PSD2

The revised Payment Services Directive, or PSD2, is the European directive that regulates payment services and payment service providers. PSD2 contributes to a secure, reliable, and innovative European payment landscape.

What is PSD2?

PSD2 and the detailed regulations based on it form the core of the regulation of payment service providers in Europe. The directive aims to contribute to greater competition and enhance the security of payment services. PSD2 provides greater transparency for users, contains security requirements for electronic payments, and introduces new payment services.

The directive came into force at the beginning of 2016. Member States had until the beginning of 2018 to incorporate the obligations into their national legislation. In the Netherlands, PSD2 has been implemented in the Financial Supervision Act (Wft), in the accompanying delegated regulations, and in the Civil Code.

PSD2 has four main objectives:

Contribute to a more integrated and efficient European payments market.
Increase competition between payment service providers by allowing new parties to enter the market.
Make payment transactions safer and more reliable.
To better protect consumers and businesses.

Two of the most important changes are the introduction of Open Banking and strong customer authentication (SCA â€“ Strong Customer Authentication). With Open Banking, a regulated third party can gain digital access to a payments account after obtaining the account holder’s explicit consent. SCA â€“ or two-factor authentication â€“ increases the security of online transactions by requiring the payer to identify themselves using two different factors, for example, a unique personal smartphone and a fingerprint.

The European Commission has published a brochure on consumer rights under PSD2. More information about banking with PSD2 can be found at DNB.

Evaluation of PSD2

In 2022, the European Commission launched a comprehensive evaluation of PSD2. This consisted of an external study, a report by the European Banking Authority (EBA), and a public consultation. The Dutch Payments Association, together with its members, submitted a response to this consultation.

Key findings:

Consumers are at risk of online fraud and are losing confidence in online payments.
The open banking framework is not functioning adequately.
EU supervisors have inconsistent powers.
There is an uneven playing field between banks and non-bank payment service providers.

Based on this, the European Commission published proposals for PSD3 and PSR (Payment Services Regulation) in mid-2023.

PSR and PSD3

The Commission has chosen to split PSD2 into two parts:

PSD3: Directive on payment services and electronic money services.
PSR: Regulation on payment services.

Most of PSD2 falls under the PSR, which is directly applicable to member states in order to reduce differences in implementation.

The proposals aim to:

Strengthen consumer protection against online fraud.
Improve competition and innovation within open banking.
Ensure uniform enforcement and supervision in the EU.
Improve access to payment systems for non-bank payment service providers.

Key elements include:

Mandatory compensation for bank helpdesk fraud.
Adjustments to the open banking framework.
Transfer of large parts of PSD2 from directive to regulation.
Extension of rights for payment institutions.

The Dutch Payments Association has responded to the legislative proposals for PSR and PSD3 with the PSR/PSD3 task force (â€˜TFPSRâ€™) set up for this purpose.

See also our summary of the response to PSR/PSD3 Opent in een nieuw venster

Current status of the legislative proposals

After publication, the two co-legislators â€” the European Parliament and the Council of the European Union â€” determined their positions:

The European Parliament reached its position in April 2024 (ECON Committee).
The Council of the EU followed suit in June 2025.
In July 2025, the trilogue between Parliament, Council, and Commission commenced.

If proceedings go smoothly, this phase could be completed by the end of 2025.