PSD2
PSD2 (Directive (EU) 2015/2366) is the EU's core legal framework regulating payment services and payment service providers across the EU and EEA. It replaced the original Payment Services Directive (2007/64/EC) and establishes harmonised rules for licensing, supervision, conduct and transparency of payment services, while mandating strong security measures and consumer protections to support an integrated European payments market.
PSD2 applies to most electronic payment services - credit transfers, direct debits, card payments and certain mobile and online payments - where at least one payment service provider is located in the EU/EEA, and in some cases to "one-leg-out" and non-EU-currency transactions. As an EU directive, each Member State transposes it into national law and enforces it via national competent authorities, supported by EBA technical standards and guidelines.
Key Regulatory Features
Licensing and supervision. PSD2 sets a licensing regime for payment institutions and other payment service providers, including two new categories: payment initiation service providers (PISPs) and account information service providers (AISPs) - the legal foundation for open banking.
Strong customer authentication (SCA). PSD2 mandates strict security requirements for electronic payments, requiring multi-factor authentication to reduce fraud and protect consumers' financial data. SCA applies to online payments, contactless transactions above thresholds, and account access by third-party providers.
Consumer protection and transparency. The directive codifies transparency rules for fees and conditions, sets liability rules for unauthorised transactions (with liability generally falling on the provider unless the user acted fraudulently or with gross negligence), and strengthens consumer redress mechanisms.
Why It Matters for Digital Assets
| Area | PSD2 Relevance | MiCA Interaction |
|---|---|---|
| Stablecoin Issuers | E-money stablecoins were regulated under EMD2/PSD2 before MiCA | MiCA Title III/IV now governs ARTs and EMTs directly |
| Crypto-Fiat On/Off Ramps | Fiat payment leg of crypto transactions falls under PSD2 | Dual licensing may be required (CASP + payment institution) |
| Open Banking APIs | PSD2 mandates bank account access for licensed third parties | Enables crypto platforms to integrate bank payment rails |
| SCA Requirements | Applies to fiat-side of crypto purchases via payment services | MiCA does not replicate SCA - PSD2 remains the standard |
PSD2 to PSD3: What Is Changing
The European Commission proposed PSD3 and the Payment Services Regulation (PSR) in June 2023 to replace PSD2. Key changes include converting parts of the directive into a directly applicable regulation (eliminating transposition differences between Member States), strengthening SCA rules, expanding open banking to "open finance", and tightening fraud liability rules. PSD3/PSR is expected to apply from 2026-2027, and digital asset firms operating payment services in the EU will need to track implementation timelines closely.
Why It Matters
PSD2 is the foundational payment regulation that any digital asset firm touching fiat payments in Europe must comply with. Before MiCA took effect, e-money licences under the PSD2/EMD2 framework were the primary route for stablecoin issuers and crypto exchanges to operate legally in the EU. Even post-MiCA, PSD2 governs the fiat payment leg of crypto transactions, and firms offering crypto-fiat conversion services may need both a CASP licence and a payment institution authorisation. The transition to PSD3/PSR will further reshape the compliance landscape for any firm operating at the intersection of payments and digital assets.
Browse all Regulation terms
Related Terms
Found this definition useful? Share it.