PSD3

What's new in PSD3 vs PSD2?

Good question – PSD3 is actually a double legislative act (PSD3 + PSR), and the differences to PSD2 are more structural than they might first appear. Let me walk through the key changes.

PSD3 vs. PSD2: The Key Differences

1. Legislative Architecture: Two Acts Instead of One

The most important structural change is that the European Commission split the single PSD2 directive into two separate instruments:

  • PSD3 – a Directive (Richtlinie), which EU Member States must transpose into national law. In Germany, this means the ZAG (Zahlungsdiensteaufsichtsgesetz) will be revised.
  • PSR – a Regulation (Verordnung), which applies directly without national implementation.

The logic behind this split: conduct-of-business rules affecting consumers and payment service providers go into the PSR (directly applicable, harmonized across the EU), while authorisation and supervisory rules stay in the Directive. This reduces the fragmentation that PSD2 created through divergent national transpositions.

2. Open Banking – Finally Fixed

PSD2's Open Banking provisions were famously underdelivering. Banks built APIs that were technically compliant but practically unusable. PSD3/PSR addresses this head-on:

  • Mandatory API quality standards – dedicated interfaces must meet minimum performance requirements; regulators can mandate improvements.
  • No more "fallback" tricks – the loophole where banks could avoid maintaining functional APIs by having a fallback interface is significantly tightened.
  • Data access for more PSPs – payment service providers get clearer and broader rights to access payment account data.
  • Dashboard requirements – consumers must have access to a centralised permission dashboard to manage all active third-party access.

This is also the foundation on which FiDA (Financial Data Access) builds for Open Finance – the articles in the knowledge base note that PSD3 was published as part of the same Digital Finance Package as FiDA in June 2023.

3. Fraud Liability – APP Fraud Rules

Under PSD2, liability for Authorised Push Payment (APP) fraud – where a customer is tricked into initiating a transfer themselves – typically fell entirely on the customer. PSD3/PSR changes this:

  • PSPs are required to share liability in cases of APP fraud, particularly where the bank failed to flag suspicious transactions.
  • Verification of Payee (VoP) – IBAN-name verification is now a formal requirement. This was already introduced via the Instant Payments Regulation (IPR, Verordnung (EU) 2024/886) for SCT Inst by October 2025, and PSD3/PSR embeds it permanently in the payment services framework.
  • Banks that fail to warn customers about suspected fraud or fail to apply adequate transaction monitoring can be held jointly liable.

4. Strong Customer Authentication (SCA) – Refined

PSD2's SCA regime created significant friction in e-commerce and was applied inconsistently. PSD3/PSR:

  • Clarifies and harmonises SCA exemptions – the rules for low-value transactions, recurring payments, and trusted beneficiaries become more consistent across jurisdictions.
  • Introduces explicit provisions for SCA for corporate payments, addressing long-standing ambiguities.
  • Non-bank PSPs gain clearer rules on how they can delegate SCA to account-servicing payment service providers (ASPSPs).

5. Access to Accounts and Payment Infrastructure

A recurring frustration under PSD2 was that non-bank PSPs (EMIs, PIs) often struggled to get or maintain bank accounts. PSD3/PSR:

  • Gives payment institutions and e-money institutions a right to access credit institutions' payment accounts – banks can no longer refuse on purely commercial grounds without objective justification.
  • Access to central bank systems – PSR includes provisions enabling non-bank PSPs to access payment systems operated or overseen by central banks more directly. This has practical implications for the digital euro scenario as well.

6. Harmonised Authorisation and Passporting

PSD3 streamlines the authorisation framework:

  • Single EU authorisation – passporting rules are clarified, reducing the need for duplicative registrations across Member States.
  • Clearer distinction between electronic money institutions (EMIs) and payment institutions (PIs), with proportionate requirements for smaller players.

7. Consumer Protection and Transparency

  • Stricter rules on value dating and fund availability.
  • Enhanced refund rights for direct debits.
  • Clearer information requirements around IBAN discrimination – prohibiting payment service providers from rejecting IBANs from other Member States.
  • Stronger provisions around complaint handling and access to alternative dispute resolution.

Timeline and Status (as of early 2026)

Milestone Status
Commission proposal (COM(2023)366/367) June 2023 – published
European Parliament & Council trilogue Completed
PSD3 transposition deadline ~Q1–Q2 2026
PSR direct applicability Aligned with PSD3 deadline
ZAG revision (Germany) In progress

The Regulatory Outlook article from schablitzki-consulting.de confirms the PSD3/PSR package as one of the highest IT-impact regulatory workstreams for Retail Banking & Payments in 2026, with a regulatory pressure score of 62 and an IT impact score of 82 – reflecting that the operational and systems changes are substantial even if the political urgency is moderate compared to DORA or the AI Act.

Practical Implication: What Changes Operationally

Institutions with significant payments businesses need to focus on:

  1. API infrastructure – upgrade dedicated interfaces to meet the new quality thresholds.
  2. Fraud detection and VoP integration – the liability shift for APP fraud demands more sophisticated transaction monitoring and warnings infrastructure.
  3. Data pipelines for Open Banking – the IPR-induced investment in structured payment data (ISO 20022, XBRL reporting) directly feeds into PSD3 compliance readiness.
  4. ZAG revision tracking – for German institutions, the national transposition into the revised ZAG will determine the precise domestic compliance requirements.

Sources