PSD2 vs. PSD3: Challenges and Opportunities to Consider
PSD2 vs PSD3 Regulations

Comparing PSD2 with PSD3 Regulations Specifics: What to Expect and How to Get PSD3-Ready?

Most everyday transaction processing, provision of banking services, and the operation of fintech businesses in the EU rely on PSD2 compliance. In 2023, the European Commission presented a third payment services directive – PSD3. Now, businesses in the financial industry have to adapt to the new Directive that will likely translate into actual law in the near future.

In this article, you’ll discover more about the key changes brought by PSD3, differences to PSD2 compliance, and how businesses should prepare for the advent of PSD3.

What is PSD3?

The story of the Payment Service Directive (PSD) began in 2007, when it was released to regulate payment services within the EU. Later, in 2016, PSD2 was introduced and came into force by January 2018. The second edition of the Directive aimed to improve efficiency, security, and consumer protection in the payments landscape.

A few years later, on June 28, 2023, the European Commission (EC) published new legislative proposals for PSD3, an enhanced and updated version of PSD2, and a Payment Services Regulation (PSR) that will regulate all activities of payment service providers (PSPs) across the EU. PSD3, as an EU Directive, must be implemented into the national laws of the EU Member countries. At the same time, PSR, as an EU Regulation, will directly apply across all EU Member countries without any interpretation or adapting to national laws.

The new regulations could be finalized by 2025 and fully come into force in 2026. Most financial organizations are now undergoing digital transformation, and it makes sense to adapt all current enhancements to the future PSD3 regulations as far as possible.

PSD2 vs. PSD3: The Key Changes

PSD3 represents a substantial upgrade from its predecessor, PSD2. It broadens and builds upon the foundation established by PSD2. The European Commission seeks to introduce new concepts to involve previously overlooked stakeholders.

Key Parties Affected by the PSD3 Proposal

PSD2 introduced Strong Customer Authentication (SCA) for secure payments. It also encouraged standardized communication interfaces (APIs) for third-party access and enhanced customer rights and competition. PSD3 merges payment and e-money frameworks and allows non-banks to access payment systems. It also refines the Open Banking (OB) framework. In general, PSD3 enhances and strengthens regulations for payment services within the EU, expanding certain areas:

PSD2 vs PSD3 + PSR




Scope of regulated entities

Focused on creating a more integrated and efficient European payments market, improving competition by opening the banking sector to new entrants (third-party providers or TPPs), and enhancing consumer protection and security.

Expected to broaden the regulatory scope even further, potentially covering areas not fully addressed by PSD2, like cryptocurrency, blockchain technology, digital currencies, and other emerging innovations.

Customer protection

Introduced Strong Customer Authentication (SCA) and secure communication standards to protect consumers against fraud and unauthorized payments.

Aims to introduce stricter requirements for transparency, particularly regarding terms and fees of payment services. Consumers may obtain more substantial rights to dispute resolutions.

Security measures

Laid the groundwork for improving digital payment security through SCA and secure open APIs for data sharing between banks and 3rd-party providers.

Might push security measures further by more sophisticated security requirements to combat evolving cyber threats (enhanced data protection standards, more rigorous access controls, mandatory reporting of cybersecurity incidents, etc.)

Open Banking & data sharing

Significantly streamlined the use of   open banking in Europe, mandating banks to provide access to their customers’ account data (under customer’s consent) to third-party providers.

Can expand the open banking framework with additional data sharing requirements and standardize APIs across a broader spectrum of financial services.

Sustainability & social responsibility

No regulations provisioned

Might incorporate elements to address environmental sustainability and social responsibility in the financial sector. It could involve guidelines for sustainable finance practices and the promotion of financial products that support environmental and social goals.

Innovation and Competition

Encouraged new players (FinTechs) alongside traditional providers

Aims to foster innovation while maintaining stability.

The proposed implementation of PSD3 has yet to be confirmed and officially scheduled. As of now, it remains a legislative proposal. Once approved, the implementation timeline will be determined by the relevant authorities. Some existing and upcoming regulations are moved from the PSD directive to the PSR regulation which automatically comes into force in all EU member states when announced.

Due to the complexity of the regulations and their impact on the technology and the business landscape of the banks, it is important to monitor the development of the PSD3 proposal and plan changes accordingly. Monitoring the regulation development and understanding forthcoming challenges will reduce the risks of missing regulatory deadlines.

Opportunities and Considerations for Financial Organizations Facing PSD3

PSD3 aims to create a more consistent regulatory environment by amending and replacing certain parts of PSD2. This standardization will provide banks and other stakeholders with clarity and predictability, streamlining compliance efforts.

The upcoming changes to the legal framework imply both challenges and opportunities for financial institutions. Here are the main aspects to consider:

Level Playing Field

PSD3 addresses the need for a level playing field between non-bank payment providers and traditional banks. It grants payment and e-money institutions the right to access settlement infrastructures across the EU directly. Banks can leverage this access to enhance their services.

OPPORTUNITY: Banks can extend their cooperation with FinTechs, which may lead to a broader market approach. It requires investments in technical infrastructure and organizational changes to use this opportunity for growth.  

Enhanced Security and Fraud Prevention

With Strong Customer Authentication (SCA) in action, fraud remains a critical concern. In 2023, nearly 60% of banks, credit unions, and FinTechs lost over 500K EUR/USD in direct fraud losses. PSD3 is aimed to enhance payment security and transparency by adopting validation similar to the “confirmation of payee” used in the UK. This name-checking service assures the money is sent to the intended recipient. Other improvements include a liability model for cases of authorized push payment (APP) fraud and transaction monitoring to facilitate SCA application.

OPPORTUNITY: Banks can leverage these security enhancements to build trust with customers by providing secure financial transactions. With more investment into security and transaction monitoring forced by PSD3, banks will be able to achieve lower transactional risks and therefore, potential losses due to fraud.

Open Banking Evolution

PSD3 emphasizes enhancing consumer access and usability in open banking. The performance and availability will be improved through detailed API specifications (e.g., permissions dashboard). Banks can benefit from wider data access (under the Financial Data Access (FDA) regulation) and cross-border innovation.

OPPORTUNITY: Banks can integrate account information services into their processes such as credit scoring based on the customer’s payment history or currency account opening. They get opportunities to capture market share through innovating customer-centric solutions, personalization, and a wider range of services. Read more about the role of APIs in extending banking capabilities.

Steps to PSD3-Readiness

To stay ahead of the curve, banks, financial institutions, and payment processors are advised to explore ways to adapt their systems as soon as the PSD3 goes through all the necessary legislative procedures within the member countries.

PSD3 Preparation Framework

The steps to PSD3-readiness are the following:

  • Compliance: Stay up to date with evolving PSD3 compliance requirements and review current contracts for PSD3 impact assessment. Monitor the process of legislation development and changes to PSD3 and PSR proposals.
  • Gap analysis: Assess the current processes, infrastructure, and performance to identify the changes to be done. They may include changes to the business model, collaboration with partners, IT infrastructure, operations, and all other aspects that may be affected by the upcoming regulations.
  • Business impact analysis: Assess business opportunities that your organization can get from implementing the regulation. Define the priority use cases and necessary changes to enable them.
  • Develop a plan for further improvements with proper tech stack and selected solutions.
  • Implement the changes.
  • Conduct appropriate testing to ensure the implemented changes function correctly. Some changes like open banking or other partnering services, should be tested together with the third parties involved.
  • Deploy all improvements into the production environment and keep your business aligned with all regulatory updates to address them timely.

While no final PSD3 and PSR versions have been approved, now is the right time to prepare for the upcoming changes. If your financial business undergoes digital transformation and modernization, it is more than reasonable to align the advancements with the upcoming PSD3/PSR requirements.


The evolution from PSD2 to PSD3 marks significant improvements in regulating payment services across the European Union, covering areas that lacked regulation before (e-money, blockchain, and others). While new regulations are aimed to positively impact the financial industry, adapting to changes and maintaining PSD3 compliance can be stressful and resource-consuming for business.

Infopulse helps financial institutions to undergo this transition smoothly and effectively. Banking & Finances are one of our primary focus industries, where we have rich experience in architecture modernization, inspection and compliance management, custom development acceleration, cybersecurity, and other related services.

Getting PSD3-ready inevitably involves changes in your current tech solutions, even if they comply with PSD2. And those built around APIs, should be properly managed, documented, and standardized. Infopulse engineers are ready to help you get well-prepared for the official PSD3 and PSR release and achieve all advancements without interrupting your operations.

Transform PSD3 Regulatory Challenges into Opportunities for Growth

Consult Infopulse experts for smooth, secure, and strategic transformation towards PSD3 compliance.

Get in Touch

About the Author

Jaroslaw Augustowski has over 25 years of experience in the financial services industry managing strategy, sales, product development, and operations as well as project management units for banks, leasing companies, insurance, and fintech. He has expertise in CRM, customer service, back office, and financial services technology. Jarek focuses on helping financial services companies deliver business goals through digital transformation and implementation of technology solutions to improve the organization's effectiveness.
Jarek Augustowski

Jaroslaw Augustowski

Financial Services Solution Advisor

Next Article

We have a solution to your needs. Just send us a message, and our experts will follow up with you asap.

Please specify your request

Thank you!

We have received your request and will contact you back soon.