The EU VAT Committee's response to Italy on “Free” Tech services: VAT exposure when service levels vary with privacy settings

What you need to know

• The Italian tax authorities are asserting that “free-of-charge” social media and other online platform services may, in certain circumstances, fall within a barter-transaction scheme and, therefore, be qualified as VAT-able supplies.
• The VAT Committee’s recent Working Paper No. 1118 observed that when the services and experience received by the user of the IT platform depends on privacy settings selected by users, there is the need to investigate on a case-by-case basis whether the platform is "valuing" the supply of personal data as linked to the service being provided by the platform.
• For Tech companies offering services to European users, this development may have implications for both contractual arrangements with the users, privacy policies and defensive strategy in the event of tax audits.

The VAT Committee’s recent Working Paper No. 1118 was published in response to a formal request formulated by the Italian tax authorities of an opinion seeking the VAT Committee’s views on whether “free-of-charge” social media and other online platform services may, in certain circumstances, fall within a barter-transaction scheme and, therefore, be qualified as VAT-able supplies.

The Italian tax authorities are in fact asserting that such services may, in certain circumstances, fall within a barter-transaction scheme and, therefore, be qualified as VAT-able supplies. The compliance of this position with VAT principles has been tested by the VAT Committee.

Background on the Italian tax authorities' position

Italian tax authorities are increasingly challenging the contractual arrangements between platforms/social network operators and users claiming that the supply of personal data by users constitutes a sale of intangible goods (the data) in exchange for a service (the access to the platform and its functionalities). Although the access to the platform is granted for "free", the swap between personal data and platform access and connected services may be seen as a barter by the authorities, which would thus identify VATable transactions not invoiced by the platform and for which VAT was not paid and recorded.

In the Italian tax authorities' view, the IT platform’s services supplied to users located in Italy¹  fall within Article 2(1)(c) of the VAT Directive being a supply of service conducted for a consideration in kind (the supply of the data). On that basis, and having regard to Working Paper No. 958 of 30 October 2018 and the recent amendments to the Italian VAT decree, the taxable base should correspond to the provider’s costs of supplying the service to users.

Based on publicly available information, the campaign began with the investigation commenced by the tax police against Meta, culminated with allegations of tax evasion amounting to €887.6 million, and continued with subsequent investigations against LinkedIn (€140 million) and X (€12.5 million).

This position has significant implications for VAT and compliance frameworks in the digital economy and may result in a variety of claims even outside the spectrum of social networks.

VAT Committee Working Paper No. 1118 — three scenarios, three outcomes

Preliminarily, in their answer to the Italian tax authorities the VAT Committee clarified that it does not issue opinions on specific cases and is tasked only with discussing the application of EU VAT provisions.

Working Paper No. 1118 of 11 November 2025 reaffirms and refines the 2018 guidance (VAT Committee Working Paper No. 958 of October 2018) pointing out that, in certain situations, it cannot be totally excluded that a direct link exists between supply of data and services received by the end user; this link might be identified where the functionality of the IT platform depends on privacy settings selected by end users.

At the same time, the VAT Committee stressed the complexity of identifying the value of the IT platform service's supply taxable base, distinguishing between the three scenarios below:

1. free-of-charge IT services without privacy setting adjustments. Where the platform services are offered under the same conditions to all users regardless of the quantity or quality of personal data provided, there is no direct link between data and platform services. The user’s data is not a counter-value or price for the platform service, and the platform’s “free” service is outside the scope of VAT;
2. reduced platform functionality when users may adjust certain setting. Where a user may limit the platform’s ability to collect and use their personal data by selecting different privacy settings and the platform correspondingly reduces features or access to the IT services, a direct link may exist. VAT relevance cannot be excluded, but the analysis is highly fact-specific. The Committee cautions that some reductions in functionality may be mere technical consequences of restricted processing (not a valuation choice), which weakens the direct-link argument. Even if taxable, identifying the actual taxable amount to said barter transaction is materially difficult;
3. subscription/ad‑free models. Where users pay a fee to the platform, in exchange for access to the full services of the platform, there is a clear taxable transaction for the IT service. However, using subscription fees as a presumption to challenge the existence of a barter transaction (i.e. “data-for-service”) is not always correct, as the fee could be paid for not seeing advertisement on the platform without having an impact on the user's personal data by the platform.

The Committee signals that legislative amendments may be the most appropriate way to address these issues coherently.

For Tech companies offering services to European users², this development may have immediate implications for both contractual arrangements with the users, privacy policies and defensive strategy in case of tax audits.

Terms & Conditions — targeted revisions to de-risk “direct link”

To minimise the risk of VAT challenge, the goal would be evidencing that personal data is not a consideration in exchange for the service supply and that functionality is not a lever to value data.

The priorities for the Tech companies would be to:

• clarify contractual privacy terms and consideration. Draft T&Cs so that the service is provided under standard, uniform conditions to all users or in any case the access of the core platform's functionality does not depend on the quantity or quality of user's personal data;
• avoid language that frames data permissions to access personal user data/generated contents as a “consideration” for the platform service supply. Reinforce that consent to processing is a regulatory permission, revocable at any time, and not consideration for the service;
• decouple data choices from functionality where feasible. Where privacy settings are available, avoid commercial design choices that reduce or gate features as a function of data permissions. If reduced functionality is technically unavoidable, document that it is a technical consequence of limited processing (not a value trade‑off) and ensure this is transparently explained in user-facing materials;
• maintain a stable baseline of features. Provide a consistent core service to all users irrespective of data volume or granularity. Avoid tiering of features based on profiling completeness or cross‑app tracking consents. If tiers exist, link them to monetary subscriptions for accessing the full platform services without the corresponding advertisement rather than a result of the data-sharing intensity;
• treat subscriptions cleanly. For ad‑free or paid tiers, keep the VATable consideration and scope of the paid service clear, and avoid cross-references that imply the fee “values” non‑paying users’ data;
• make explicit that data processing practices are a natural consequence of providing access to certain platform functionalities, to avoid any artificial valuation linkage;
• harmonize policies and product. Ensure privacy notices, cookie policies, and in‑product consent flows do not suggest a barter transaction scheme to materialize. Remove formulations that imply a contract for the exchange of intangible goods to exist;
• align engineering and UX choices with the legal position that data is not consideration for the service supply;
• evidence uniformity. In documentation and internal guidance, describe the service as uniformly supplied and record any technical necessity for functionality limits when certain processing is disabled; and
• keep internal records demonstrating that the uniformity of the service supplied is independent from the quality/quantity of user data.

What to do now

For Tech companies offering services to users located in Italy or, more broadly, across Europe, immediate next steps would be to:

1. review and adjust T&Cs and product design to avoid any appearance of functionality being traded for data permissions;
2. document technical necessity where functionality is unavoidably impacted by restricted processing; and
3. assemble an audit‑ready evidentiary file demonstrating a uniform, free-of-charge service unlinked to the quantity or quality of personal data.

The Committee’s Working Paper preserves a clear safe harbour for truly uniform free services, but tax authorities may still assess direct‑link theories where privacy settings materially affect functionality. Strong contractual drafting, disciplined product design, and a prepared evidentiary defence file remains advisable.

A comprehensive assessment of VAT exposure – and any related tax and criminal law implications – for “free” digital services is also advisable.