The European Union is preparing to implement the Payment Services Directive 3 (PSD3) alongside the Payment Services Regulation (PSR), two major reforms set to modernize the payments ecosystem between 2026-2027. These regulatory updates seek to address gaps left by PSD2, enhance consumer protection, improve competition fairness, and align the framework with emerging digital finance trends such as open finance and digital wallets. This article offers an in-depth look at PSD3 and PSR in 2025, detailing what the new regulations involve, why they are needed, and their expected impact on banks, fintechs, payment service providers (PSPs), and customers across Europe.
Background: From PSD2 to PSD3
The introduction of PSD2 in 2018 was a landmark change in European payment services, catalyzing open banking adoption, enabling third-party account access, and mandating Strong Customer Authentication (SCA) to reduce fraud. PSD2 drove a 17% reduction in electronic payment fraud and led to 20% cost reductions in bank payment operations (European Commission).
However, PSD2 also exposed regulatory and operational shortcomings. Open banking growth was uneven due to technical and regulatory inefficiencies, fraud risks evolved alongside new digital payment methods, and the governance of non-bank players remained fragmented. The EU recognized the need for a comprehensive update to keep pace with technological advances and new market dynamics, hence PSD3’s development alongside the complementary PSR.
Core Objectives of PSD3 and PSR
PSD3 aims to refine and expand PSD2’s provisions while merging its framework with the Electronic Money Directive (EMD) through the PSR to create a unified, streamlined regulatory regime. The key objectives include:
- Enhanced Consumer Protection: Introducing stricter fraud prevention measures, mandatory IBAN and Name Matching verification to reduce unauthorized payments, and expanded refund rights for payment fraud victims. PSD3 also includes specific safeguards for vulnerable and technologically challenged users.
- Fair and Harmonized Market Access: PSD3 addresses inconsistencies in bank and non-bank access to payment systems by allowing direct participation of payment institutions and e-money institutions, promoting a level competitive playing field. The PSR harmonizes licensing and supervisory standards across Member States.
- Strengthening Oversight of Non-Bank Entities: Fintechs, third-party providers (TPPs), and wallet operators face tighter licensing, capital, and operational requirements, reducing regulatory arbitrage while ensuring stable market participation. PSD3 may formally recognize wallet providers as technical service providers under the new regime.
- Boosting Resilience and Incident Reporting: In alignment with the EU Digital Operational Resilience Act (DORA), PSD3 mandates enhanced cyber risk management, incident detection, and reporting obligations to ensure robust security architecture.
- Promoting Open Finance and Data Sharing: PSD3 lays the groundwork for open finance by promoting expanded access to financial data, building on the Framework for Financial Data Access (FIDA). This encourages innovation while strengthening consent and data privacy safeguards.
- Modernising for New Technologies: The regulatory framework now explicitly covers digital wallets, instant payments, and certain crypto-assets, ensuring regulatory clarity and consumer safety amid rapidly evolving payment technologies.
Implications for Banks
Banks will be deeply impacted by PSD3:
- Strengthening Fraud Prevention: Banks must implement mandatory IBAN and Name Matching verification and enhance Strong Customer Authentication (SCA) protocols consistent with PSD3’s rules, minimizing exposure to emerging fraud vectors. Enhanced communication and data-sharing protocols around fraud between banks and PSPs are expected.
- Adapting to New Competitive Pressures: Direct PSP and e-money institution access to payment systems under PSD3 reduces bank dominance over payment infrastructure, forcing traditional banks to innovate and partner more strategically with fintechs and non-bank PSPs.
- Operational and Compliance Adjustments: Banks will update APIs, customer interfaces, risk management, and reporting systems to accommodate new transparency, incident reporting, and cybersecurity requirements. This also means preparing for EU-wide uniform supervision frameworks, reducing national regulatory fragmentation.
Implications for Fintechs and Payment Service Providers
PSD3 promises opportunities and challenges for fintechs and PSPs:
- Greater Market Access and Independence: Fintechs and electronic money institutions will benefit from the removal of intermediary bank reliance to directly access payment systems, fostering a more competitive landscape.
- Heightened Regulatory Expectations: Alongside expansion, fintechs face tighter licensing, capital, governance, and cyber resilience requirements, necessitating stronger risk management and compliance frameworks to meet PSD3 standards.
- Innovation and Service Expansion: The recognition of wallet providers and clearer rules around data access enable fintechs to expand innovative offerings in open finance, digital wallets, and instant payments, opening new revenue streams.
Transition Timeline and Preparation
The legislative process for PSD3 and PSR is expected to conclude by late 2025, with an implementation period spanning approximately 18 months. This means EU countries will adopt and enforce PSD3 provisions between mid to late 2027. Financial institutions and PSPs should already be assessing system readiness, compliance roadmaps, and strategic partnerships to ensure smooth transitions and competitive positioning.
Industry advisors emphasize early engagement with risk, IT, legal, and customer experience teams to:
- Map new regulatory requirements to existing workflows
- Identify gaps in fraud prevention, data sharing, and incident reporting
- Upgrade authentication systems and APIs
- Educate customers on enhanced protections and rights under PSD3
Wider Market and Consumer Impact
PSD3 aims to restore consumer trust in an increasingly complex payments world. Through clearer rights, stronger protections, and fair market access rules, PSD3 and PSR intend to foster a safer, more transparent and innovative payments ecosystem.
Consumers can expect:
- Improved protection against unauthorized transactions with streamlined refund processes
- More reliable authentication methods to balance security with convenience
- Increased availability of innovative payment options, including mobile wallets and open finance solutions
- Better clarity on data consent and usage
For merchants, PSD3 reduces friction in payment acceptance while balancing fraud mitigation, creating a more efficient commerce environment.
The Road Ahead: PSD3 as a Catalyst for Payments Evolution
PSD3 and PSR mark the next phase of payment services regulation, adapting legal frameworks to 2025’s fast-changing digital finance landscape. They reflect the EU’s commitment to balancing innovation with security and competition, providing a clear, harmonized roadmap for market participants.
The real challenge and opportunity for financial institutions and fintechs lie in using PSD3’s provisions as a springboard to modernize legacy systems, embrace open finance, and develop customer-centric services built on trust and resilience.
The transformation ushered in by PSD3 will ripple through Europe’s payments ecosystem—and beyond—setting global standards for secure, innovative, and transparent financial services in the coming decade.