PAYMENTS UNPACKED
PSD1, PSD2, PSD3: 15 years of EU legislation in a nutshell
W
ho, at the beginning of the 2000s, could offer payment services in the European Union? At that time, it was extremely difficult to answer the question. Companies which provide payment services could fall under extremely different legal requirements from one member state to another. In some countries, one company needed to require authorisation. In others, the same activity would require to become a credit institution, obtain an electronic money institution (EMI) licence, a dedicated licence… or no authorisation at all. In 2007, the EU ended this and harmonised the law across the continent with the first Payment Services Directive (PSD1). Choice of a directive In EU laws, two key terms often appear: “directives” and “regulations.” These are important tools that the EU uses to make and enforce laws, but they work in slightly different ways. Directives are like guidelines that the EU gives to its member countries. When the EU issues a directive, it tells each country what the end goal or result should be. However, it leaves the specific details of how to achieve that goal up to each country’s own laws and government. So, member countries have some flexibility in implementing these rules, as long as they achieve the intended outcome. On the other hand, regulations are more like strict, one-size-fits-all rules. When the EU passes a regulation, it becomes the law in every member country, and each country has to apply it exactly as written. There is less room for individual interpretation or adjustment. One of the main advantages of the directive is that the European legislator does not have to think about every single
38
payment institution that may be affected by the new text. Each country can adapt the legislation to its own specific payment landscape. On the flip side, the lack of standardisation of the rules on the dayto-day retail payments scope can be challenging, as discussed below. PSD1: Foundation for a single European retail payments market PSD1 was introduced in 2007 and enforced in 2009 with the primary objective of laying the groundwork for a unified European retail payments market. This legislative framework was designed to serve as the legal basis for establishing a single European payments market, enhancing the safety and innovation of payment services throughout the EU. Its core aim was to make crossborder payments as seamless, efficient, and secure as domestic payments within any EU member state. Another significant aim of PSD1 was to foster competition and diversity in the payment services sector, thereby reducing the exclusivity of traditional banks in this domain. This directive opened the door for new players to enter the market and introduce price competitiveness, beyond the traditional world of banking institutions. An important consequence of PSD1 was the introduction of electronic money institution licences, which paved the way for non-traditional entities like Ayden to thrive in the European market. The landscape of payment service providers expanded as a result, with thousands of them settling in the EU. PSD2: Open banking and strong customer authentication for groundbreaking legal innovations The European Commission quickly
proposed to revise PSD1 in July 2013. It was adopted in 2015. PSD2 widened the scope of PSD1 by covering new services and players as well as by extending the scope of existing services, enabling their access to payment accounts. Three major points were at play: • Extended geographical coverage of the directive. • Harmonisation of open banking on the continent. • Strong customer authentication for electronic payments. Geographical coverage While PSD1 had limited jurisdiction and only applied to payments occurring within the European Economic Area (EEA), it did not grasp payments involving third countries. However, PSD2 brought about significant changes by including payments to and from third countries when one of the involved payment service providers operates within the EU. This extension of scope ensured that a broader range of international transactions is subject to EU regulations and information requirements, especially regarding information disclosure. Open banking Open banking allows individuals and businesses to securely share their banking data with third-party providers, such as fintech companies and other financial institutions. This data gathered through open banking can include information about account balances, transaction history, and other financial details. The data comes through application programming interfaces (APIs), which enable the secure exchange of information between different financial service providers.
