EBA’s No Action Letter on PSD2 and MiCAR
On 10 June 2025, the European Banking Authority (“EBA”) published a no action letter on the relationship between the PSD2 and MiCAR regarding the activity of transacting e-money tokens (“No Action Letter”). The No Action Letter contains
(i) regulatory recommendations to the European legislator to avoid double regulation of transfer services with e-money tokens by making adjustments in the upcoming PSD3 and PSR,
(ii) interpretative guidance to national supervisory authorities on when transactions with e-money tokens are (not) to be classified as payment services, and
(iii) a recommendation to national supervisory authorities not to apply PSD2 provisions to transfer services involving e-money tokens for a certain period of time (transitional period until 1 March 2026).
Background
E-money tokens are crypto-assets within the meaning of the Regulation on markets in crypto-assets (“MiCAR”). According to Article 3 (1) no. 7 MiCAR, an e-money token is a crypto asset whose value is intended to be stable by reference to the value of an official currency (e.g. EUR). E-money tokens are regulated in Title IV of MiCAR. Article 48 (2) MiCAR stipulates that e-money tokens are considered e-money. This means that e-money tokens fall under the definition of funds pursuant to Article 4 (25) PSD2.
This raises the question of whether services related to e-money tokens are regulated both under MiCAR and under EMD2 and PSD2, meaning that different supervisory regimes with different requirements would have to be observed for the same activity subject to authorisation.
MiCAR follows the approach of no double regulation! This is already evident from Article 2(4) MiCAR, according to which crypto-assets that are already regulated by other EU legal acts are not covered by MiCAR.
However, in the case of e-money tokens, there is an exception to the principle of no double regulation, as can be seen in the fiction rule in Article 48 (2) MiCAR.
The EU legislator has already recognised certain overlaps between supervisory regimes when it states in recital (93) MiCAR that services related to the transfer of e-money tokens may, under certain circumstances, be considered payment services under PSD2.
Recital (90) MiCAR explicitly states that some crypto-asset services (Art. 3 (1) No. 16 MiCAR), such as the custody and management of crypto-assets for customers (Art. 3 (1) No. 16 a), No. 17 MiCAR), could overlap with payment services within the meaning of PSD2.
However, it was unclear what this double regulation meant in individual cases, in particular whether certain services related to e-money tokens require PSD2 authorisation in addition to MiCAR authorisation (the BaFin answered this question in the affirmative in its guidance notice on crypto-asset services under MiCAR for the transfer of e-money tokens).
The EBA’s No Action Letter was preceded by a letter from the EU Commission requesting (i) that national supervisory authorities be advised to suspend the application of PSD2 to e-money tokens until PSD3 and the PSR come into force (so-called “No action”), and (ii) to provide regulatory recommendations to the European legislator with regard to e-money tokens.
Regulatory Recommendations to the European Legislator on the upcoming PSD3 and PSR
Option 1
EBA recommends that the European legislator (addressed to the Commission, Council and Parliament) amend or supplement MiCAR in the context of the legislative process on PSD3 and PSR to the extent that additional provisions from the payment regulation are included for services related to e-money tokens. EBA cites examples of regulations from consumer protection, security in payment transactions (SCA), regulations on own funds calculation, reporting of payment fraud, etc.
Option 2
If amendments to MiCAR are not possible or feasible, EBA recommends that special provisions for e-money tokens be included in PSD3/PSR to clarify the extent to which payment regulations also apply to e-money tokens.
As EBA’s fundamental objective is to avoid double regulation by MiCAR and PSD3/PSR, this option would lead to the unusual approach of requiring crypto asset service providers to consider provisions in PSD3/PSR without having to be authorised under PSD3/PSR. Under this option, EBA is critical of the fact that national supervisory authorities supervising MiCAR would also have to build up expertise in payment regulation. It is questionable whether this concern is justified, as in many countries the national supervisory authorities under MiCAR are already responsible for supervising PSD2 (e.g. BaFin).
Option 3
EBA advises against excluding e-money tokens from the scope of PSD3 and PSR. Such an exclusion would, among other things, cause confusion and distortions in the payment market and undermine consumer protection in relation to e-money tokens. Unfortunately, EBA does not mention that excluding e-money tokens from PSD3 and PSR at least practically eliminates the risk of regulatory rushes. After all, PSD3 and PSR are to be finalised quickly, which unfortunately carries the risk of rushes. EBA itself writes, for example, that the technical implementation of strong customer authentication (SCA) in the market was difficult and took years. It remains to be seen whether European legislators will be able to find practical regulations for complex issues such as SCA in such a short time.
It is to be welcomed that EBA has spoken out against the requirement for an additional payment licence and in favour of including payment institutions in the notification procedure pursuant to Art. 60 (4) MiCAR.
Furthermore, EBA recommends that European legislators clarify that the exchange of crypto assets for funds pursuant to Article 3 (1) no. 19 MiCAR and the exchange of crypto assets for other crypto assets pursuant to Article 3 (1) no. 20 MiCAR do not constitute payment services (see below).
Interpretation Guidance for National Supervisory Authorities
According to EBA, the transfer of crypto assets pursuant to Article 3 (1) no. 26 MiCAR is to be classified as a payment service under PSD2 if the transfer involves e-money tokens and the transfer is offered to and executed for customers.
This interpretation is consistent, as e-money tokens are funds under PSD2 (see above) and the transfer of funds for third parties traditionally constitutes the provision of a payment service.
The custody and administration of crypto assets pursuant to Art. 3 (1) no. 17 MiCAR are also to be classified as payment services if the crypto assets are e-money tokens.
The exchange of crypto assets for funds pursuant to Art. 3(1) no. 19 MiCAR and the exchange of crypto assets for other crypto assets pursuant to Art. 3 (1) no 20 MiCAR are not to be classified as payment services, even if e-money tokens are involved in the respective exchange.
The intermediation of purchases/sales of e-money tokens by crypto asset service providers also does not constitute a payment service.
Wallets that enable e-money tokens to be received from and sent to third parties should be classified as payment accounts under PSD2. However, national supervisory authorities should not “prioritise” the supervision and application of the Payment Accounts Directive (Directive 2014/92/EU, implemented in Germany by the Payment Accounts Lae), which is probably to be understood as “not applying”. After all, the provisions of the Payment Accounts Directive (e.g. offering basic accounts) are not fitting.
National supervisory authorities should apply a simplified procedure to providers of crypto-asset services applying for a payment or e-money licence, i.e. they should use data, information and documents already submitted as part of the MiCAR authorisation procedure and send each other updates on the information and documents available.
In the case of payment and e-money institutions applying for authorisation under MiCAR, national supervisory authorities should also apply a simplified procedure.
National supervisory authorities should apply the own funds requirements of MiCAR and PSD2 cumulatively, i.e. add them together (example: own funds for the respective crypto-asset service 125,000 euros + own funds for the respective payment service 125,000 euros = 250,000 euros). Furthermore, national supervisory authorities should refrain from imposing higher own funds requirements under Article 9 (3) PSD2 (due to the hybrid nature of the business models) and lower own funds requirements under Article 9 (2) PSD2 (unless circumstances justify this).
No Action
National supervisory authorities should not apply the following payment regulations, or should apply them only to a limited extent to payment services involving e-money tokens:
- The respective service providers are not obliged to disclose the exact amount of the fees incurred to customers if they cannot know this in advance in the case of on-chain transactions. However, service providers should inform customers of the fees incurred as soon as possible, and in any case before authorising the transaction.
- If the respective service providers are unable to provide information in advance about the duration of the transaction, customers should at least be informed of the estimated execution time.
- The provisions on missing customer identifiers pursuant to Art. 88 PSD2 do not apply.
- The SEPA Regulation (Regulation (EU) 260/2012) does not apply.
- The security requirements pursuant to Art. 10 PSD2, as Art. 70(1) MiCAR contain more specific provisions.
- The PSD2 rules on open banking shall not apply to crypto-asset service providers and crypto-asset transfer service providers.
The following payment rules shall not be applied or shall only be applied to a limited extent by national authorities until 2 March 2026:
- The rules (including the RTS) on SCA
- The provisions on fraud reporting should not be applied at all until 2 March 2026. After that date, only the data listed under the following headings of the Annex to the EBA Guidelines (EBA/GL/2018/05) should be reported: “6 – E-money payment transactions”, “6.1 – Of which via remote payment initiation channel”, “6.1.1 – of which authenticated via strong customer authentication”, “6.1.2 – of which authenticated via non-strong customer authentication”, “6.2 – Of which via non-remote payment initiation channel”, “6.2.1 – of which authenticated via strong customer authentication”, “6.2.2 – of which authenticated via non-strong customer authentication” and “Losses due to fraud per liability bearer”.
Furthermore, national supervisory authorities should only require providers of crypto-asset services (namely crypto-asset custodians and crypto-asset transfer service providers) that provide payment services in connection with e-money tokens to obtain authorisation under PSD2 from 2 March 2026.
Conclusion
The EBA’s No Action Letter is to be welcomed. It will at least temporarily remove legal uncertainty. National supervisory authorities (e.g. BaFin) must now indicate whether they will follow the EBA’s guidance or not (so-called “comply or explain” procedure). It remains to be seen whether BaFin will issue a compliance statement or take a different view from EBA. In the latter case, BaFin would have to explain its “deviation”.
Outlook
The Council of the EU has already responded. The recently published Council version of the PSD3 and PSR contains numerous changes to the previous Commission and ECON versions of the PSD3/PSR, including provisions on transfers with e-money tokens. We will report in detail on the Council version of the PSD3 and PSR in upcoming blog posts.
