trail is then the critical evidence on the creditor's side to demonstrate debit legitimacy.
Must the debtor's bank be notified?: Yes for SEPA B2B: the debtor's bank must receive a copy of the mandate BEFORE the first debit, to verify authorisation. Our flow automatically generates bank notification (via EBICS or Swift flow, or secure portal upload). For SEPA Core, notification is not required.
How long should the SEPA mandate be kept?: EU regulation 260/2012 requires the creditor to keep it 13 months minimum after the last debit (for disputes). In practice, 10-year retention recommended for accounting and tax audits. Certyneo automatically archives 10 years, free of charge, with access to signed PDF + eIDAS audit trail.
Is the electronically signed mandate enforceable against the bank?: Yes. The eIDAS proof PDF (legal representative identity, qualified timestamp, PSD2 SCA-compliant SMS OTP) constitutes irrefutable evidence, enforceable against the debtor's bank in case of dispute. All European banks have accepted AES-signed mandates since 2015.

Learn more

Ready to sign online?

Free plan, no credit card. Multi-signers, legal archive included.

Start free See pricing