30/04/2026
Insights Blog

Background

On 28 June 2023, the European Commission published two proposals: a proposal (PSD3) for an amendment to the current Payment Services Directive (PSD2), and a related proposal for the Payment Services Regulation (PSR). The intention of the legislative package was to modernise the EU’s regulatory framework for payment services, enhancing consumer protection, strengthening fraud prevention, improving the functioning of open banking and facilitating supervisory harmonisation.

Latest developments

On 23 April 2026, the Council of the EU published notes from its General Secretariat to the Permanent Representatives Committee (COREPER) setting out final compromise texts for PSD3 and the PSR, along with an “I” Item Note in which the General Secretariat recommended that COREPER approve the texts with a view to reaching agreement at second reading with the European Parliament. This marks a significant milestone in a reform process that began with the Commission’s original proposals in June 2023.

What happens next?

The publication of final compromise texts along with the I Item Note signals that political negotiations between the co-legislators are effectively complete. The anticipated next steps are:

  • Formal approval by COREPER of the final compromise texts;
  • Formal adoption votes in both the Council and the European Parliament;
  • Signature and publication in the Official Journal of the European Union; and
  • Entry into force on the twentieth day following publication in the Official Journal.

Member States would then be required to adopt and publish national transposing measures within 21 months of PSD3 entering into force and to apply those measures from the same date. The PSR, as a Regulation, will apply directly across all Member States from that same date, apart from Articles 50 and 57 relating to verification of payee provisions, which will apply 27 months after the entry into force of the PSR.

Key areas of significance for market participants

  • Fraud prevention and consumer protection: The PSR strengthens transaction monitoring requirements, including real-time monitoring for instant credit transfers, and links failure to monitor to refund outcomes. It also introduces a requirement for payment service providers (PSPs) to verify that a payee’s name matches their unique identifier (e.g. IBAN) prior to execution of a credit transfer (verification of payee), for transactions that are not already covered by Regulation (EU) 2024/886 (the Instant Payments Regulation), and links failure to verify with refund and compensation outcomes. The PSR also addresses social engineering and impersonation fraud (“spoofing”), and includes a consumer refund right for PSP impersonation fraud, subject to certain conditions.
  • Open banking: Account servicing PSPs must maintain a dedicated, secure interface (API) for regulated data exchange with account information and payment initiation service providers, subject to certain exceptions. User control is also enhanced through requirements for dashboards for monitoring, withdrawing or re-establishing data access granted to open banking services providers.
  • SCA: strong customer authentication (SCA) requirements are refined. The regulations clarify precisely when SCA must be applied, with clearer treatment of merchant-initiated transactions. New accessibility obligations require that SCA methods be provided free of charge, must not depend solely on a smartphone, and must be adapted to accommodate more vulnerable users.
  • Supervision: A central feature of the reform is the restructuring of the EU payments framework: conduct-of-business rules for payment services move into the directly applicable PSR, while authorisation and supervision provisions remain in PSD3. As part of this restructuring, PSD3 will repeal PSD2 and Directive 2009/110/EC (the E-Money Directive). The policy aim is to reduce divergent national implementation, limit regulatory arbitrage and “forum shopping”, and achieve greater consistency across the single market.
  • Transitional provisions: existing payment institutions authorised under PSD2 may continue to operate for up to 27 months after PSD3 enters into force, subject to providing the necessary information to competent authorities to enable them to assess compliance with the PSD3 requirements within that timeframe. If the payment institution can demonstrate that they comply with the new requirements, then they will be deemed authorised under PSD3. A broadly similar transitional approach applies to existing electronic money institutions.

Our Financial Regulation Group regularly advises PSPs and other clients on all aspects of payment services regulation and supervision. If you require further information, please contact a member of the Financial Regulation Group or your usual Arthur Cox contact.