PSD2 Advisory
PSD2 fundamentally reshaped European payments regulation, introducing open banking mandates, Strong Customer Authentication requirements, and a liability framework that affects every business that handles payment transactions, from large banks to early-stage fintechs.
The Payment Services Directive 2 (PSD2) and its associated Regulatory Technical Standards create a dense web of obligations for payment service providers: Strong Customer Authentication (SCA) for electronic payments, access-to-account requirements for TPPs, liability allocation for unauthorised transactions, and transparency obligations on fees and exchange rates. Non-compliance carries both supervisory sanction risk and contractual liability to customers who suffer losses.
GlobalB Law advises payment service providers, merchants, and technology platforms on their PSD2 obligations and on preparing for the transition to PSD3, which introduces additional requirements including open finance, enhanced SCA exceptions, and stronger anti-fraud provisions. We conduct compliance gap assessments, advise on SCA exemption strategies that minimise customer friction without creating regulatory risk, and draft and review the contractual framework agreements and terms required between PSPs and their clients.
Our advice also covers the interaction between PSD2 and other regulatory frameworks. GDPR consent for account-data access, MiCA for embedded crypto functionality, and EMD2 for stored-value features, ensuring that PSD2 compliance does not inadvertently create exposure under adjacent regimes.
What we do
Services in this practice
Preguntas frecuentes
Preguntas frecuentes
Does SCA apply to all electronic payment transactions?
SCA applies to most payer-initiated electronic payment transactions where the payer's PSP is located in the EEA. However, PSD2 and the associated RTS on SCA provide a range of exemptions, including low-value transactions (under €30), low-risk transactions assessed via transaction risk analysis (TRA), recurring fixed-amount transactions initiated by the payee, and merchant-initiated transactions. We advise PSPs and merchants on structuring their payment flows to make maximum legitimate use of available exemptions while maintaining compliance.
What are a PSP's liability obligations for unauthorised transactions under PSD2?
Under PSD2, if a customer reports an unauthorised transaction, the PSP must in principle reimburse the full amount immediately, unless the PSP can demonstrate gross negligence or fraudulent intent on the part of the payer. The liability framework is complex where multiple PSPs are involved in a single transaction chain. We advise on contractual risk-allocation mechanisms between payment service providers.
How does PSD3 change things for firms already compliant with PSD2?
PSD3 (currently in trilogue) retains the core PSD2 framework but introduces: a new Open Finance regulation (FIDA) running in parallel; stricter liability rules for authorised push payment fraud; refined SCA exemptions; mandatory access to payment account data for a broader set of third parties; and enhanced supervisory cooperation. PSD2-compliant firms will need a structured gap analysis and transition programme, particularly around fraud liability and open finance data-sharing obligations.
Comenzar
Solicitar una cita
Cuéntenos su caso y le pondremos en contacto con el abogado adecuado.