Belgian law, under Articles VII.43 and VII.44 of the Code of Economic Law, requires a bank to refund unauthorised transactions immediately unless it proves gross negligence. A Dutch-speaking Business Court of Brussels ruling on 19 March 2026 confirmed that this right applies to every payment service user — it is not limited to consumers, and it does reach companies.
That sounds better than it is. The right covers unauthorised transactions only. An invoice-fraud payment — where your own team validated a transfer to an account a fraudster supplied — is authorised, and falls outside the mechanism entirely. The court's ruling extends who is protected, not what is protected.
In July 2026, Belgium's Minister of Consumer Protection and Febelfin announced a substantial anti-fraud action plan: standard transfer limits capped at €5,000 a day by early 2027, a mandatory four-hour cooling-off period on limit increases, fraud cases resolved within 15 banking days, and a central "Fraudstop" hotline. Read the scope: the plan is explicitly for "particuliere klanten" — private customers. No business-account provisions are mentioned.
Verification of Payee has applied since 9 October 2025, and Belgium's implementation does at least reach companies: Febelfin confirms banks report the registered legal-entity name, and urges businesses to keep their name correctly registered with the Crossroads Bank for Enterprises so it matches on invoices. Separately, Belgium's mandatory B2B Peppol e-invoicing regime, live since January 2026, changes how invoices travel: as structured messages over a closed network rather than PDFs attached to email. That removes the email attachment as the delivery vehicle — though no Belgian fraud-statistics body has yet published what it does to fraud rates, and the bank details inside a structured invoice still have to be right.