The European Union has taken a significant step toward reshaping its payments landscape with the publication of the Council’s compromise texts for the Third Payment Services Directive (PSD3) and the new Payment Services Regulation (PSR). The release marks a transition from high-level policy direction to a more defined regulatory framework, giving firms across the payments and fintech ecosystem greater clarity on what lies ahead.
While the overarching themes will feel familiar to those who have followed the evolution from PSD2, the latest drafts introduce a higher degree of specificity and, with it, a clearer sense of the operational and strategic implications for market participants.
At the heart of the reform is the introduction of the PSR as a directly applicable regulation. This shift is designed to eliminate the inconsistencies that arose under PSD2, where national transposition led to fragmented implementation across Member States. A single rulebook is expected to bring greater legal certainty, particularly for firms operating cross-border.
Another notable development is the effective consolidation of the licensing regime. The longstanding distinction between e-money institutions (EMIs) and payment institutions is set to disappear, with EMIs transitioning into a unified framework. This move signals a simplification of the regulatory perimeter and points toward a more cohesive supervisory approach for non-bank payment service providers.
Fraud prevention remains a central pillar of the new framework, but the compromise texts go further in refining how liability is allocated. The proposals introduce more detailed provisions on reimbursement and, importantly, suggest a broader distribution of responsibility across the payments value chain, potentially extending to technical service providers involved in authentication processes.
The texts also reinforce expectations around safeguarding and prudential requirements. While existing safeguarding principles are largely retained, refinements including alternative safeguarding mechanisms and more risk-sensitive approaches, indicate a tightening of oversight in this area.
In parallel, the evolution of open banking continues, with the focus shifting from basic access requirements to the quality and performance of data-sharing interfaces. The new framework places greater emphasis on reliability, standardisation and accountability, reflecting a more mature phase in the development of open finance across the EU.
Operational resilience and data governance via the Digital Operational Resilience Act (DORA) are also more prominently embedded in the proposals, aligning the payments framework with the EU’s broader digital finance agenda. This is likely to increase expectations on infrastructure and risk management.
For firms, the publication of the compromise texts signals that the window for early preparation is now open. Although formal adoption is still to come, the level of detail provided offers a sufficiently robust foundation for initiating gap analyses, assessing exposure across business models and planning implementation strategies.
As the legislative process moves forward, the direction of travel is no longer in question. The focus now shifts to execution and to how firms across the European payments ecosystem adapt to what is shaping up to be one of the most consequential regulatory updates since PSD2.
Contact the Legal Team at BDO Malta to learn how we can assist your existing fintech firm to prepare for these new regulatory updates.
