Third Payment Services Directive (PSD3) & Payment Services Regulation (PSR)
EU legislative process — finalization expected 2026; PSD2 remains in force until transposition
PSD3 is the European Union's overhaul of its payment-services framework, replacing the Second Payment Services Directive (PSD2) that has governed European payments, open banking and payment-institution licensing since 2018. Proposed by the European Commission in June 2023 alongside a directly-applicable Payment Services Regulation (PSR), the package tightens fraud and strong-customer-authentication rules, merges the e-money regime into the payments regime, and reworks open-banking data access.
For payment institutions, e-money issuers and fintechs operating in or into the EU, the PSD2→PSD3 transition will reshape licensing, safeguarding and API-access obligations. Because PSD3 is a directive, national transposition by member-state regulators will follow — which is where the practical compliance detail lands.
This page tracks PSD2/PSD3-related publications across the regulators RegAlert monitors — consultations, transposition measures, guidance and supervisory statements — updated the day they appear.
Royal Decree 736/2019 on the legal regime of payment services and payment institutions
Spain
CNMV
Proposed Payment Service Requirements Module
Bahrain
CBB
Opinion on the end of the No-action Letter transition period
European Union
EBA
Consolidated version of EBA amending Guidelines on ICT and security risk management
European Union
EBA
FAQs on the Interplay between MiCAR and PSD2
Ireland
CBI
User Guide for Incident Reporting under DORA
Norway
NFSA
Circular CSSF 25/893 on reporting of major ICT-related incidents and significant cyber threats under DORA
Luxembourg
CSSF
Opinion on the interplay between PSD2 and MiCA in relation to crypto-asset service providers that transact electronic money tokens
European Union
EBA
Bank of Israel Circular on Deferring Advanced Payment Services Directive
Israel
BOI
Compliance with EBA Guidelines on the Equivalence of Confidentiality Regimes (EBA/GL/2022/04)
France
ACPR
CSSF Circular 22/812: Adoption of EBA Guidelines on Limited Network Exclusion under PSD2
Luxembourg
CSSF
Implementation of the revised EBA guidelines on the notification of major incidents under Directive (EU) 2015/2366 (PSD2) (EBA/GL/2021/03)
France
ACPR
Communication of 29 October 2021: Implementation for Payment Service Providers of the Updated EBA Guidelines on Major Incident Reporting under PSD2 (EBA/GL/2021/03)
Italy
BOI
Regulation on the Application of the Guidelines on ICT and Security Risk Management
Slovenia
BSI
Bank of Slovenia Regulation on Application of EBA Guidelines on Complaint Procedures for PSD2 Infringements
Slovenia
BSI
CSSF Circular 19/712 — EBA Guidelines on Fraud Data Reporting under PSD2 Article 96(6)
Luxembourg
CSSF
Implementation of EBA Guidelines on fraud data reporting requirements under Article 96(6) of Directive (EU) 2015/2366 (EBA/GL/2018/05)
France
ACPR
PS19/26: Brexit - Regulatory Technical Standards for Strong Customer Authentication and Common and Secure Open Standards of Communication
United Kingdom
FCA
Addendum to Consumer Protection Code 2012 - May 2018
Ireland
CBI
Implementation of EBA Guidelines on Major Incident Reporting under PSD2 (EBA/GL/2017/10)
France
ACPR
CP18/6: Quarterly Consultation Paper No 20
United Kingdom
FCA
Implementation of EBA Guidelines on security measures for operational and security risks related to payment services under Directive (EU) 2015/2366 (PSD2) (EBA/GL/2017/17)
France
ACPR
CP17/39: Quarterly Consultation Paper No 19
United Kingdom
FCA
CP17/32: Quarterly Consultation Paper No 18
United Kingdom
FCA
Regulations and general guidelines governing payment institutions and registered payment service providers
Sweden
FI