The European Commission’s proposal of the Third Payment Services Directive (PSD3) and its sister regulation, the Payment Services Regulation (PSR), marks a significant turning point for fintech in Europe. Building on the foundation laid by PSD2, the new rules aim to modernise the regulatory landscape for payments and open banking across the EU. While PSD2 brought open banking to the forefront, PSD3 seeks to enhance consumer protection, level the playing field for third-party providers, and address gaps that have emerged over the past half-decade.
In this article, we explore the key elements of PSD3 and PSR, examine their implications for fintech companies operating in Europe, and analyse the strategic responses likely to shape the next wave of financial innovation in the region.
From PSD2 to PSD3: A Necessary Evolution
PSD2, adopted in 2015 and enforced from 2018, was a transformative moment for European finance. It introduced strong customer authentication (SCA), enabled third-party providers to access customer account data (with consent), and formalised the roles of account information service providers (AISPs) and payment initiation service providers (PISPs). The directive laid the groundwork for open banking but also triggered challenges related to technical standards, implementation inconsistencies, and limited uptake across member states.
PSD3 is not just a regulatory update but a strategic evolution. The European Commission has proposed two separate legislative instruments: PSD3 (as a directive) to revise and consolidate the current PSD2 provisions, and the PSR (as a directly applicable regulation) to unify payment rules across all EU states. This dual structure is intended to ensure both flexibility in national implementation and harmonisation where needed.
The changes aim to close gaps in PSD2, strengthen enforcement, improve the functionality of open banking, and extend protections in a more digitised and fraud-sensitive financial ecosystem.
Key Changes Introduced by PSD3 and PSR
1. A Stronger Legal Basis for Open Banking
One of the most significant shifts in PSD3 is the enhanced support for open banking. While PSD2 gave third-party providers access to account data, banks often implemented this begrudgingly. Friction in APIs, inconsistent uptime, and lack of standardisation have hindered progress.
PSD3 and the PSR aim to make open banking a fully operational market. Key measures include:
- Mandatory premium APIs with guaranteed performance
- Prohibition of obstacles such as mandatory re-authentication or frictional redirects
- Broader access to payment accounts, including newer types of e-money and wallet accounts
- Clearer liability rules between data providers and data recipients
For fintechs offering aggregation, budgeting, or payment initiation services, these improvements represent a long-awaited chance to offer more consistent user experiences and grow their customer base.
2. Leveling the Playing Field for Non-Banks
Under PSD3, electronic money institutions (EMIs) and payment institutions (PIs) will face more consistent regulation compared to banks. This change addresses longstanding complaints from fintechs about unequal treatment despite performing similar functions.
Highlights include:
- A more harmonised licensing regime across member states
- Streamlined passporting to operate in other EU countries
- Equal access to key payment infrastructure and bank account services
- Enhanced protection of customer funds
These changes will enable fintechs to scale more efficiently across Europe while ensuring that consumers receive consistent protections regardless of the provider type.
3. Stronger Consumer Protection and Fraud Prevention
As digital payments grow, so do concerns around fraud, particularly in the form of authorised push payment (APP) scams. PSD3 and the PSR introduce several consumer-focused measures:
- Reimbursement obligations for certain types of fraud, especially when banks or PISPs fail to apply SCA properly
- Enhanced transparency in fees, foreign exchange, and cross-border payments
- Improved complaint resolution timelines and procedures
- Mandatory sharing of fraud-related data among payment service providers
Fintechs will need to invest in stronger fraud monitoring and data sharing mechanisms. Those that already offer advanced risk analytics or behavioural biometrics may find new commercial opportunities in helping other providers meet compliance requirements.
4. Digital Identity and Stronger Authentication
PSD3 acknowledges the importance of integrating digital identity frameworks with payment services. This is particularly relevant given the growing interest in the European Digital Identity Wallet and the push for seamless cross-border authentication.
The directive encourages:
- Use of certified digital identity schemes for customer onboarding and verification
- More flexible approaches to SCA that allow innovation without compromising security
- Cooperation between national identity systems and financial services infrastructure
For fintechs offering onboarding, KYC, or identity-as-a-service solutions, this shift creates a powerful opening to integrate with banking and payments in a deeper way.
5. Data Access and Privacy
As financial services become more data-driven, the question of who controls data becomes increasingly important. PSD3 aligns with broader EU goals, including the Data Act and GDPR, to support data portability and consumer control.
Under PSD3:
- Consumers will have more rights over their financial data
- Third-party providers must offer clear consent flows and robust privacy protections
- Banks must allow data sharing for a wider range of account types and payment instruments
This reinforces the role of fintechs as intermediaries that empower consumers with actionable financial insights, provided they adhere to high standards of transparency and data ethics.
Implications for Fintech Companies
Competitive Opportunities
Fintechs that have struggled with inconsistent access to banking APIs will benefit from the improved interoperability and reliability that PSD3 demands. This could unlock a new generation of services in areas such as:
- Subscription management and spend optimisation
- Cross-border e-commerce payments
- Account-to-account (A2A) payments and merchant checkout flows
- SME finance, including cash flow forecasting and invoice payment tools
With fairer access to infrastructure and more favorable passporting terms, fintechs can more confidently expand into new EU markets, build multi-country offerings, and reach scale faster.
Compliance and Operational Readiness
PSD3 is not without its challenges. Compliance costs will rise, especially for smaller fintechs that must update their licensing, security, fraud, and data management frameworks.
Steps fintechs should take now include:
- Reviewing SCA flows and fraud monitoring capabilities
- Reassessing customer data permissions and consent flows
- Aligning with new rules around refunds, disputes, and reimbursement obligations
- Preparing for potential re-licensing or regulatory reviews under the new framework
Fintechs that build compliance into their product experience, rather than bolt it on, will be better positioned to thrive under PSD3.
Strategic Shifts in Partnerships
PSD3 will likely encourage closer collaboration between banks and fintechs. As banks are compelled to offer higher-quality APIs and consistent access, the incentive to cooperate with fintech providers will grow.
Partnerships may evolve in areas such as:
- White-labeled account aggregation and payment initiation services
- Embedded finance experiences within retail and B2B platforms
- Data enrichment and analytics services offered back to banks by fintechs
These shifts could change the balance of power in the ecosystem, allowing agile fintechs to play a bigger role in value-added layers.
Are You Ready for PSD3?
PSD3 readiness checklist
0/8 readyImpact on Consumers
Ultimately, PSD3โs success will be judged by its impact on consumers. If implemented effectively, it could deliver:
- Faster and cheaper cross-border payments
- Easier switching between financial providers
- Safer digital transactions with clearer protection rules
- More useful and personalised financial services
Consumers will benefit from an open finance landscape where innovation is encouraged but trust is preserved. Transparency, user control, and security are expected to improve across the board.
However, these outcomes depend heavily on coordinated implementation across member states, effective supervision by regulators, and a strong feedback loop between providers and users.
Timeline and Next Steps
The European Commission published the PSD3 and PSR proposals in mid-2023. As of 2025, the legislative process is still underway. Final adoption is expected by late 2025 or early 2026, followed by a 12 to 18-month transition period.
In the meantime, national regulators, industry groups, and fintech companies are engaging in consultations to refine the text and ensure operational feasibility. The European Banking Authority (EBA) is expected to publish technical standards and guidance to assist in implementation.
Fintech leaders should monitor developments closely, participate in industry forums, and begin scenario planning for compliance and product development.
Conclusion
PSD3 represents both a regulatory challenge and a strategic opportunity for European fintech. It responds to the evolving needs of a digital economy by reinforcing consumer rights, harmonising payment rules, and unlocking the true potential of open banking.
For fintechs, the new framework offers a clearer path to growth, collaboration, and competitive differentiation. Those that invest in compliance, customer trust, and API-driven innovation will be best placed to lead the next chapter of European financial services.
The road to PSD3 is just beginning, but the destination is clear: a more open, integrated, and user-centric financial ecosystem across Europe. The winners will be those who act now to align strategy with this fast-approaching reality.
