What is PSD3?
Payment Services Directive 3 (PSD3) is the European Commission’s June 2023 legislative proposal to replace PSD2, accompanied by a parallel Payment Services Regulation (PSR). The package responds to PSD2 implementation lessons (uneven open banking, persistent fraud, ambiguous TPP rules) and aligns payment services with adjacent files (Digital Euro, FIDA — Financial Data Access). Adoption and entry-into-force are expected progressively; specific dates depend on the legislative trilogue outcome.
Key proposed changes
- Single rulebook via PSR: directly applicable EU-wide, reducing national divergence.
- Anti-fraud measures: mandatory IBAN-name check, sharing fraud data, mandatory refund for “spoofing” frauds in some categories.
- Enhanced TPP access: stricter API performance standards, “obstacles” elimination, dedicated dispute resolution.
- Consolidated PSP licensing: merger of PIs and EMIs into unified Payment Institution authorisation.
- SCA refinements: clarified exemption scope, accessibility provisions, dynamic linking.
- Cash access: rules promoting continued retail cash access via merchants.
FIDA — Financial Data Access
The parallel Financial Data Access Regulation (FIDA) extends open-banking-style access from payment accounts to broader financial data categories: investments, insurance, pensions, mortgages, savings. PSD3 + PSR + FIDA together create the next-generation open finance regime in the EU.
What PSD3 changes in practice
For payments and open-banking products, the PSD3/PSR package tightens the operating envelope: stronger fraud and IBAN-name-check duties, broadened liability for impersonation fraud, harmonised direct-access rights to payment systems for non-bank PSPs, and a recast open-banking regime with performance obligations on data interfaces. Strategy consequences run two ways. EU-facing Turkish fintechs should plan against the package’s timelines in their EU entity roadmaps — passporting economics and API obligations shift. Domestically, Turkish regulation has historically tracked EU payments law (the 6493 framework descends from PSD logic), so PSD3 is the best available preview of where TCMB-administered rules head next; building product architecture to the stricter standard is cheap optionality.