9 July 20257 minute read

Interplay between MiCA and PSD2 for transfers of electronic money tokens – EBA No Action Letter on authorisation requirements and applicable rules

Written by:Caroline HerkströterUte Brunner-ReumannSabine Kimmich

On 10 June EBA has issued a “No Action Letter” to clarify the interplay between MiCA1 and PSD22, in relation to crypto asset service providers (CASPs) that transact electronic money tokens (EMTs) as there are overlaps between the two regimes. This relates in particular to the necessity to have an authorisation under both regimes and to the rules applicable to such transfers, as EMTs not only qualify as crypto assets but also as electronic money.

 

Purpose of the No Action Letter

In this No Action Letter,

EBA makes proposals to the European legislators as to how the issue can be resolved in the long term. It suggests to make use of the ongoing legislative process of PSD3 and the future Payment Services Regulation (PSR) to

  • either amend and strengthen the MiCA provisions applicable to CASPs providing payment services with regard to EMTs so that they are materially aligned to PSD3/PSR in this respect or, if this is not feasible,
  • to take the alternative of retaining services with EMTs qualifying as payment services within the scope of the new PSD3/PSR3.

EBA also gives advice to NCAs for the intervening period of 2-3 years during which PSD2 still applies, by setting out

  • which types of EMT transactions are not to be regarded as payment services and for which CASPs will not require an additional authorisation under PSD2, and
  • with regard to those EMT transactions which are considered as payment services and for which an additional authorisation under PSD2 is currently required, how to supervise specific PSD2 provisions. In this context, EBA also clarified which PSD2 provisions should be de-prioritised by NCAs when exercising their supervisory powers.
  • that NCAs are advised to grant a transition period until 1 March 2026 for CASPs requiring authorisation under PSD2, before such authorisation as Payment Institution (PI) or Electronic Money Institution (EMI) needs to be held.

 

Guidance on PSD2 licence requirements

The No Action Letter gives additional guidance as to which payment services may be conducted if a CASP offers services regarding EMT. In particular, the following activities are considered to be regulated payment services requiring authorisation under PSD2:

  • the “transfer of crypto assets” (defined under Art. 3 para 1, point 26 of MiCA), where such transfer (i) entails EMTs, and (ii) is offered and carried out by the entities on behalf of their clients;
  • the custody and administration of EMTs. Also, the custodial wallet shall be considered as a payment account under the PSD2, where they allow to send and receive transfers of EMTs to and from third parties.

Furthermore, EBA gives advice that the following activities shall not be considered as payment services and thus licensable under PSD2:

  • “exchange of crypto-assets for funds” and “exchange of crypto-assets for other crypto-assets”.
  • intermediation by CASPs of the purchase of any crypto assets with EMTs.

EBA also advises not to prioritise the supervision and enforcement of the provisions of Directive 2014/92/EU (the Payment Accounts Directive, PAD) in relation to custodial wallets.

 

Guidance on authorisation

Procedure: In case a CASP requires an authorisation as PI or EMI, EBA provides advice how NCAs shall assess the application in order to streamline and simplify the process. In particular, EBA emphasised that NCAs should make use of information submitted for the CASP authorisation under MiCA to the greatest extent possible for the authorisation process under PSD2. From our experience with recent authorisation procedures, this should constitute a major alleviation from a practical perspective.  

Initial capital and own funds:  As regards the calculation of initial capital and own funds, EBA requires to apply the initial capital/own funds requirements established by PSD2 and MiCA on a cumulative basis. In this context, EBA also gives guidance on calculation and counting of such funds in order to prevent different treatments by NCAs in this respect.

 

Guidance on specific obligations under PSD2

Consumer protection: With view to consumer protection issues, EBA notes that some of the transparency and disclosure requirements under PSD2 may give rise to implementation challenges, due to the particular features of DLT and the technical specificities of crypto-assets services. Accordingly, it advises NCAs not to prioritise supervision and enforcement of

  • information requirements related to the charges payable by the user to the CASPs/PSPs,
  • information requirement on maximum execution time of payment transactions in the limited number of cases where the CASPs/PSPs cannot know in advance the maximum execution time of payment transactions. An estimate shall be considered sufficient.
  • the unique identifier (e.g. IBAN), and
  • SEPA Regulation (EU) No 260/2012 in its entirety.

Security of payments (incl. strong customer authorisation): While the principle “the same risks, same rules” requires that custody and transfer of EMTs need to be as secure as all other payment services subject to PSD2, EBA acknowledges that the industry will require some time for the required technological implementation and therefore advises NCAs not to prioritise the supervision and enforcement of these requirements until 2 March 2026. In addition, EBA is also willing to accept a reduced fraud reporting of CASPs. However, EBA stresses that the liability of CASPs is irrespective of such regulatory relief. 

Going forward, EBA recommends that PSD3/PSR strengthen the consumer protection regime in MiCA by applying the provisions currently set out in Title II and IV of PSD2 to transfers of EMTS and to the custody and administration of EMTs.

Safeguarding/Safekeeping: To address the risk of divergent interpretations and application of the safeguarding requirements under PSD2 and the safekeeping requirements under MiCA, EBA reminds NCAs that MiCA imposes specific safekeeping requirements on CASPs/PSPs that hold EMTs on behalf of clients and advises NCAs not to prioritise the supervision and enforcement of the provisions in Article 10 of PSD2 in relation to CASPs/PSPs for the purpose of safeguarding EMTs or the means of access to such crypto-assets.

Open banking: EBA advises NCAs not to prioritise the supervision and enforcement of the Open Banking provisions under PSD2 in relation to CASPs/PSPs intending to provide or already providing custody and administration of EMTs and/or carrying out transfer services of EMTs from one distributed ledger address or account to another. The Open Banking Provisions require “account servicing payment service providers” (ASPSPs) to establish access interfaces through which third party providers (TPPs) can access accounts to offer account information services (AIS) and payment initiation services (PIS) and sets out specific requirements for those interfaces and dedicated interfaces.

 

Current Status of PSD3/PSR

On 30 June 2025, the Council published its position on PSD3/PSR. In comparison to the initial draft presented by the EU Commission and the European Parliament’s position4, several amendments suggested in the Council position touch on the above. By way of example, we would like to point to the Council proposals in Recital 16 PSD3 or Recitals 29/29a PSR, to Art. 3 with a new para. 3a and Art. 13 para. 2 PSD3 as regards the authorisation issues and to Art. 9 para. 1 PSD3 of the Council position as regards considerations to exempt EMT from the specific safeguarding requirements. In our view, EBA’s No Action Letter necessitates further consideration in the trilogue. We will carefully monitor these developments and keep our clients informed.

We look forward to further assist our CASP and payment service provider clients also with view to the above and to discuss the ramifications for existing and future business models with affected stakeholders. Please do not hesitate to contact us if you have any questions on the above or other regulatory topics. Our team of experts is happy to help.

You can find more briefings and information on this topic in German here.

 

1Regulation (EU) 2023/1114 on markets in crypto-assets
2(Directive (EU) 2015/2366 on payment services in the internal market)
3EBA made very clear that it would consider the 3rd option to exclude EMTs from the scope of PSD3/PSR and not to strengthen MiCA as unsatisfactory and undesirable.
4Please refer to the consolidated overview of the three positions on PSD3 as published at EUR-Lex - 2023_209 - EN - EUR-Lex and of the three positions on PSR as published at EUR-Lex - 2023_210 - EN - EUR-Lex

Print

Related capabilities

Financial ServicesFinancial Services Regulatory