EU Payment Services Directive (PSD2)
Directive (EU) 2015/2366 of 25 November 2015 on payment services in the internal market (PSD2). PSD2 entered into force on 12 January 2016 and Member States transposed it by 13 January 2018. It repealed Directive 2007/64/EC (PSD1) and modernised the EU payments framework by: extending the scope to one-leg-out + third-country-currency transactions; creating two new regulated activities (Payment Initiation Services + Account Information Services) and the corresponding Open Banking regime via the access-to-accounts rules in Articles 65-67; mandating Strong Customer Authentication in Article 97 with three-element elements - knowledge / possession / inherence - and dynamic linking for remote payments; requiring operational + security risk management + incident reporting + the Article 98 EBA Regulatory Technical Standards (Commission Delegated Regulation (EU) 2018/389 on the SCA-RTS and the common + secure open standards of communication); and tightening consumer-liability + refund + safeguarding rules. PSD2 remains in force until the PSD3 Directive + Payment Services Regulation (PSR) (Commission proposals COM(2023) 366 + COM(2023) 367 of 28 June 2023) are adopted and transposed. Note: the PSD2 SCA-RTS (Commission Delegated Regulation (EU) 2018/389) is tracked separately as the 'PSD2 SCA' corpus entry.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (6)
PSD2: Authorisation of Payment Transactions and Open Banking (PIS / AIS)
| Code | Title |
|---|---|
| PSD2-Art.64_65 | Consent and confirmation of availability of funds (PSD2 Articles 64 and 65) |
| PSD2-Art.66_67 | Payment initiation services and account information services (PSD2 Articles 66 and 67) - the Open Banking rules |
| PSD2-Art.71_74_75_76_77 | Unauthorised transactions, refunds and liability (PSD2 Articles 71, 74, 75, 76, 77) |
PSD2: Authorisation, Capital and Safeguarding of Payment Institutions
| Code | Title |
|---|---|
| PSD2-Art.10 | Safeguarding requirements (PSD2 Article 10) - segregation or insurance |
| PSD2-Art.11_12_13 | Grant, withdrawal and EBA register of authorisation (PSD2 Articles 11, 13, 14, 15) |
| PSD2-Art.19_20 | Use of agents and outsourcing rules (PSD2 Articles 19 and 20) |
| PSD2-Art.32_33 | Exemptions for small payment institutions and AIS-only providers (PSD2 Articles 32 and 33) |
| PSD2-Art.5_8 | Authorisation application, initial capital and own funds (PSD2 Articles 5, 7 and 8) |
PSD2: Operational Security, Strong Customer Authentication and Incident Reporting
| Code | Title |
|---|---|
| PSD2-Art.94 | Data protection (PSD2 Article 94) - GDPR alignment |
| PSD2-Art.95 | Management of operational and security risks (PSD2 Article 95) |
| PSD2-Art.96 | Incident reporting to competent authority (PSD2 Article 96) |
| PSD2-Art.97 | Strong Customer Authentication (PSD2 Article 97) - knowledge / possession / inherence + dynamic linking |
| PSD2-Art.98 | Article 98 RTS - SCA + common and secure communication (Commission Delegated Regulation (EU) 2018/389) |
PSD2: Scope and Definitions
| Code | Title |
|---|---|
| PSD2-Art.1_2_3_4 | Subject matter, scope and definitions (PSD2 Articles 1-4) |
PSD2: Supervision, Penalties and Final Provisions
| Code | Title |
|---|---|
| PSD2-Art.104_117 | Delegated acts, transposition, repeal of PSD1 and entry into force (PSD2 Articles 104-117) |
| PSD2-Art.5_19_22 | Money-laundering / CFT and AML controls in payment institution authorisation + agents |
| PSD2-Art.99_103 | Out-of-court redress, competent authorities and penalties (PSD2 Articles 99-103) |
| PSD2-Status | PSD2 status - in force pending PSD3 + PSR adoption + transposition |
PSD2: Transparency, Information and Consumer Protection
| Code | Title |
|---|---|
| PSD2-Art.38_60 | Transparency of conditions and information requirements (PSD2 Articles 38-60) |
Your Compliance Coverage
If you comply with EU Payment Services Directive (PSD2), you already cover:
Maps to 3 other frameworks
Frequently Asked Questions
What is EU Payment Services Directive (PSD2)?
EU Payment Services Directive (PSD2) is a compliance framework from European Union with 6 domains and 19 controls. Directive (EU) 2015/2366 of 25 November 2015 on payment services in the internal market (PSD2). PSD2 entered into force on 12 January 2016 and Member States transposed it by 13 January 2018. It repealed Directive 2007/64/EC (PSD1) and modernised the EU payments framework by: extending the scope to one-leg-out + third-country-currency transactions; creating two new regulated activities (Payment Initiation Services + Account Information Services) and the corresponding Open Banking regime via the access-to-accounts rules in Articles 65-67; mandating Strong Customer Authentication in Article 97 with three-element elements - knowledge / possession / inherence - and dynamic linking for remote payments; requiring operational + security risk management + incident reporting + the Article 98 EBA Regulatory Technical Standards (Commission Delegated Regulation (EU) 2018/389 on the SCA-RTS and the common + secure open standards of communication); and tightening consumer-liability + refund + safeguarding rules. PSD2 remains in force until the PSD3 Directive + Payment Services Regulation (PSR) (Commission proposals COM(2023) 366 + COM(2023) 367 of 28 June 2023) are adopted and transposed. Note: the PSD2 SCA-RTS (Commission Delegated Regulation (EU) 2018/389) is tracked separately as the 'PSD2 SCA' corpus entry. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does EU Payment Services Directive (PSD2) have?
EU Payment Services Directive (PSD2) has 19 controls organised across 6 domains. The largest domains are PSD2: Authorisation, Capital and Safeguarding of Payment Institutions (5 controls), PSD2: Operational Security, Strong Customer Authentication and Incident Reporting (5 controls), PSD2: Supervision, Penalties and Final Provisions (4 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does EU Payment Services Directive (PSD2) map to?
EU Payment Services Directive (PSD2) maps to 3 other compliance frameworks. The top mapping partners are NIS2 Directive (21% coverage), DORA (21% coverage), GDPR (16% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with EU Payment Services Directive (PSD2) compliance?
Start your EU Payment Services Directive (PSD2) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about EU Payment Services Directive (PSD2) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 19 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.
Get Started Free →Free forever — no credit card required