The European Union is preparing to raise the stakes for open banking. With the Third Payment Services Directive (PSD3) and its accompanying Payment Services Regulation (PSR) moving through final approval stages, the bloc is edging closer to its most significant payments overhaul since PSD2.
EU lawmakers have published their final compromise texts for the proposals, suggesting that major political negotiation is largely complete. The next steps are formal approval by the Council of the European Union and the European Parliament, after which the rules will go into effect 20 days later.
At its core, open banking is built on the relationships between banks and third-party providers—fintechs and partners that enable the modern digital banking ecosystem through application programming interfaces (APIs).
Therefore, it makes sense that a key emphasis of the new framework is strengthening the rules governing these partnerships. For example, under PSD3 and the PSR, banks and third-party providers will need to ensure that APIs are secure and that all participating firms are appropriately authorized or licensed.
Tightening Fraud Controls
Another major focus of the legislation is fraud prevention. Fraud has become a global threat as payments have accelerated and cybercriminals have become more savvy. To this end, the PSR introduces stricter transaction monitoring requirements, including real-time checks for instant payments.
The regulations also set higher standards for identity verification. For example, payment service providers will be required to verify that the recipient’s name matches the account identifier before initiating a transfer. Additionally, the framework implements enhanced customer authentication rules, clarifying when step-up security measures must be applied.
A More Unified Regulatory Approach
The overarching message of the new rules is that while open banking delivers benefits, its high degree of interconnectivity also introduces new risks. PSD3 and the PSR represent a more targeted evolution of the regulatory framework, aiming to close gaps identified in earlier iterations of the Payments Service Directive.
Responsibilities are more clearly divided. PSD3 will primarily address licensing and supervisory arrangements, while the PSR will set directly applicable conduct and operational requirements across EU member nations. This separation is designed to reduce the inconsistencies in implementation that emerged under PSD2.
Ultimately, the goal of PSD3 and the PSR is to create a more secure and harmonized open banking environment across the EU. Once adopted, financial services firms are expected to comply with the new requirements within 27 months of the rules entering into force.
