How SEPA Mandate Works
A SEPA Mandate establishes the legal permission chain between a payer and a creditor before any funds can move. The process flows from mandate creation through to recurring collection, and every step is governed by the European Payments Council (EPC) rulebooks. Understanding each stage helps merchants avoid failed transactions and costly chargebacks.
Creditor obtains a Creditor Identifier
Before issuing any mandate, the creditor registers with their Payment Service Provider (PSP) and receives a Creditor Identifier (CI) — a unique code that identifies them across the entire SEPA zone. Without a CI, no mandate is legally binding.
Mandate is presented to the debtor
The creditor presents the mandate — paper or electronic — containing all required fields: creditor name and CI, debtor name, IBAN, mandate type (one-off or recurring), and a pre-assigned Unique Mandate Reference (UMR). The debtor reviews and signs.
Debtor signs and returns the mandate
The signed mandate is returned to the creditor. For e-mandates, this may be a digital signature or an online banking confirmation flow. The creditor must retain the signed mandate for 14 months after the last collection.
Creditor sends pre-notification to debtor
Before the first (and any subsequent) collection, the creditor must notify the debtor of the upcoming debit — typically at least 14 calendar days in advance, though both parties can agree on a shorter period. This is the pre-notification requirement under the PSD2 framework.
Collection file submitted to PSP
The creditor submits a Direct Debit collection file to their PSP within the required timeline: D-5 banking days for first/one-off Core collections, D-2 for subsequent Core collections, and D-1 for B2B collections.
Funds settled and mandate record updated
Upon successful collection, funds are credited to the creditor's account. The mandate status is updated — if it is a one-off mandate, it is marked consumed; for recurring mandates, the 36-month validity clock resets.
Why SEPA Mandate Matters
SEPA Direct Debit — powered by mandates — is one of the dominant payment methods for subscription and B2B billing in Europe. Getting mandate management right directly impacts revenue recovery rates and customer lifetime value.
SEPA Direct Debit processed over 20 billion transactions in 2023, representing approximately €23 trillion in value, according to the European Central Bank's Payment Statistics report. This volume reflects the method's status as the backbone of European recurring payments.
Authorised direct debit collections have a failure rate significantly lower than card-based subscriptions — industry data from GoCardless and Stripe indicates average debit failure rates of 0.5–2% compared to 10–15% for card subscriptions subject to expiry and network declines. For subscription businesses with large European customer bases, this difference translates directly to reduced involuntary churn.
Mandate disputes (R-transactions) carry fees typically ranging from €2 to €15 per return depending on the PSP, and high return rates can trigger PSP sanctions. Merchants who invest in clean mandate flows — clear consent language, timely pre-notification, and secure storage — see materially lower dispute rates and stronger payment recovery outcomes.
Mandate Retention Rule
Under the SEPA Core Direct Debit rulebook, creditors must retain the signed mandate for 14 months after the final collection. Failure to produce a mandate on request constitutes grounds for an automatic refund in favour of the debtor.
SEPA Mandate vs. Card-on-File Authorisation
Both mechanisms allow a merchant to collect future payments without asking the customer to authenticate each time. However, their legal structures, failure modes, and costs differ substantially.
| Dimension | SEPA Mandate | Card-on-File Authorisation |
|---|---|---|
| Underlying instrument | Bank account (IBAN) | Debit or credit card |
| Geographic scope | 36 SEPA countries | Global (Visa/Mastercard networks) |
| Dispute window (consumer) | 8 weeks (Core); none (B2B post-bank validation) | 120 days (chargeback) |
| Failure reasons | Insufficient funds, account closed, mandate expired | Card expired, lost/stolen, network decline, 3DS failure |
| Typical failure rate | 0.5–2% | 10–15% |
| Settlement speed | 1–2 business days | 1–3 business days |
| Pre-notification required | Yes (default 14 days) | No |
| Cost per transaction | Low (flat fee, typically €0.20–€0.50) | Interchange + scheme fees (0.2–1.5%+) |
| Best for | Recurring B2B/consumer billing in Europe | Global one-off or subscription payments |
For high-volume, lower-average-order-value recurring billing in Europe, SEPA Mandates almost always produce better unit economics than card-on-file due to lower per-transaction cost and reduced involuntary churn.
Types of SEPA Mandate
The EPC defines two main Direct Debit schemes, each with its own mandate type, and both support one-off and recurring variants.
SEPA Core Direct Debit (SDD Core) mandates are available for any payment between a creditor and a consumer or business. Consumer protections are strong: debtors can request a no-questions-asked refund up to 8 weeks after debiting. This is the most widely used mandate type across the 36-country zone.
SEPA B2B Direct Debit (SDD B2B) mandates are restricted to business-to-business transactions. The debtor's bank must validate the mandate before the first collection, and once validated, the debtor forfeits the right to dispute authorised collections. This gives creditors substantially greater payment certainty, making it ideal for supplier payments, SaaS B2B billing, and utility contracts between legal entities.
One-off mandates authorise a single collection only. After the collection completes, the mandate is consumed and cannot be reused. Common for one-time purchases via bank debit.
Recurring mandates authorise an indefinite series of collections until cancelled. The 36-month inactivity rule applies — if no collection is made within that window, the mandate lapses.
Electronic mandates (e-mandates) are digital equivalents of paper mandates, often completed via online banking redirect flows. They carry identical legal standing under the EPC framework and are the standard for digital-first platforms.
Best Practices
Effective mandate management requires discipline at both the business process level and the technical integration level.
For Merchants
Present mandate terms clearly at the point of sign-up. Ambiguous consent language is the leading cause of disputes. Display the mandate reference, collection amount (or range), and frequency explicitly before the customer signs. Send pre-notification emails at least 5 business days in advance — even if contractually you can go shorter, more notice reduces complaint rates. Monitor mandate expiry: build a process to flag mandates approaching 30 months of inactivity and proactively contact customers to reconfirm. Never reuse a Unique Mandate Reference across different debtors or creditors.
For Developers
Store the full mandate payload — UMR, CI, debtor IBAN, signature date, and mandate type — in your database against the customer record. Validate IBAN format (ISO 13616) and BIC at capture time to catch entry errors before submission. Implement idempotency on collection submissions to prevent duplicate debits if your PSP integration retries on timeout. Subscribe to R-transaction webhooks (return, reversal, refund) and update mandate status in real time. For e-mandate flows, implement a redirect-and-callback pattern with state verification to prevent replay attacks.
Common Mistakes
Reusing expired mandates. Creditors sometimes continue collecting on mandates that have lapsed after 36 months of inactivity. The debtor's bank will return these collections, and the creditor faces both fees and potential regulatory scrutiny.
Missing or incorrect pre-notification. Skipping the pre-notification step — or sending it fewer than the agreed days in advance — is a rulebook breach. Even if the collection succeeds, the debtor has grounds to claim a refund.
Storing only a token, not the full mandate. Some integrations store only a PSP-issued token. If you switch PSPs or face an audit, you need the original mandate data. Always persist the complete mandate record independently.
Using Core mandates for B2B when B2B is available. Many merchants default to SDD Core even for business customers, leaving themselves exposed to the 8-week dispute window. Where both parties are businesses, switching to SDD B2B mandates eliminates this risk.
Failing to handle mandate amendments correctly. If a debtor changes their bank account, a new mandate must be signed. Updating the IBAN on an existing mandate without a new signature is not permitted and renders subsequent collections unauthorised.
SEPA Mandate and Tagada
Tagada's payment orchestration layer handles SEPA Direct Debit mandate lifecycle management across multiple PSP connections. Rather than building mandate storage, pre-notification logic, and R-transaction handling separately for each PSP integration, merchants can centralise these flows through a single API.
Mandate portability across PSPs
One of the most underrated risks in SEPA Direct Debit is PSP lock-in: if your mandate data lives only in one processor's vault, switching providers requires recollecting signatures from every customer. Tagada stores mandate payloads independently of any single PSP, enabling true portability and eliminating this migration risk.
When a collection fails, Tagada's orchestration engine can automatically retry through an alternative PSP rail or escalate to a fallback payment authorisation method — without the merchant needing to build separate retry logic per integration. For platforms managing large European customer bases on subscription billing, this reduces involuntary churn without additional engineering effort.