On June 23, 2023, the European Commission published drafts for no less than three regulations and one directive that are of elementary importance for the payment industry.
Table of Contents
The drafts in detail
Payment Services Directive 3 (hereinafter “PSD3“)
Payment Services Regulation (hereinafter “PSR”)
Financial Data Access Regulation (hereinafter “FDA Regulation”)
This article is the kick-off of our “PSD3 & Co.” series on PayTechLaw with articles on PSD3, PSR, FDA Regulation and Digital Euro Regulation.
On PayTechLaw, we will present PSD3/PSR and FDA Regulation and Digital Euro Regulation in more detail in the next articles. After that, on PayTechLaw, we will focus in detail on individual topics from PSD3/PSR, FDA Regulation and Digital Euro Regulation and their impact on practice.
Before the official release of the drafts, leaked versions of the drafts circulated. We noticed that the leaks are not completely congruent with the official proposals. Therefore, work with the official documents in any case.
The path to PSD3 and the PSR – payment services and e-money business
As the name PSD3 implies, there have been PSD1 and PSD2 before PSD3.
PSD1, issued on November 13, 2007 created initial harmonization in the area of payment services. This directive was supplemented by the E-Money-Directive, issued on September 16, 2009, which established rules for the operation of e-money business throughout Europe.
PSD1 was superseded by PSD2, which entered into force on November 25, 2015. In particular, PSD2 introduced the obligation for banks to provide other market participants with access to payment accounts held for their customers and regulated these new market participants as payment initiation services and/or account information services.
PSD1 and PSD2 were both EU directives. An EU directive does not have any direct legal effect in the individual member states, but requires a legislative act to implement it in the respective national legal system. The EU legislator obliges the individual member states to implement the respective directive by a specified date. For example, PSD2 provided for an implementation deadline of January 2018 and for the regulations on strong customer authentication by September 2019. In Germany, the regulatory requirements of PSD2 and the E-Money Directive were essentially regulated in the Payment Services Supervision Act (Zahlungsdiensteaufsichtsgesetz, ZAG) and the civil law part essentially in the Civil Code (Bürgerliches Gesetzbuch, BGB).
The present proposal of the EU Commission is preceded by an intensive and complex review process. For example, on May 10, 2022, the EU Commission launched two consultations on the review of PSD2, which were completed in August 2022. In particular, on June 23, 2022, the European Banking Authority (EBA) published an opinion in this review process (see our PayTechLaw-Article of June 29, 2022).
The EU Commission is now taking a different approach and distributing the PSD2 and E-Money Directive regulations via PSD3 as an EU directive and PSR as an EU regulation. Unlike an EU directive, an EU regulation is directly applicable in the individual member states.
Objectives of the PSD3 und the PSR
This approach follows from the objectives pursued by the PSD3 and the PSR. The European Commission would like to achieve greater harmonization in the area of payment services, which is why the PSD3 as a directive has been supplemented by the PSR as a regulation.
The PSD3 regulates the granting of licenses and the regulatory requirements for payment institutions. In the future, the term “payment institutions” will also include institutions that conduct e-money business. The category of “e-money institution” will no longer apply.
The PSR regulates the transparency and information requirements for all categories of payment service providers (in particular, credit institutions and payment institutions), as well as the rights and obligations of all categories of payment service providers, on the one hand, and payment service users, on the other, when providing payment services and e-money services.
The PSD3 and PSR thereby replace both the PSD2 and the E-Money Directive.
Somewhat surprisingly, the PSD3 and PSR proposals do not include specific regulations on stablecoins (e-money tokens and asset-referenced tokens). While stablecoins are subject to the MiCAR regulations, services related to stablecoins may also constitute payment services and thus be subject to the PSD3 and PSR regulations. However, the indiscriminate application of the PSD3 and PSR regulatory framework to payment services related to stablecoins could face practical difficulties (e.g., the strong customer authentication rules). It remains to be seen whether this will change in the upcoming legislative process.
What’s next for the PSD3 und PSR?
The PSD3 and PSR have been proposed by the EU Commission and will now enter the regular EU legislative procedure with the participation of the European Parliament and the Council of the European Union.
The procedure ends with the publication of the PSD3 and PSR in the Official Journal of the European Union, and the PSD3 and PSR formally enter into force 20 days after publication. The provisions of the PSD3 and PSR will then apply after 18 months from the date of entry into force.
To the extent provided for in the PSD3 and PSR, the EU Commission and the EBA will issue implementing regulations in the form of delegated regulations or interpretative notes in the form of guidelines on individual provisions of the PSD3 and PSR.
FDA Regulation
The FDA regulation creates – long expected – a legal framework for access and use of financial data beyond payment account data. This includes, for example, data on savings accounts or insurance products.
Customer dashboards to manage access authorization to financial data will become mandatory, as will membership in financial data sharing systems for data holders. In addition to the existing account information service (which is regulated in PSD3 and PSR), the financial information services provider service, which is subject to authorization, will be created.
The FDA Regulation is also an EU regulation that is directly applicable in the respective member state.
As with PSD3 and PSR, the FDA Regulation will go through the further European legislative process involving the EU Parliament and the Council of the European Union and will enter into force 20 days after publication in the Official Journal of the European Union. Parts of the FDA regulation are to apply 18 months after the FDA Regulation comes into force, and the FDA Regulation as a whole 24 months after publication.
You can find a more detailed overview in one of the next articles in the series “PSD3 & Co.” at PayTechLaw.
Digital Euro Regulation
The new Digital Euro Regulation represents a major step toward the digital euro.
The declared aim is to create the legal framework for the introduction of a digital euro. As a supplement to cash, the digital euro is intended to enable payments in the retail market as an alternative to classic payment methods in euros.
The FDA Regulation is also an EU regulation that is directly applicable in the respective member state.
You will find a more detailed overview in one of the next articles in the series ” PSD3 & Co.” at PayTechLaw.