PSD3 and PSR come at a pivotal moment in the transformation of the financial sector. Recent technological developments and shifting customer expectations create a need for new regulations that can better prevent fraud, further promote open banking, and foster competition. Companies are under pressure to innovate faster than ever, while demand for secure digital services grows by the day. It is therefore essential that organizations prepare for the changes PSD3 and PSR will bring and remain alert to ongoing developments in the sector.
Objectives of PSD3 and PSR
Although existing regulations such as PSD2 have proven effective in combating fraud, rapid technological advancements have created new challenges and opportunities. These developments require adjustments to regulations to ensure that payment services across Europe continue to meet evolving demands. The upcoming PSD3 and PSR framework aims to address these needs and provide a robust foundation for innovation in the sector. This will allow companies to manage new risks effectively while capitalizing on the opportunities brought by digital transformation. The main objectives of PSD3 and PSR partially overlap with previous goals, namely:
Improved fraud prevention and consumer protection – Stricter security measures are intended to bolster trust in digital payments.
Strengthening Open Banking – Increased competition between banks and digital financial service providers encourages innovation and growth.
Harmonization and enforcement of EU rules – A level playing field across all member states ensures fairer competition and more effective enforcement.
More access for non-bank providers – Payment Service Providers (PSPs) receive clearer, more consistent conditions for accessing payments systems and bank accounts.
Enhanced consumer rights – Issues such as unexpected account blocks, unclear costs, and a lack of transparency are addressed.
The new financial data-sharing legislation goes beyond just payment accounts and includes rules for safe and transparent data exchange. The aim is to stimulate innovation and give consumers greater control. These provisions are expected to be laid by both PSD3 and PSR as well as the proposed Financial Data Access (FIDA) framework.
Key improvements
Safe data sharing for customers:
Consumers can more easily share their financial data for personalized services, financial insights, or price comparisons.
Through specialized consent dashboards, consumers retain control over who can access their data and for what purposes.
Obligations for financial institutions:
Banks and other data holders must provide access to data via standardized systems, provided customer consent is granted.
These institutions must ensure that APIs meet clear reliability and availability expectations.
Better technical arrangements and protection:
Clear liability rules and dispute resolution procedures will give parties legal certainty
Verification measures, such as Confirmation of Payee (CoP), must be applied consistently for increased fraud prevention.
Improved consumer control and accessibility:
Consumers benefit from improved access to cash, including the ability to withdraw cash at retail locations without needing to make a purchase.
Consumers gain stronger control over their payments, including tools to set limits on payment instruments.
New licensing requirements
With the introduction of PSD3 and PSR, the prudential and licensing rules for electronic money institutions and payment service providers become more stringent. These include:
1. Revised capital and safeguarding requirements:
Increased initial capital requirements: Institutions may need to hold more equity due to revised calculation methods.
Wind-down plan requirement: Institutions must include an orderly wind-down plan in their license applications.
2. Risk mitigation: Payment institutions will be subject to stricter rules aimed at reducing concentration risk when safeguarding customer funds
3. Re-licensing within two years: Existing licenses for non-bank PSPs remain valid for a maximum of 30 months, provided institutions submit new applications on time.
The impact of the new rules
The regulations impact a wide array of entities, including traditional banks, digital payment platforms, and emerging service providers. Notably, even many established payment institutions must reapply for their licenses, a measure introduced by the EU to ensure that market participants meet the highest standards of transparency and security. This means that previous approvals are no longer automatically valid, reflecting the increased stringency of the new regime. This raises the bar for everyone, promoting innovation and a more level playing field.
Stricter rules, higher thresholds
While the new licensing requirements aim to foster fair competition, they also bring forth new challenges. Meeting the elevated standards for transparency and security may require complex adaptation of current systems and processes. These changes may require additional investment, prompting companies to carefully assess how best to comply with the new expectations without hindering growth.
New possibilities despite challenges
At the same time, the regulations enable new opportunities in areas such as Embedded Finance (financial services integrated directly into apps or platforms), ‘Buy Now, Pay Later’, and Decentralized Finance (DeFi). These trends offer both incumbents and new market entrants the ability to further embed services within the digital ecosystem, expanding their customer base and diversifying revenue streams. By embracing these developments, companies can deliver innovative solutions aligned with evolving customer demands.
Timeline – the next steps
On 27 November 2025, the European Parliament and the Council reached a provisional agreement on PSD3 and PSR. Formal adoption and publication in the Official Journal of the EU will follow the technical finalization of the legal texts in 2026.
Once adopted and published in the Official Journal of the EU, the new rules will include an 18-month transitional period before compliance becomes mandatory. This means that affected institutions will need to be fully aligned with the requirements of PSD3 and PSR by the end of 2027, following their formal entry into force.
Given these developments, financial institutions and payment service providers must remain vigilant, continuously monitoring the legislative process and preparing for the required operational changes. As the proposals near finalization, their effects will vary across the payments landscape. Strategic foresight and early preparation will be essential to remain compliant and seize opportunities arising from the new regulatory framework.
With PSD3 and PSR, we assist your organization
Navigating PSD3 and PSR requires more than interpreting regulatory texts: It calls for a clear understanding of supervisory expectations, operational impact, and strategic alignment. At PwC, we assist organizations in identifying opportunities arising from the developments around Open Finance, conducting end-to-end gap and impact assessments, translating regulatory requirements into actionable implementation steps, and strengthening compliance and control frameworks for long-term resilience.
Whether you’re preparing for supervisory scrutiny or aiming to seize market opportunities, our multidisciplinary team helps you ensure compliance readiness, minimize regulatory risk, and position your organization for sustainable success. Contact us to find out how we can support your organization.
Sign up for our newsletter, the PwC Update
