Key Enhancements Over PSD2
PSD3 addresses PSD2’s shortcomings through greater harmonisation across the EU, minimising regulatory arbitrage that has hindered market participants. Fraud prevention gets a major upgrade with mandatory IBAN/name verification, liability shifts for spoofing scams, and modernised strong customer authentication that’s more inclusive and consistent. The directive also explicitly integrates e-money tokens (EMTs), instant payments from non-banks, and cryptocurrencies into the framework, acknowledging digital assets’ rising prominence in EU policy.
Solving Market Gaps
Fraud remains a core target, with PSD3 enabling data sharing among providers and tools beyond basic authentication to tackle new threats. Open banking improves via standardised APIs, while fintechs gain better access to payment systems and possibly central bank accounts, levelling the field. Regulatory simplification merges e-money rules into one regime, and commercial agent exemptions face stricter limits to close licensing loopholes.
Implementation Timeline
Adoption and publication are slated for early 2026, followed by an 18-month transposition window for Member States. The Council of Ministers could add eight more months, potentially stretching the full transition to 24 months, though the exact start hinges on adoption timing.
PSD3 and MiCAR Overlap for CASPs
The EBA’s June 2025 opinion flags dual regulation risks for crypto-asset service providers (CASPs) handling EMTs, classified as e-money under MiCAR. Until March 2026, CASPs must secure PSP authorisation or partner with one, leveraging MiCA files for efficiency—but capital demands stack without offsets, doubling needs (e.g., €125,000 MiCAR + PSD2 equals ~€250,000). Long-term, the EBA urges legislators to resolve this via PSD3/PSR, possibly embedding payment rules in MiCAR or exempting certain EMT services, with clarity not expected until 2027-2028; meanwhile, dual authorisations or partnerships prevail.
Firm-Level Regulatory Pressures
Payment institutions (PIs), electronic money institutions (EMIs), and CASPs face urgent action on evolving authorisations, especially for EMT/crypto models. Governance, capital buffers, operations, and PSP partnerships require redesigns to meet PSD3/PSR standards. Safeguarding policies and accounts must align with blurred payment-crypto lines, while capital planning accounts for cumulative MiCA/PSD impacts. Firms at minimum thresholds risk non-compliance without proactive reviews.
Strategic Recommendations
Early movers will thrive by stress-testing structures, clarifying ambiguities with regulators, and bolstering compliance teams. Delayers face tight deadlines and costlier fixes. Specialist counsel now beats reactive measures post-adoption, as transitional reliefs expire.
This framework modernises payments for the digital era, boosting security and competition—but crypto-adjacent firms must navigate heightened scrutiny at the MiCAR/PSD3 nexus to stay competitive.
Authors
Kane Sammut Kenwood
Author
Legal Intern
Share this article
Add Your Heading Text Here
