obOpen Banking Lab
GlossarySTETBlogContact
Regulation

PSR

Payment Services Regulation

The European regulation paired with PSD3. Unlike a directive, it applies directly in every member state — with no transposition and no local interpretation.

See also:DSP2DSP3FIDASCAVoPEBA

Definition

The PSR (Payment Services Regulation) is a European regulation proposed in June 2023, paired with PSD3.

Where PSD3 (a directive) sets the prudential framework — statuses, authorisations, supervision — the PSR centralises all the operational rules (consent, APIs, SCA, anti-fraud) into a directly applicable text, with no national transposition.

Directive vs regulation: why this change

This is PSD3's major structural shift:

  • Directive (PSD2) — each state transposes it, with room for interpretation: 27 slightly different versions, and therefore fragmentation.
  • Regulation (PSR) — directly applicable everywhere as soon as it is published, with no transposition or local interpretation.

For pan-European fintechs (Stripe, Wise, Revolut), this is excellent news: a single rulebook, everywhere.

What the PSR contains

It concentrates everything operational about payments:

  • Consent: terms, duration, revocation, the Permission Dashboard.
  • SCA: harmonised rules, clarified in the wording.
  • API quality: availability obligations (> 99%), response times, monitoring, and explicit sanctions for non-compliant ASPSPs.
  • Anti-fraud: the generalisation of VoP, information sharing between PSPs, broader reimbursement for APP scams.
  • Liability: a better allocation between bank, PISP and merchant.
  • Removal of the fallback: the PSD API becomes the sole channel, ending backup screen scraping.

PSR vs PSD3: who holds what

  • PSD3 (directive) — prudential framework: authorisation, statuses (the merger of payment institutions and EMIs), capital, governance, supervision.
  • PSR (regulation) — operational rules: payments, APIs, fraud, SCA, consent.

The two texts are inseparable: together, they will replace PSD2.

Indicative timeline

  • June 2023 — the Commission's proposal.
  • April 2024 — Parliament's position.
  • June 2025 — the Council's position.
  • 27 November 2025 — provisional political agreement in trilogue on PSR + PSD3.
  • 2026 — formal adoption expected.
  • 2027–2028 — effective application.

Within the PSD2 ecosystem

The PSR is the "rules of the game" building block of the new European framework. For compliance, engineering and product teams, it is the text to read first: it will dictate most of the operational landscape of the coming years.

Real-world examples

  • Pan-European neobank: Revolut today juggles the FR, DE and ES transpositions of PSD2; with the PSR, a single rulebook will apply — a significant compliance saving.
  • Mandatory VoP: generalised to all transfers; any merchant accepting transfers will have to display the name/IBAN match.
  • API sanctions: a bank whose API regularly fails will risk explicit financial penalties, calibrated against quality indicators.
  • End of screen scraping: a real break for the players still relying on it (rare in France, more common in Italy, Spain and Poland).
  • APP scams: broader reimbursement of social-engineering victims — a direct impact on the risk model and anti-fraud investment.
  • Monitoring: track the PSR/PSD3 trilogue progress reports — the final version may move significantly from the 2023 text.

Sources

Back to glossary