The third Payment Service Directive (PSD3) is finally coming, and it’s accompanied by a new Payment Service Regulation (PSR). What is it, and what does it mean for open banking, your business, and your customers?

The European Commission has released its first proposal for an updated version of the current PSD2 legislation. The proposal comes in two parts.


Payment Service Directive 3 &
Payment Service Regulation (PSR)


Financial Data Access

Payment Service Directive.

Today’s PSD2 becomes PSD3 and, in addition, a Payment Services Regulation (PSR) is added to the legislation. This is what they do:

  • Combat payment fraud by allowing payment service providers to share fraud-related information, increasing consumer awareness, strengthening customer authentication rules, extending refund rights for fraud victims, and making it mandatory to check payees’ account names with their IBAN numbers.
  • Improve consumer rights by addressing temporary fund blocks, enhancing transparency on account statements.
  • Granting non-bank payment service providers access to all EU payment systems, while ensuring safeguards and their right to a bank account.
  • Enhance open banking by removing obstacles to open banking services, giving customers more control over their payment data, and promoting innovative new businesses or offerings.
  • Strengthen harmonization and enforcement by enacting most payment rules through a directly applicable regulation.
  • Improve access to cash by allowing retailers to offer cash services without requiring a purchase, providing clarity on rules for independent ATM operators, and clearer information on ATM charges.

Financial Data Access.

  • Customers have the option to share their data with fintech companies, like Finshark, in a secure machine-readable format to access new, cheaper, and better data-driven financial products and services.
  • Financial institutions are obligated to make customer data available to other financial institutions or fintech firms.
  • Customers have complete control over who can access their data and for what purpose, facilitated through permission dashboards and strengthened protection of personal data.
  • Standardization of customer data and technical interfaces is required for financial data-sharing schemes.
  • Clear liability rules for data breaches and dispute resolution mechanisms are established in financial data-sharing schemes.
  • Data holders are encouraged to provide high-quality interfaces to data users through reasonable compensation.

What does it mean for your business?

There are plenty of goodies included in the proposal. A few of the to highlight are:


More transparency and better control over data-sharing for consumers are likely to increase trust, and in the long run also, the adoption of open banking services.


Better protection decreases the risk of fraud, allowing businesses and consumers to rest assured that their money is reaching its intended destination.


Standardizing technical interfaces will make “talking” to banks easier and more reliable, catering for a unison experience for users and a smoother implementation for developers.


Access to more financial data, not just payment accounts, can mean we see more innovative offerings in the open finance space.

What happens now with PSD3?

Assuming the PSD3/PSR files are passed in 2024, enforcement may happen by the end of 2025. It might be wishful thinking, as the European elections can delay the process, meaning it won’t be enforced until mid-2026. Lastly, since individual member states must implement the directive nationally, it may take longer.

writer image

Kristian Sternros | Co-founder & COO

Fintech entrepreneur and chairman of the board. Have founded and managed several companies to significant growth, multiple successful exits.

Connect with me on LinkedIn!