PSD3/PSR is coming: new regulations will affect all parties within the payment sector

PSD3 and PSR come at a crucial moment in the transformation of the financial sector. Recent technological developments and changing customer expectations are creating a need for new rules that can better prevent fraud, further promote open banking, and stimulate competition. Companies are under pressure to innovate faster than ever, while demand for secure digital services is growing daily. It is therefore essential that organizations prepare for the changes brought about by PSD3 and PSR and remain alert to ongoing developments in the sector.

Objectives of PSD3 and PSR

Although existing regulations such as PSD2 have proven effective in combating fraud, rapid technological advances have created new challenges and opportunities. These developments require adjustments to ensure that payment services in Europe continue to meet changing demands. The upcoming PSD3 and PSR framework aims to address these needs and provide a solid foundation for innovation in the sector. This will enable companies to effectively manage new risks while taking advantage of the opportunities offered by digital transformation. The main objectives of PSD3 and PSR overlap in part with previous goals, namely: 

1. Improved fraud prevention and consumer protection– Stricter security measures should strengthen confidence in digital payments.
2. Strengthening Open Banking – Increased competition between banks and digital financial service providers stimulates innovation and growth.
3. Harmonization and enforcement of EU rules – A level playing field in all Member States ensures fairer competition and more effective enforcement.
4. Greater access for non-bank providers – Payment service providers (PSPs) will be given clearer, more consistent conditions for access to payment systems and bank accounts.
5. Enhanced consumer rights – Issues such as unexpected account blocks, unclear fees, and lack of transparency are being addressed.

The new legislation on financial data sharing goes beyond payment accounts and includes rules for secure and transparent data exchange. The aim is to stimulate innovation and give consumers more control. These provisions will be laid down in PSD3 and PSR, as well as in the proposed Financial Data Access (FIDA) framework.

Key improvements 

Secure data sharing for customers:

• Consumers can more easily share their financial data for personalized services, financial insights, or price comparisons.
• Specialized consent dashboards allow consumers to maintain control over who has access to their data and for what purposes.

Obligations for financial institutions:

• Banks and other data holders must provide access to data via standardized systems, provided that the customer has given their consent.
• These institutions must ensure that APIs meet clear reliability and availability requirements.

Better technical regulations and protection:

• Clear liability rules and dispute resolution procedures provide legal certainty for the parties.
• Verification measures, such as Confirmation of Payee (CoP), must be applied consistently to better prevent fraud.

Improved control and accessibility for consumers:

• Consumers benefit from improved access to cash, including the ability to withdraw cash at stores without any obligation to make a purchase.
• Consumers gain more control over their payments, including tools to set limits for payment instruments.

New licensing requirements

With the introduction of PSD3 and PSR, the prudential and licensing rules for electronic money institutions and payment service providers are becoming stricter. These include:

1. Revised capital and protection requirements:

• Increased initial capital requirements: Institutions may need to hold more capital due to adjusted calculation methods.
• Requirement for settlement plan: Institutions must include an orderly settlement plan in their license application.

2. Risk mitigation: Payment institutions will be subject to stricter rules to reduce concentration risk when protecting customer funds.

3.Re-licensing within two years: Existing licenses for non-bank PSPs will remain valid for a maximum of 30 months, provided that institutions submit new applications in a timely manner.

Impact of the new rules

The regulations affect a wide range of parties, including traditional banks, payment platforms, and new service providers. It is striking that even many established payment institutions have to reapply for their licenses, a measure taken by the EU to ensure that market participants meet the highest standards of transparency and security. This means that previous approvals are no longer automatically valid, reflecting the strictness of the new regime. The bar is being raised for everyone, which promotes innovation and a level playing field.

Stricter rules, higher thresholds

Although the new licensing requirements are intended to promote fair competition, they also present new challenges. Meeting the increased standards for transparency and security may require complex adjustments to current systems and processes. These changes may require additional investment, forcing companies to carefully assess how best to meet the new expectations without hindering growth.

New opportunities despite challenges

At the same time, the rules offer new opportunities in areas such as Embedded Finance (financial services directly integrated into apps or platforms), Buy Now, Pay Later, and Decentralized Finance (DeFi). These trends give both established players and newcomers the opportunity to further embed services in the digital ecosystem, expand their customer base, and diversify revenue streams. By embracing these developments, companies can offer innovative solutions that meet changing customer needs.

Timeline – next steps

On November 27, 2025, the European Parliament and the Council reached a provisional agreement on PSD3 and PSR. Formal adoption and publication in the Official Journal of the EU will follow after the technical finalization of the legal texts in 2026.

Following publication in the Official Journal of the EU, there will be a transition period of 18 months before compliance becomes mandatory. This means that affected institutions must fully comply with the requirements of PSD3 and PSR by the end of 2027 at the latest, following their formal entry into force.

Given these developments, financial institutions and payment service providers must remain vigilant, continuously monitor the legislative process, and prepare for the necessary operational changes. As the proposals take their final shape, the effects will vary across the payments landscape. Strategic insight and early preparation are essential to remain compliant and capitalize on opportunities arising from the new regulatory framework.