PSD3 is an innovation red herring

Katja Lehr Managing Director of the EMEA Payments and Commerce Solutions Team of JPMorgan Chase

17th January 2024 • 3min read

It’s not often that we see regulation pre-empting innovation – rarer still to see it drive innovation forward.

Instead, regulatory action has historically followed behind technological innovation – think of attempts to regulate social media, drones and AI. But as innovation continues to pick up speed, regulation needs to do more than keep pace; it needs to become future-proof. 

One regulation that the public expects to have a major impact is the third Payments Service Directive (PSD3), which is currently in draft. Its predecessor, PSD2, shook up the payments landscape, and that history has the industry bracing for PSD3. 

But when it comes to the next wave of payments innovation, PSD3 is a red herring. Don’t let it distract you from the disruptions that will change the payments landscape for consumers and payment service providers alike. 

The evolution of the payments services directive  

PSD2 broke new ground

When PSD2 passed in 2015 and enforcement began in 2018, it established the EU’s reputation as a global force for payments legislation thanks to its bold stances on innovation and fraud prevention. It drove significant change including introducing open banking and requiring banks to provide access to third-party providers for customer account info and payment initiation services. It also required stricter security measures, limiting liability, establishing fraud protection and prohibiting fees for specific payment methods to decrease costs. 

These changes ushered in new players to the payment services market and therefore increased competition.

PSD3 lays a strong foundation 

Now that PSD3 has entered the conversation, the industry is bracing for the next big overhaul. PSD2 has primed the public to anticipate major disruption across the payments landscape. 

But that’s not likely to happen. Instead, PSD3 looks to the future to consolidate and modernise payments regulation by establishing scope and definitions. By working to future-proof payments regulation, the directive proactively addresses technological innovation, rather than retroactively incorporating developments. 

Think of it this way: creating the future of innovative regulation is like the building of a house. Regulators have the blueprint, but haven’t raised the walls yet. PSD2 broke new ground, establishing the footprint of regulation and addressing the current payments landscape. The latest directive creates a strong foundation so subsequent innovation can build on regulation established by PSD3– and the rest of the house will follow. 

"PSD3 is the foundation the industry needs to tie EU legislation together and continues to deliver on its objective to drive forward innovation."

Bigger disruptors than PDS3

If we continue with the idea of building a house, the next logical question is: what will build on PSD3’s foundation to create the rest of our structure? Here are four regulations to keep your eye on: 

• The Instant Payments Mandate: Under the provisional regulation for instant payments, payment service providers will need to offer instant payments in euro, which will allow money transfers within ten seconds no matter the day or time. 
• The Single Currency Package: Put forth as a proposal in June 2023, the Single Currency Package looks to ensure that businesses and consumers can continue to use euro cash while simultaneously exploring the possibility of a digital euro to complement banknotes and coins. The European Central Bank is leading reviews to determine how a digital euro could be designed, distributed and regulated.  
• EU Digital Identity Wallets: EU Digital Identity Wallets will securely store personal data and documents for use across digital services, both public and private. Certain businesses and services will be required to accept EU Digital Identity wallets, including Meta, Amazon, Apple and more.  
• FIDA: In June 2023, the EU proposed a new Financial Data Access (FIDA) framework that encompassed nearly all financial services data. This would allow consumers to grant third-party access to data held by financial institutions. Keep an eye on the proposed implementation timeline for this regulation, as it’s very quick.  

"If we have tunnel vision for PSD3, we’ll miss the bigger picture – and the bigger opportunity.”

My Unfiltered opinion

Regulation is driving innovation. Participants can react and adhere, or they can engage and enable strategic opportunities. To optimise the opportunities, participants need to look across the suite of regulatory proposals instead of zeroing in on a single directive. 

But if you’re still worried about PSD3, do these three things now so you don’t get thrown off track:

1. Stay informed: PSD3 is still in the drafting phase, and changes or additions may be forthcoming. Estimated timelines show that PSD3 will likely be passed in late 2024, with mandatory compliance likely set for 2026. But early compliance can open opportunities for new partnerships, build loyalty through improved security practices and enable new ways for your customers to pay. 
2. Enhance security measures: Start with enabling two-factor authentication if you haven’t already done so. Audit current regulatory adherence to PSD2 and evaluate any outdated practices. Review customer data handling practices to identify areas of improvement.
3. Understand the scope: If your business wasn’t previously covered by PSD2, be sure to review if you’ll be part of the scope of the proposed PSD3 draft. This will help you avoid any compliance surprises down the road. (If you’re not sure, feel free to reach out to J.P. Morgan – we’re here to help you understand complicated regulatory environments as they evolve.)