The hard problem wasn't rate cards or VAT rules. It was figuring out which tenant a Mollie webhook belonged to. One endpoint, no tenant ID in the payload — and the naive fix becomes an O(n) scan on every payment event.
The actual fix required one piece of metadata added at subscription creation, not at the webhook handler. Full writeup here — including what we got wrong first and why GDPR erasure constraints shaped the entire data model: https://dev.to/cadensa/how-we-handle-multi-tenant-billing-for-eu-agencies-cpd
Whether that tradeoff is right for every multi-tenant SaaS is a separate question. For a GDPR-first product, it turned out to be the only one that works.