Introduction: a new era for payments and e-money regulation in the EU
The European payments landscape is undergoing its most significant overhaul since the second Payment Services Directive (PSD2). The European Commission has proposed a new legislative package: the third Payment Services Directive (PSD3) and the Payment Services Regulation (PSR). This two-part reform aims to modernise and harmonise payment services across the European Union (EU), tackling the shortcomings of PSD2 while enhancing customer protection, fraud prevention, and providing regulatory clarity.
While PSD3 will require national transposition, the PSR will be directly applicable across all EU member states, limiting room for interpretation and ensuring consistent implementation. Together, they promise to create a more level playing field for payment and e-money institutions, but firms must begin preparing now to stay ahead.
The core question
What changes do PSD3 and the PSR bring, and how can regulated firms prepare for a smooth transition to the new regime?
Key changes under PSD3 and the PSR
- Greater harmonisation across the EU
The PSR will apply directly across all EU member states, unlike PSD2. This shift limits national divergence, removing fragmentation and enhancing consistency for cross-border payment firms.
What this means for firms:
- standardised compliance requirements across jurisdictions; and
- fewer local variations to navigate for cross-border operations.
- Stronger supervisory powers
National competent authorities will gain enhanced enforcement tools, including:
- expanded investigatory powers over payment service providers (PSPs) and their senior management; and
- new obligations to publish enforcement actions (‘naming and shaming’) in cases of non-compliance.
Implications:
- senior leadership must ensure strong governance and documentation to meet heightened scrutiny; and
- increased reputational risk for compliance failures.
- Enhanced customer protection
The new rules introduce a range of safeguards to protect end users, including:
- enhanced strong customer authentication (SCA) requirements; and
- free and mandatory ‘verification of payee’ (the requirement to match international bank account numbers with the names of beneficiaries) for all credit transfers within the EU.
Action points:
- Firms should review their SCA protocols and prepare for required upgrades.
- Firms should update customer-facing communications and interfaces to align with new verification obligations.
- Merging of the PI and EMI Frameworks
Under PSD3:
- the legal distinction between payment institutions (PIs) and e-money institutions (EMIs) will be removed;
- EMIs will be regulated under PSD3 as payment institutions; and
- PIs will be authorised to issue e-money.
What to expect:
- Regulatory consolidation, simplifying dual-licensed firm structures.
- Repeal of the Second Electronic Money Directive (EMD2).
- Authorisation requirements
Under PSD3:
- PSPs will be required to submit a wind down plan as part of their authorisation. This plan should be proportionate to the size and nature of the business and should set out the steps to orderly wind down in the event of business failure;
- PSPs will be required to set out the EU jurisdictions within which they intend to operate; and
- initial capital requirements will increase as follows:
Activities | PSD 2 / EMD 2 | PSD 3 |
Payment services | EUR 125,000 | EUR 150,000 |
E-money services | EUR 350,000 | EUR 400,000 |
Money remittance services | EUR 20,000 | EUR 25,000 |
Payment initiation services | EUR 50,000 | EUR 50,000 (or professional indemnity insurance) |
Account initial services | None | EUR 50,000 (or professional indemnity insurance) |
Safeguarding requirements
Under PSD3:
- PSPs will be given the option of opening safeguarding accounts with central banks across the EU. This facility is however at the discretion of individual central banks; and
- PSPs will be required to diversify their safeguarding methods to avoid a concentration risk in the use of a singular method (such as safeguarding wholly with one institution).
- Stronger fraud protection and liability shifts
PSPs will shoulder more responsibility for preventing and responding to fraud:
- the burden of proof will lie with PSPs to show customer negligence or fraud;
- firms may be liable for customer losses due to manipulation by third parties; and
- firms will be required to provide fraud prevention education and customer support measures.
Considerations:
- Firms should invest in customer awareness campaigns.
- Firms should strengthen fraud detection and response processes.
- Expanding open banking and data access
The new framework improves access for non-bank PSPs to customer financial data and payment systems, removing barriers that limited uptake under PSD2.
Changes include:
- enhanced data-sharing obligations on banks; and
- a formal framework for secure access to consumer data for authorised non-bank PSPs.
Impacts include:
- greater innovation opportunities for fintechs; and
- more equitable access to financial infrastructure for non-banks.
- Increased transparency requirements
PSPs must provide clearer, more consistent information to customers, including:
- real-time foreign exchange conversion rates and estimated settlement times for cross-border transactions;
- clear disclosure of ATM charges and payee identifiers on account statements; and
- a new ‘permission dashboard’ for consumers to manage third-party access to their financial data.
Key actions:
- Review your data presentation and customer communication processes.
- Prepare for system enhancements to support dashboard functionality.
- Supporting access to cash
Retailers will be allowed to offer cash withdrawals without requiring a purchase, improving access to cash, especially in under served localities.
Why it matters:
- This encourages financial inclusion and supports communities with limited digital adoption.
Implementation timeline and transitional arrangements
While the final PSD3 / PSR texts are expected in 2025, full implementation is unlikely before 2026. Existing PIs and EMIs will benefit from a transitional period.
What you need to do:
- Submit evidence of compliance to your national competent authority within 2 years of the rules coming into effect.
- Operate under current permissions during the transition but prepare early to avoid bottlenecks.
Conclusion: early preparation is essential
PSD3 and the PSR will reshape the EU payments market, creating a more integrated, transparent, and secure environment for consumers and providers alike. For PIs and EMIs, this is not just a compliance exercise, it’s an opportunity to enhance services, streamline authorisations, and build overall consumer trust.
How fscom can help
At fscom, our specialist payments advisory team supports PIs and EMIs to navigate the authorisation process, regulatory change, and operational transformation. With deep sector knowledge and regulatory insight, we help firms prepare for the shift to PSD3 and PSR and seize the opportunities it brings.
Contact us today to discuss your PSD3 / PSR readiness assessment.
This post contains a general summary of advice and is not a complete or definitive statement of the law. Specific advice should be obtained where appropriate.
