PSR/PSD3: EU Payment Services Legislation Is Agreed

On 27 November 2025, negotiators for the Council of the European Union and the European Parliament reached a provisional political agreement on the Payment Services Regulation (PSR) and the Third Payment Services Directive (PSD3).

PSR aims to harmonise payment services and strengthen fraud prevention across the EU. It applies to payment services provided by banks, post-office giro and payment institutions, as well as technical service providers supporting payment services, and in some cases electronic communications providers and online platforms.

PSD3 is intended to ensure fair competition among payment service providers (PSPs), by addressing authorisation and supervisory powers, and to improve access to cash, particularly in remote areas.

For further information on the original legislative proposals announced in June 2023 please see our article here.

Key agreed measures

Protecting customers from fraud

PSP requirements – PSPs will be required to:

• check that a payee's name and unique identifier match. In cases of discrepancies, the PSP must refuse the payment order and inform the payer.
• ensure strong customer authentication
• conduct a risk assessment
• offer spending limits
• offer blocking measures to reduce the risks of fraud.

PSP liability – If a PSP fails to implement appropriate fraud prevention mechanisms, it will be liable for covering customers' losses.

Unauthorised transaction – If a fraudster initiates or changes a transaction, it will be treated as unauthorised transaction and the PSP will be liable for the full fraudulent amount. Additionally, the receiving PSP will have to freeze any transaction it finds suspicious.

Impersonation fraud – Where a scammer pretends to be a PSP employee and tricks the customer into approving a payment, the PSP must refund the full amount provided the customer reports the fraud to the police and informs their PSP.

Online platform liability – Online platforms will be liable to PSPs who have reimbursed defrauded customers if they are informed of fraudulent content on their platform and fail to remove it. This builds on and adds to the protection in the Digital Services Act.

Advertisers of financial services – Advertisers of financial services must show very large online platforms and search engines that they are permitted in the relevant country to offer those services, or that they are advertising on behalf of someone who is.

Human customer support – Payment services users must have access to human customer support (not only chatbots).

Public resources – Public resources should be devoted to educating people on how to avoid fraud.

Transparent charges

Customers should be properly informed about all charges prior to the initiation of a payment. For example, information about currency conversion charges or any fixed fees for cash withdrawal at automatic telling machines should be given.

Better access to cash

Retail stores will be able to provide cash withdrawals of maximum €150 but minimum €100, without the customer having to buy anything.

Improving competition – open banking

To reduce market barriers for "open banking services" (account information and payment initiation services) and to prevent account-servicing payment service providers (ASPSP) (usually a bank or other financial institution) from discriminating against them the following measures were agreed:

• Authorised open banking providers must be able to access payment account data and the legislation should include a list of prohibited obstacles to data access.
• Payment service users will be given a dashboard to monitor and manage the permissions they have given to access their data.
• Banks will have to provide payment institutions with access to payment accounts on a non-discriminatory basis.
• Manufacturers of mobile devices and electronic service providers will have to allow front-end service providers (such as apps or user interfaces) to store and transfer data needed to process payments, on fair, reasonable, and non-discriminatory terms.

Simplified authorisation

The negotiators agreed to simplify the authorisation procedure for payment institutions. Authorisation should be subject to strong prudential and capital requirements, accurate own-funds calculations, reliable budget forecasts, and harmonised timelines, with initial capital scaled to the provider's risk level and to the payment services provided. Crypto asset service providers already authorised under Regulation on Markets in Crypto-Assets (MiCAR), would be subject to a streamlined procedure while keeping appropriate risk controls and providing only services specified in the application. For further information on securing authorisation under MiCAR please see our dedicated MiCAR webpage.

Quick dispute resolution

PSPs will be required to participate in alternative dispute resolution procedures if a consumer chooses it.

Next steps

The agreed measures must be formally adopted by the European Parliament and the Council of the European Union before they can come into force. The Council and the Parliament will continue working on the technical elements of the package before final adoption by the co-legislators. We anticipate that the final texts will be published in the Official Journal of the European Union in H1 2026.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.