Skip to main content
NormaGrid

Payment Services Regulation (PSR)

In process Finance Proposed Regulation

AI-assisted content notice: this page includes AI-assisted summaries, FAQs, and glossary entries prepared for navigation purposes. Verify the underlying legal text before relying on this content.

Summary

The Payment Services Regulation (PSR) is a legislative proposal intended to modernise and replace key parts of the EU framework for payment services, alongside a revised Payment Services Directive (PSD3). It aims to strengthen consumer protection and security (including fraud prevention), improve access to payment systems and accounts for payment institutions, and enhance the functioning of open banking. The proposal also seeks to harmonise rules across Member States by using a directly applicable regulation for core requirements.

Who is affected?

Payment service providers (including banks, payment institutions and e-money institutions), account servicing payment service providers (ASPSPs), payment initiation and account information service providers, merchants, and payment service users/consumers. National competent authorities and payment system operators are also affected through supervision and access requirements.

Scope

Applies to the provision and use of payment services in the EU, setting directly applicable rules on security, fraud prevention, transparency and certain operational/access requirements for payment service providers and related actors.

Key Points

  • Reinforces security and anti-fraud measures for electronic payments (including stronger requirements around authentication and fraud mitigation).
  • Strengthens consumer rights and transparency obligations for payment services, including information requirements and protections in case of unauthorised transactions.
  • Improves open banking by clarifying rules for access to payment accounts and the functioning of interfaces used by third-party providers.
  • Addresses access of non-bank payment service providers to payment systems and to bank accounts/services needed to provide payment services, subject to safeguards.
  • Moves key PSD2 rules into a directly applicable regulation to reduce divergent national implementation and improve harmonisation across the EU.

Key Deadlines

  • — Commission proposal published
  • — Committee referral announced in Parliament
  • — Committee referral announced in Parliament, 1st reading
  • — Vote in committee, 1st reading
  • — Committee report tabled for plenary, 1st reading
  • — Parliament plenary vote, 1st reading

Related Regulations

Frequently Asked Questions

Who must comply with the Payment Services Regulation (PSR)?

The PSR applies to payment service providers such as banks, payment institutions, e-money institutions, account servicing payment service providers (ASPSPs), payment initiation and account information service providers, as well as merchants and payment service users. National competent authorities and payment system operators are also impacted through supervisory and access obligations.

What is the scope of the PSR?

The PSR covers the provision and use of payment services within the EU. It sets directly applicable rules on security, fraud prevention, transparency, and operational/access requirements for payment service providers and related actors.

What are the key obligations for payment service providers under the PSR?

Key obligations include implementing enhanced security and anti-fraud measures, ensuring transparency and consumer protection (such as clear information and liability rules), facilitating open banking access, and complying with harmonised operational requirements. Providers must also ensure fair access to payment systems and accounts.

How does the PSR strengthen consumer protection?

The PSR introduces stronger requirements for transparency, such as clearer information on fees and rights. It also enhances consumer rights in cases of unauthorised transactions and ensures that users are better protected against fraud and misuse.

What are the penalties for non-compliance with the PSR?

Penalties for non-compliance will be determined and enforced by national competent authorities, but may include administrative fines, restrictions on activities, or withdrawal of authorisation. The regulation aims to ensure effective, proportionate, and dissuasive sanctions across the EU.

How does the PSR interact with the revised Payment Services Directive (PSD3)?

The PSR is intended to work alongside PSD3, with the regulation containing directly applicable rules for core requirements, while PSD3 will address areas requiring national implementation. Together, they modernise and harmonise the EU payment services framework.

What are the timelines for compliance with the PSR?

As the PSR is currently a legislative proposal, the exact compliance timelines will be set once the regulation is formally adopted. Typically, there will be a transition period before the rules become fully applicable.

How does the PSR address open banking?

The PSR clarifies and strengthens rules for access to payment accounts by third-party providers, ensuring secure and efficient interfaces. It aims to facilitate innovation and competition while maintaining high security standards.

What practical steps should payment service providers take to prepare for the PSR?

Providers should review and update their security and fraud prevention measures, enhance transparency and consumer information processes, and ensure systems are ready for open banking requirements. Engaging with legal and compliance experts to monitor legislative developments is also recommended.

How does the PSR improve harmonisation across the EU?

By moving key rules from the directive (PSD2) into a directly applicable regulation, the PSR reduces the scope for divergent national implementation. This ensures a more consistent regulatory environment for payment services across all Member States.

Key Terms

Payment Service Provider (PSP)
An entity authorised to provide payment services, including banks, payment institutions, and e-money institutions.
Account Servicing Payment Service Provider (ASPSP)
A provider that offers and maintains payment accounts for users, enabling them to execute and receive payment transactions.
Payment Initiation Service Provider (PISP)
A third-party provider that initiates payment transactions on behalf of a user from their bank or payment account.
Account Information Service Provider (AISP)
A third-party provider that accesses and aggregates information from a user's payment accounts, with the user's consent.
Strong Customer Authentication (SCA)
A security process requiring two or more independent authentication elements to verify the identity of a payment service user.
Open Banking
A framework that allows third-party providers to access payment account data and initiate payments, fostering innovation and competition.
Fraud Mitigation
Measures and processes aimed at detecting, preventing, and responding to fraudulent payment activities.
Transparency Obligations
Requirements for payment service providers to clearly inform users about fees, terms, and their rights and obligations.
Access to Payment Systems
The right of payment service providers to participate in payment systems, subject to objective, proportionate, and non-discriminatory criteria.
Directly Applicable Regulation
A legislative act that becomes law in all EU Member States simultaneously, without the need for national transposition.