PSD3

Third Payment Services Directive (PSD3) & Payment Services Regulation (PSR)

EU legislative process — finalization expected 2026; PSD2 remains in force until transposition

PSD3 is the European Union's overhaul of its payment-services framework, replacing the Second Payment Services Directive (PSD2) that has governed European payments, open banking and payment-institution licensing since 2018. Proposed by the European Commission in June 2023 alongside a directly-applicable Payment Services Regulation (PSR), the package tightens fraud and strong-customer-authentication rules, merges the e-money regime into the payments regime, and reworks open-banking data access.

For payment institutions, e-money issuers and fintechs operating in or into the EU, the PSD2→PSD3 transition will reshape licensing, safeguarding and API-access obligations. Because PSD3 is a directive, national transposition by member-state regulators will follow — which is where the practical compliance detail lands.

This page tracks PSD2/PSD3-related publications across the regulators RegAlert monitors — consultations, transposition measures, guidance and supervisory statements — updated the day they appear.

Replaces:
PSD2 (Directive (EU) 2015/2366) and the E-Money Directive
Proposed:
European Commission, June 2023 (with the PSR)
Status:
EU legislative process; national transposition to follow adoption
Who it affects:
Payment institutions, e-money issuers, banks, open-banking providers serving the EU

Email alerts for PSD3 updates

New circulars, rules and guidance — a digest in your inbox, same day.

Latest tracked documents (25)

2026-03-12

Royal Decree 736/2019 on the legal regime of payment services and payment institutions

Comision Nacional del Mercado de Valores

Spain

CNMV

2026-03-05

Proposed Payment Service Requirements Module

Central Bank of Bahrain

Bahrain

CBB

2026-01-01

Opinion on the end of the No-action Letter transition period

European Banking Authority

European Union

EBA

2026-01-01

Consolidated version of EBA amending Guidelines on ICT and security risk management

European Banking Authority

European Union

EBA

2025-07-28

FAQs on the Interplay between MiCAR and PSD2

Central Bank of Ireland

Ireland

CBI

2025-06-30

User Guide for Incident Reporting under DORA

Finanstilsynet Norway

Norway

NFSA

2025-05-28

Circular CSSF 25/893 on reporting of major ICT-related incidents and significant cyber threats under DORA

Commission de Surveillance du Secteur Financier

Luxembourg

CSSF

2025-01-01

Opinion on the interplay between PSD2 and MiCA in relation to crypto-asset service providers that transact electronic money tokens

European Banking Authority

European Union

EBA

2022-12-26

Bank of Israel Circular on Deferring Advanced Payment Services Directive

Bank of Israel

Israel

BOI

2022-10-20

Compliance with EBA Guidelines on the Equivalence of Confidentiality Regimes (EBA/GL/2022/04)

Autorite de Controle Prudentiel et de Resolution

France

ACPR

2022-05-18

CSSF Circular 22/812: Adoption of EBA Guidelines on Limited Network Exclusion under PSD2

Commission de Surveillance du Secteur Financier

Luxembourg

CSSF

2021-11-19

Implementation of the revised EBA guidelines on the notification of major incidents under Directive (EU) 2015/2366 (PSD2) (EBA/GL/2021/03)

Autorite de Controle Prudentiel et de Resolution

France

ACPR

2021-10-29

Communication of 29 October 2021: Implementation for Payment Service Providers of the Updated EBA Guidelines on Major Incident Reporting under PSD2 (EBA/GL/2021/03)

Banca d'Italia

Italy

BOI

2020-04-22

Regulation on the Application of the Guidelines on ICT and Security Risk Management

Banka Slovenije

Slovenia

BSI

2019-04-29

Bank of Slovenia Regulation on Application of EBA Guidelines on Complaint Procedures for PSD2 Infringements

Banka Slovenije

Slovenia

BSI

2019-03-14

CSSF Circular 19/712 — EBA Guidelines on Fraud Data Reporting under PSD2 Article 96(6)

Commission de Surveillance du Secteur Financier

Luxembourg

CSSF

2018-12-18

Implementation of EBA Guidelines on fraud data reporting requirements under Article 96(6) of Directive (EU) 2015/2366 (EBA/GL/2018/05)

Autorite de Controle Prudentiel et de Resolution

France

ACPR

2018-12-14

PS19/26: Brexit - Regulatory Technical Standards for Strong Customer Authentication and Common and Secure Open Standards of Communication

Financial Conduct Authority

United Kingdom

FCA

2018-05-17

Addendum to Consumer Protection Code 2012 - May 2018

Central Bank of Ireland

Ireland

CBI

2018-03-06

Implementation of EBA Guidelines on Major Incident Reporting under PSD2 (EBA/GL/2017/10)

Autorite de Controle Prudentiel et de Resolution

France

ACPR

2018-03-01

CP18/6: Quarterly Consultation Paper No 20

Financial Conduct Authority

United Kingdom

FCA

2018-02-27

Implementation of EBA Guidelines on security measures for operational and security risks related to payment services under Directive (EU) 2015/2366 (PSD2) (EBA/GL/2017/17)

Autorite de Controle Prudentiel et de Resolution

France

ACPR

2017-11-30

CP17/39: Quarterly Consultation Paper No 19

Financial Conduct Authority

United Kingdom

FCA

2017-08-31

CP17/32: Quarterly Consultation Paper No 18

Financial Conduct Authority

United Kingdom

FCA

2010-01-01

Regulations and general guidelines governing payment institutions and registered payment service providers

Finansinspektionen

Sweden

FI