The initial draft of the Third Payments Services Directive, or PSD3, was introduced in June 2023 as an evolution of previous payments regulations in Europe. It’s an EU directive that applies to banks and non-bank payment service providers (PSPs).
This directive is still in draft phase and will likely be refined over the course of the next year. Its probable impact includes improving accessibility, improving customer protection requirements, improving open banking accessibility and adoption, increasing transparency in cross-border payments and increasing market competition.
We do not expect enforcement of PSD3/PSR before 2027, but there are steps that bank and non-bank PSPs can take now to prepare.
- Stay informed of changes as additional drafts of the directive are released
- Enhance security measures and ensure you’re compliant with PSD2
- Review customer data handling practices and strengthen where needed
PSD2 was created to protect consumers and encourage competition. It introduced open banking to the EU and established strong consumer protection standards by requiring stricter security measures for online protocols. It was intended to be the core pillar to which other regulation would anchor. However, because payments evolved quickly (in part due to accelerated digitization driven by COVID), areas of opportunity for improvement and expansion of the directive have become apparent.
One goal of PSD3 is to address these inconsistencies and remove boundaries to avoid silos. It follows common themes addressed in previous directives, including enhancing consumer protections, promoting competition and innovation and facilitating a single market for payments.
The final draft of PSD3 will likely work to level the playing field between banks and non-bank PSPs by minimizing the risk of regulatory arbitrage.
The revision of PSD2 has been drafted into two components: PSD3 and the Payment Services Regulation (PSR). PSD3, which is a directive rather than a regulation, primarily addresses licensing and supervision. It will need to be transposed into local law to be enforced.
PSR, on the other hand, is a regulation covering security, strong customer authentication and obligations of PSPs. The regulation is directly applicable to all EU member states without the need for local transposition.
Together, these two prongs of the PSD2 revision will likely help strengthen user protections, improve transparency and accessibility and encourage open banking adoption.
While PSD3 is still in draft form and may evolve as new versions are released, there are a few likely impacts to expect.