Cryptliance
โ† Key Regulations

๐Ÿ‡ช๐Ÿ‡บ EU ยท Key Regulation

PSD3 & PSR

The Third Payment Services Directive (PSD3) and the Payment Services Regulation (PSR) modernise the European Union's payment services framework, replacing much of PSD2 with a revised directive and a directly applicable regulation.

In this briefing

  • What it is
  • What do PSD3 & the PSR do?
  • Key things to know

PSD3 focuses on the authorisation, supervision and prudential requirements for payment institutions and electronic money institutions, while the PSR establishes harmonised operational and conduct requirements for payment service providers across the EU.

The package aims to reduce payment fraud, improve consumer protection, strengthen open banking, increase transparency and create a more consistent regulatory framework for banks, payment institutions, fintechs and other payment providers.

While PSD3 and the PSR are not crypto regulations, they are increasingly relevant to digital asset businesses because of the interaction between payment services, tokenised money and e-money tokens (EMTs) under MiCAR.

What do PSD3 & the PSR do?

Modernise the EU Payment Framework

Updates the existing PSD2 framework by creating a clearer division between prudential requirements under PSD3 and operational rules under the PSR, resulting in greater harmonisation across Member States.

Strengthen Payment Institution Regulation

Introduces updated authorisation, governance, safeguarding, prudential and supervisory requirements for payment institutions and electronic money institutions.

Improve Consumer Protection

Strengthens requirements around fraud prevention, transparency, reimbursement, customer communications, complaints handling and liability for unauthorised or fraudulent payment transactions.

Expand Open Banking

Introduces improvements to access-to-account rules, dedicated interfaces, customer consent management and data-sharing arrangements to support greater competition and innovation.

Strengthen Fraud Prevention

Requires stronger fraud detection, enhanced transaction monitoring, improved authentication measures and better information sharing between payment service providers.

Clarify the Interaction with Digital Assets

Recognises that certain business models involving e-money tokens (EMTs) may also constitute regulated payment services. Depending on how an EMT is used, firms may require authorisation under both MiCAR and payment services legislation.

Key things to know

โœ“

PSD3 and the PSR create a new legislative structure

Rather than updating PSD2, the EU has split the framework into two instruments. PSD3 governs the authorisation, supervision and prudential requirements for payment institutions, while the PSR introduces directly applicable operational and conduct rules across all Member States, reducing regulatory fragmentation.

โœ“

Fraud prevention is a central objective

The framework introduces stronger measures to combat payment fraud, including improvements to Strong Customer Authentication (SCA), fraud monitoring, information sharing between payment service providers and greater transparency around fraud risks and liability.

โœ“

Open Banking is being strengthened

PSD3 and the PSR seek to improve the reliability and performance of Open Banking by enhancing dedicated interfaces, customer consent management, data access and competition between payment providers and third-party providers.

โœ“

Payment firms should assess the wider regulatory landscape

PSD3 and the PSR do not operate in isolation. Payment service providers will increasingly need to consider how the framework interacts with DORA, FiDA, eIDAS 2.0, AMLR, GDPR and consumer protection legislation as part of a broader modernisation of European financial infrastructure.

โœ“

MiCAR authorisation does not automatically permit payment services

A CASP authorised under MiCAR is not automatically authorised to provide regulated payment services. Business models involving e-money tokens (EMTs) should assess whether they also fall within the scope of payment services legislation, potentially requiring payment institution or electronic money institution authorisation, or a partnership with an authorised PSP.

โœ“

EMTs increasingly bridge payments and digital assets

E-money tokens are regulated under MiCAR as crypto-assets, but their use as a means of payment can also trigger payment services regulation. As stablecoins and tokenised money become more widely adopted, firms will increasingly need to assess both regulatory frameworks rather than treating payments and digital assets as separate ecosystems.

For general information only. Not legal, regulatory or compliance advice.

Working With This Regulation?

Cryptliance helps firms understand what applies, what it means for the business and what to do next โ€” across strategy, controls, product and market execution.