PSD3 and PSR: Proposed reforms to the EU Payments Framework

Introduction

On 27 November 2025 the European Parliament and the Council of the EU announced that they’d reached a provisional political agreement on the texts of the proposed Directive on payment services and electronic money services (PSD3)¹ and the Regulation on payment services in the EU (PSR),² originally published by the European Commission in June 2023.

These measures are a significant reform to the EU payments framework, which is currently regulated by PSD2,³ with a strong focus on fraud prevention, consumer protection, open banking and supervisory harmonization.

 

Background

The first Payment Services Directive (PSD1),⁴ adopted in 2007, established a harmonised legal framework for creating an integrated EU payments market. But the introduction of new (at that time) types of payment services and products led to the adoption of PSD2, which has been applied largely since 2018. PSD2 sought to improve the level of consumer protection and security, and introduce open banking. It contains rules on the provision of payment services by Payment Service Providers (PSPs) and rules on the licensing and supervision of one specific category of PSP, namely Payment Institutions (PIs).

Despite the achievements of PSD2, the European Commission's review of PSD2 identified several problems in the EU payment market. Specifically, in its Impact Assessment on 1 March 2023, the Regulatory Scrutiny Board determined that consumers are at high risk of fraud and lack confidence in payments; that the open banking sector isn’t efficient, creating obstacles for open banking providers seeking to innovate; that supervisors in member states have inconsistent powers and obligations, leading to PSPs being uncertain about their obligations and to discrepancies in relevant regulations across member states; and that non-bank PSPs face a competitive disadvantage in relation to banks.

In response to these findings, on 28 June 2023 the European Commission published two legislative proposals, the PSR and the PSD3. The proposals seek to:

• strengthen user protection and confidence, tackling payment fraud;

• increase transparency on fees and charges;

• improve competitiveness of open banking services;

• simplify authorisation; and

• improve enforcement and implementation in member states, leading to consistency across the EU.

Specifically, the PSD3, as a proposal for a Directive, focuses on the authorisation, licensing and supervision of payment institutions and electronic money institutions. It repeals PSD2 and the Electronic Money Directive⁶ and integrates the regulatory treatment of payment and e‑money services in a single supervisory framework. The PSR also introduces directly applicable conduct‑of‑business rules governing the provision and use of payment services across the EU. By shifting these rules from a Directive to a Regulation, the EU aims to achieve greater harmonisation, consistent enforcement and legal certainty for market participants operating on a cross‑border basis.

 

Proposed Legal Frameworks

Fraud Prevention

A core element of the reform is the strengthening of fraud prevention obligations and the clarification of liability rules. Under the agreed text, PSPs will have to implement robust fraud prevention mechanisms, including verification that a payee’s name matches the unique identifier (IBAN). In cases of discrepancies, the PSP will have to refuse the payment order and inform the payer. PSPs will also have to ensure strong customer authentication and offer spending limits and blocking measures to reduce the risks of fraud.

The proposed legislation also imposes enhanced Strong Customer Authentication (SCA) requirements that further oblige PSPs to implement adaptive, risk‑sensitive authentication processes that reflect user behaviour, transaction patterns and emerging fraud typologies. PSPs will also have the obligation to improve accessibility of SCA for users with disabilities, older people and other people facing challenges, providing them with enhanced fraud-mitigation tools.

Liability rules under PSD3 and the PSR mark a significant shift toward user protection. PSPs that fail to implement adequate fraud risk controls will assume liability for customer losses. Specifically, if a customer is defrauded through impersonation fraud, the PSP will have the obligation to reimburse them.

Transparency

The PSR introduces enhanced information obligations designed to ensure that payment users have full visibility of applicable fees and charges before initiating a transaction. PSPs must clearly disclose currency‑conversion fees, ATM withdrawal charges and any additional service costs. These transparency measures are aimed at reducing hidden charges, improving comparability between providers and enabling consumers to make more informed decisions.

Beyond financial transparency, the legislation strengthens consumer protection by requiring PSPs to provide access to human customer support. This obligation addresses concerns that relying solely on chatbots under PSD2 limited user access to effective dispute resolution and fraud assistance.

Access to cash

The PSD3 and PSR package introduces measures aimed at improving cash availability to consumers. Retailers will be allowed to offer, in physical shops, cash provision services even in the absence of a purchase by a customer, without having to obtain a payment service provider authorisation, registration or being an agent of a payment institution. To prevent competitive distortions and maintain proportionality, retail operators offering these services will only be able to distribute EUR50 per transaction.

Open banking

The PSD3 and PSR proposals aim to reduce market barriers for “open banking services” (account information and initiation services providers) and to improve competition between them and Account-Servicing Payment Service Providers (ASPSPs), such as banks or other financial institutions.

A further key element of the reform is the requirement for ASPSPs to put in place dedicated, high‑performing data‑access interfaces, supported by more detailed minimum specifications to ensure availability, stability, and technical reliability.

Taken together, these measures are intended to make the EU payments market more open and competitive, while improving how the digital finance system works overall.

Authorisation

The PSD3 and PSR frameworks will harmonise and streamline the authorisation regime for payment institutions and electronic money institutions. They aim to restructure the licensing framework for PIs and Electronic Money Institutions (EMIs), consolidating PSD2 and the Electronic Money Directive into a single supervisory framework. Applicants will face clearer initial capital requirements, harmonised timelines and more detailed expectations around governance, risk management and internal controls.

A central feature of the reform is the simplification of the authorisation process. Authorisation will be subject to strong prudential and capital requirements, with applicants having to demonstrate accurate own‑funds calculations, credible budget forecasts and that internal structures correspond to the scale and complexity of the payment services they intend to provide. Also, initial capital requirements will be calibrated to the applicant’s risk profile and business model.

Although the core procedures for authorisation and control of qualifying holdings remain broadly consistent with PSD2, PSD3 introduces some important refinements. All applicants will now have to submit a winding‑up plan as part of their authorisation package, ensuring early consideration of orderly exit strategies and the protection of user funds.

Harmonisation

A core objective of the PSD3/PSR reform package is to eliminate the scope for “forum shopping” that was developed under PSD2, where payment service providers could choose to establish themselves in member states applying lighter interpretations or more permissive enforcement of EU rules, while passporting services into jurisdictions with stricter supervisory practices. This has led to inconsistent standards of consumer protection and supervisory tension between national competent authorities.

To address this, the proposed legislations aim to significantly harmonise the payment‑services regulatory framework and reduce national divergences. Conduct‑of‑business rules that previously sat within PSD2, allowing member states discretion during transposition, will now be incorporated into the directly applicable PSR, ensuring uniform application across the EU. By contrast, PSD3 will exclusively govern the authorisation, prudential oversight and supervision of payment institutions and electronic money institutions, separating conduct requirements from institutional licensing and supervision. This structural split is intended to enhance legal clarity and reduce interpretative inconsistencies between member states.

Quick dispute resolution

PSD3 and the PSR seek to reinforce user confidence by improving access to redress mechanisms. PSPs will have to participate in alternative dispute‑resolution (ADR) procedures when selected by consumers, ensuring an accessible and cost‑effective avenue for resolving payment disputes. National authorities are encouraged to ensure ADR bodies are adequately resourced and independent.

 

Next steps

The Council and the Parliament will continue working on the technical elements of the package before final adoption by the co-legislators. It's anticipated that the final texts will be published in the Official Journal of the European Union in H1 2026. Entry into force of both frameworks is anticipated in 2027.

We will continue monitoring financial developments and publish our latest findings.