Revised rules for payment services in the EU

KEY POINTS

The directive sets out rules concerning:

• a licensing regime for payment institutions, including those offering account information and payment initiation services (open banking);
• the transparency of conditions and information requirements for payment services, including charges;
• the rights and obligations of users and providers of payment services;
• strict security requirements for electronic payments and the protection of consumers’ financial data, in order to guarantee safe authentication and reduce the risk of fraud.

The directive is complemented by Regulation (EU) 2015/751, which caps the interchange fees charged between banks for card-based transactions. This is expected to drive down the costs for businesses in accepting consumer debit and credit cards.

Towards a better integration of the EU payment market

The directive establishes a clear and comprehensive set of rules that apply to existing and new providers of innovative payment services. These rules seek to ensure that these providers can compete on equal terms, leading to greater efficiency, choice and transparency of payment services, while strengthening consumer trust in a harmonised payment market.

Opening up the EU market to new services and providers

The directive also aims to open up the EU payment market to companies offering consumer- or business-oriented payment services based on access to the payment account, particularly:

• account information services, which allow payment service users to, for example, have an overview of their financial situation at any time, allowing users to better manage their personal finances;
• payment initiation services, which initiate an order at the request of the payment service user with respect to a payment account held at another payment service provider.

Consumer rights

• Consumer rights are enhanced, including:
  • reduced liability for non-authorised payments from €150 to €50;
  • an unconditional refund right for direct debits in euro for a period of 8 weeks;
  • the removal of surcharges for the use of consumer credit or debit cards.
• The European Commission produced a user-friendly electronic leaflet listing consumers’ rights under the directive and related EU law.

Authorisation of payment institutions

The directive does not substantially change the conditions for granting authorisation to payment institutions compared to Directive 2007/64/EC. However, payment institutions offering payment initiation services or account information services will be required to have professional indemnity insurance or a comparable guarantee as a condition of authorisation or registration, respectively.

The directive also contains rules on the supervision of authorised payment institutions, along with measures in case of non-compliance.

Role of the European Banking Authority

The role of the European Banking Authority is strengthened, in order to:

• develop a publicly accessible central register of authorised payment institutions, which must be kept up to date by national authorities;
• assist in resolving disputes between national authorities;
• develop regulatory technical standards for items including:
  • strong customer authentication and secure communication channels, with which all payment service providers must comply,
  • regulatory technical standards for cooperation and information exchange between supervisory authorities.

Instant credit transfers

Regulation (EU) 2024/886 on instant credit transfers in euro amends Directive (EU) 2015/2366 with regard to certain arrangements that payment institutions and electronic money institutions have to implement prior to requesting participation in a payment system and, if granted access, during participation in payment systems designated under Directive 98/26/EC. Such payment institutions and electronic money institutions will have in place:

• a description of the measures taken to protect payment service users’ funds, for example by depositing funds in a separate account in a credit institution or a central bank, or investing it in secure, liquid low-risk assets as defined by the competent authorities of the home Member State;
• a description of their governance arrangements and internal control mechanisms for the payment services or electronic money services they intend to provide, including administrative, risk management and accounting procedures;
• a winding-up plan in case of failure.

Implementing and delegated acts

The Commission has adopted the following implementing and delegated acts with regard to implementing or regulatory technical standards respectively.

• Delegated Regulation (EU) 2017/2055 on the cooperation and exchange of information between relevant authorities, relating to the right of establishment and the freedom to provide services of payment institutions.
• Delegated Regulation (EU) 2018/389 (as amended by Delegated Regulation (EU) 2022/2360) on customer authentication and common and secure open standards of communication.
• Implementing Regulation (EU) 2019/410 on the details and structure of the information to be notified by relevant authorities to the European Banking Authority in the field of payment services.
• Delegated Regulation (EU) 2019/411 on the development, operation and maintenance of the electronic central register within the field of payment services, and on access to the information contained in this register.
• Delegated Regulation (EU) 2020/1423 on the criteria for appointing central contact points within the field of payment services and on the functions of those central contact points.
• Delegated Regulation (EU) 2021/1722 on the framework for cooperation and the exchange of information between the relevant Member States’ authorities in the context of cross-border provision of payment services.