Payment Innovation

PSD3 and PSR: What You Need to Know About Europe’s New Payment Rules

Swaantje Völkel PPI AG

Swaantje Anneke Völkel

Manager

  • 09/04/2023
  • Reading time 4 minutes
PSD3
Key Takeaways

  • Dual-Layer Framework: PSD3 focuses on licensing/payment service provider oversight, while PSR directly governs payment execution, harmonizing EU regulations.

  • Enhanced Security Measures: Mandatory IBAN-name checks aim to prevent fraud, and updates in scope address ambiguities from PSD2 to simplify processes.

  • Market Changes: New rules reshape payments, requiring businesses to prepare for stricter standards and anticipate future adjustments.

In 2023, the European Commission published its long-anticipated proposals for the third Payment Services Directive (PSD3) alongside a new Payment Services Regulation (PSR). These drafts mark a significant evolution in how payment services are governed across the EU. While still discussed, the implications for banks, FinTechs and third-party providers (TPPs) are already being widely debated. Here's what you need to know.

Regulation versus directive: what’s the difference?

The original PSD2 was reviewed and partially rewritten. The result: a dual-layer approach. PSD3 will be a directive, which must be transposed into national law by EU member states. In contrast, the new Payment Services Regulation (PSR) will be directly applicable, without requiring national implementation. This ensures greater harmonisation and leaves less room for divergent interpretation between countries.

Several elements from the PSD2 have now been moved into the PSR to reduce fragmentation and support a more unified payments framework.

Still about payment accounts – no savings or investments (yet)

PSD3 and PSR continue to focus exclusively on payment accounts. Access to other types of financial accounts – such as savings, securities, or loans – is addressed separately under the Open Finance Regulation, also currently in draft form.

Don’t wait – start preparing now

Although the proposals are not yet final, they will shape the payments landscape for years to come. Given the expected 18-month implementation period following publication, and the need for local legislative processes for PSD3, companies are well advised to assess potential impacts early. The proposals were introduced in mid-2023, and with EU elections and legislative prioritisation in play, full adoption could still be delayed.*

PSR is broader than PSD3

Functionally, the PSR covers payment execution, including technical interface standards, fees, and customer journeys. PSD3, by contrast, focuses on the licensing and supervision of payment service providers.

In terms of scope, the PSR draft is twice as long as the PSD3, highlighting its detailed nature. Notably, the e-money directive will be merged into the new PSD3/PSR framework.

Note: The new rules do not apply to cash-only transactions.

Access to payment accounts: frictionless, at last?

One major pain point under the PSD2 has been the fragmented customer experience for account information services (AIS) and payment initiation services (PIS). The PSR seeks to simplify this through:

  • Harmonised access rules
  • Stricter interface requirements for banks and account-holding institutions
  • Improved data availability for TPPs

A new Regulatory Technical Standard (RTS) is also expected, much like under the PSD2, to further define these access obligations.

This is particularly relevant as Open Finance regulation progresses in parallel, aiming to expand data access beyond payment accounts to broader financial services.

 

Mandatory IBAN/name check across all credit transfers

One notable new feature is the planned IBAN/name check for all types of credit transfers – not just instant payments. This aims to prevent fraud and improve trust. Many consumers already assume such a check exists, but currently, this only applies selectively and differs by provider.

Importantly, this is not the same as the pre-SEPA name/account matching previously used in Germany. It introduces a pan-European, real-time name check as a security feature.

Clearing up the PSD2 grey zones

The PSD2 introduced third-party providers (TPPs) but also left some ambiguity, particularly regarding the so-called “card-based payment instrument issuers” (CBPIIs), described in Article 65. This led to confusion over what services were actually covered.

With the PSD3/PSR, the confirmation of funds service described in Article 65 has now been completely removed – a clear sign that regulators are refining scope and eliminating unnecessary complexity.

Industry feedback: security yes, liability maybe

The German Banking Industry Committee (DK) has welcomed the push for stronger consumer protection and more secure payments. However, it voiced concerns over:

  • Broader liability obligations for payment service providers
  • Potential overload for smaller PSPs
  • Increased data exposure via interfaces

The fear is that excessive obligations could lead to higher costs for consumers or even reduce market competition.

What happens next?

The PSD3 and PSR aim to strike a balance between consumer protection, security, and market innovation. The discussion is ongoing, and the final version may look different from today’s drafts. But one thing is certain: these rules will reshape the European payments landscape – and possibly influence global standards in Open Banking and beyond.

*Note on updates:
The original article anticipated final legislative drafts by the end of 2023. As of mid-2025, the legislative process is still ongoing, with no final implementation date set. Stakeholders should continue monitoring EU updates and plan internal roadmaps accordingly.

Authors

Payments
Share article:

Show all news