The third Payment Services Directive (PSD3)


The proposal for the third Payment Services Directive (PSD3)

Since the adoption of the second Payment Services Directive (PSD2) - Directive (EU) 2015/2366, the retail payment services market underwent significant changes largely related to the increasing use of cards and other digital means of payment, the decreasing use of cash and the growing presence of new players and services, including digital wallets and contactless payments. The Covid-19 pandemic and the transformations it brought to consumption and payment practices has increased the importance of having secure and efficient digital payments.

Directive (EU) 2015/2366 aimed at addressing barriers to new types of payment services and improving the level of consumer protection and security. The evaluation of the impact and application of Directive (EU) 2015/2366 by the Commission found that Directive (EU) 2015/2366 has been largely successful with regard to many of its objectives, but also identified certain areas where the objectives of the Directive have not been fully achieved.

In particular, the evaluation identified problems regarding divergent implementation and enforcement of Directive (EU) 2015/2366, which have directly impacted competition between payment service providers, by leading to effectively different regulatory conditions in Member States because of different interpretation of the rules, encouraging regulatory arbitrage.

There should be no room for ‘forum shopping’ where payment services providers would choose, as home country, those Member States where the application of Union rules on payment services is more advantageous for them and provide cross-border services in other Member States which apply stricter interpretation of the rules or apply more active enforcement policies to payment service providers established there. That practice distorts competition.

The Union rules on payment services should be harmonised by incorporating rules governing the conduct of payment services in a Regulation and separating them from the rules on authorisation and supervision of payment institutions, which should be governed by PSD3, and not continue to be governed by PSD2.

The definition of ‘payment instrument’ under Directive (EU) 2015/2366 made reference to a ‘personalised device’. Since there are pre-paid cards where the name of the holder of the instrument is not printed on the card, this could leave those cards outside the scope of the definition of a payment instrument. The definition of ‘payment instrument’ should, therefore, be amended to refer to ‘individualised’ devices, instead of ‘personalised’ ones, specifying that pre-paid cards where the name of the holder of the instrument is not printed on the card are payment instruments.

So-called digital ‘pass-through wallets’, involving the tokenisation of an existing payment instrument, including a payment card, are to be considered as technical services, and should thus be excluded from the definition of payment instrument as a token cannot be regarded as being itself a payment instrument but, rather, a payment application. However, some other categories of digital wallets, namely pre-paid electronic wallets such as ‘staged-wallets’ where users can store money for future online transaction, are to be considered a payment instrument and their issuance as a payment service.

To ensure that an undertaking does not provide payment services or electronic money services without being authorised, it is appropriate to require all undertakings intending to provide payment services or electronic money services to apply for an authorisation, except where this Directive provides for registration instead of authorisation. Furthermore, in order to ensure the stability and integrity of the financial system and payment systems and to protect consumers, such undertakings must be established in a Member State and effectively supervised. This requirement should also cover payment institutions issuing electronic money, given the significant new prudential risks associated with the possibility for electronic money institutions to also issue electronic money tokens.

The establishment of a legal person in the EU should be required for electronic money issuers to enable effective supervision of those entities, and to align with Regulation 2023/1114/EU. Electronic money tokens are a form of crypto-asset which can scale up significantly in size and pose risks affecting financial stability, monetary sovereignty and monetary policy.

The Payment Services Directive (PSD3) is fully consistent with other Commission initiatives laid out in the Commission’s digital finance strategy for the EU which was adopted together with the RPS and aims to promote digital transformation of finance and the EU economy and to remove fragmentation in the digital internal market.Consistency with existing policy provisions in the policy area.

Existing policy provisions of relevance to this initiative include other legislation in the area of retail payments, other financial services legislation also covering payment services providers and Union legislation of horizontal application that impacts the retail payments sector. Other legislation includes the Markets in Crypto-Assets Regulation (MiCA), the Digital Operational Resilience Act (DORA), and the Anti-Money Laundering (AML) Directive.

We are expecting the final text of the PSD3.


Cyber Risk GmbH, some of our clients