The Impact of PSD2 on the European Financial Industry: An Overview and Legal Advisement

The Impact of PSD2 on the European Financial Industry: An Overview and Legal Advisement
Photo by Miquel Parera / Unsplash

The Payment Services Directive 2 (PSD2) is a crucial piece of legislation that has significantly transformed the European financial industry since its implementation in January 2018.

Designed to enhance competition, security, and innovation in the payment services market, PSD2 has had far-reaching effects on financial institutions, payment service providers, merchants, and consumers across the European Union (EU).

In this blog post, we will delve into the key elements of PSD2, analyze its impact on various stakeholders, and provide essential legal advisement for businesses navigating the evolving landscape of the European financial industry.

Understanding PSD2: Key Elements

a) Scope and Applicability

PSD2 applies to all payment service providers (PSPs) operating within the EU, including banks, e-money institutions, and third-party providers (TPPs) such as payment initiation service providers (PISPs) and account information service providers (AISPs).

b) Strong Customer Authentication (SCA):

One of the central pillars of PSD2, SCA mandates that electronic payment transactions must be authenticated using at least two out of three factors: something the customer knows (e.g., a password), something the customer has (e.g., a mobile device), and something the customer is (e.g., biometric data). SCA aims to bolster security and protect consumers from fraud.

c) Access to Accounts (XS2A):

PSD2 introduces the concept of XS2A, which enables TPPs with the customer's explicit consent to access their payment account data. This allows for innovative payment services and fosters increased competition in the financial market.

d) Prohibition of Surcharge Fees:

PSD2 prohibits merchants from imposing surcharges on customers who choose to pay via a specific payment card or method. This aims to promote transparency and fairness in payment transactions.

e) Open Banking and APIs:

PSD2 mandates the creation of Application Programming Interfaces (APIs) that facilitate secure and standardized data sharing between banks and authorized TPPs. This promotes open banking, enabling seamless integration of third-party services with banking platforms.

Impact on the European Financial Industry

a) Increased Competition and Innovation:

PSD2's introduction of XS2A and API-driven open banking has encouraged a wave of new entrants into the market, fostering competition and innovation.

FinTech startups and established tech companies have developed innovative payment services, leading to a more diverse and dynamic financial ecosystem.

b) Enhanced Customer Experience:

With the advent of open banking, customers now have access to a broader range of financial services and can manage their finances more efficiently through consolidated views of multiple accounts. This has resulted in an improved customer experience, enabling personalized financial solutions.

c) Strain on Traditional Banks:

While PSD2 has created opportunities for traditional banks to embrace digital transformation and collaborate with TPPs, it has also posed challenges.

Established banks face the risk of losing market share to agile and innovative FinTech companies if they fail to adapt to the changing landscape.

d) Heightened Security Measures:

SCA has significantly bolstered the security of electronic payment transactions. However, the implementation of SCA requirements initially led to concerns regarding user experience, particularly for recurring payments.

Careful consideration of user-friendly authentication methods is essential for businesses to maintain customer satisfaction while complying with security mandates.

Regulatory Compliance

To thrive in the post-PSD2 environment, financial institutions must ensure strict adherence to regulatory requirements. Robust security measures and SCA implementation are paramount, while data protection and privacy compliance under the General Data Protection Regulation (GDPR) must also be upheld.

For businesses seeking access to customer account data, obtaining explicit and informed consent is crucial. Adequate consent management processes must be in place to protect customer data and comply with PSD2's XS2A provisions.

API Development and Security

For banks and TPPs, the creation and management of APIs play a critical role in facilitating secure data sharing. Comprehensive API development, security testing, and regular updates are necessary to safeguard against potential breaches and data misuse.

Partnership Opportunities

Traditional banks can leverage PSD2's open banking framework by forging partnerships with FinTech companies and TPPs. Such collaborations can enhance service offerings, broaden customer reach, and create new revenue streams.


PSD2 has undeniably reshaped the European financial industry, sparking innovation, enhancing competition, and prioritizing consumer protection.

While it presents significant opportunities, businesses must adapt to comply with regulatory requirements, prioritize security, and embrace customer-centric approaches to succeed in this evolving landscape.

By staying proactive and fostering strategic partnerships, financial institutions can thrive and provide customers with a seamless, secure, and innovative financial experience in the era of PSD2.

Read more