New rules of the game in the payments sector-what will PSD3 and PSR bring?

The payment sector in the European Union is about to undergo one of the most significant reforms in its history. The new PSD3 Directive and the accompanying PSR Regulation are in the final stages of the legislative process, and their provisions will enter into force in 2026.

The changes will be systemic in nature- they will harmonise the rules for payment service providers and electronic money institutions, increase capital requirements, introduce new mechanisms for safeguarding client funds, and significantly enhance transaction security across the EU.

PSD3: a single regime for payment service providers and electronic money institutions in the EU

PSD3 further unifies regulations governing payment service providers (PIs) and electronic money institutions (EMIs), consolidating in a single directive the requirements that were previously divided between PSD2 and EMD2.

Key changes include the obligation to submit a “winding-up plan” with every new or renewed authorisation.

Additional requirements cover business continuity, operational security, data protection (including compliance with DORA), as well as detailed information on so-called passporting within the EU.

What are the new capital requirements?

PSD3 adjusts minimum capital requirements to reflect inflationary realities. A notable novelty is that payment initiation service providers (PISPs) and account information service providers (AISPs) will be allowed, instead of holding professional indemnity insurance, to meet the requirement through capital coverage.

What are the new mechanisms for protecting customer funds?

While the core safeguarding principles remain, PSD3 introduces additional mechanisms to mitigate concentration risk. A new option is to hold client funds in central bank accounts- provided the central bank justifies any refusal to open such an account.

Furthermore, service providers will be obliged to diversify safeguarding methods, for example by distributing funds across different financial institutions, and to notify the supervisory authority in advance of any material changes to safeguarding arrangements.

PSR introduces new safety standards- what will change?

The PSR forms part of the legislative package, introducing uniform rules for consumers and payment service providers-covering areas from open banking and consumer protection requirements to stronger coordination of supervision and enforcement. As a regulation, it will apply directly across the EU.

The announced changes include, among others:

• easier sharing of fraud-related information between providers.
• mandatory account and IBAN verification systems.
• improved transparency of ATM fees.
• expanded access for non-bank payment providers to EU payment systems.

When does PSD 3 come into effect?

Although the exact date of PSD3’s entry into force has not yet been set, it is expected that the final text will be adopted by the end of 2025, with Member States having 18 months to implement it into national law.

Payment service providers should already be conducting gap analyses and preparing for the new requirements, treating compliance as a strategic advantage in the competitive digital payments market. The new directive will enhance stability, security, and transparency in payment services, while enabling the development of innovative business models.

Prepare your company for PSD3 and PSR. It is worth it for fintech market participants to analyze the implementation consequences of the upcoming regulations today. Contact our team!