Latest Payments News: EU Edges Closer To New Payments Framework With PSD3 And PSR Agreement, and more

Catch up on some of the stories our payments compliance analysts have covered lately, and stay up-to-date on the latest news.

EU Edges Closer To New Payments Framework With PSD3 And PSR Agreement

The details of the updated EU payments regime are becoming clearer, with negotiators aiming to deliver a more open and competitive payments sector that places strong emphasis on consumer protection.

The European Parliament and Council of the EU have reached a provisional political agreement on the updated Payment Services Directive (PSD3) and the new Payment Services Regulation (PSR).

The package is intended to update and replace the rules under the current regime (originating in PSD2 and related legislation), reflecting the rapidly evolving payments landscape.

There is a significant focus on fraud reimbursement, with payment service providers (PSPs) that fail to implement appropriate fraud-prevention mechanisms to be held liable for covering customers’ losses.

For example, in cases where a fraudster initiates or changes a transaction, it will be treated as unauthorised and the PSP will be liable for the full amount.

Similarly, in cases of impersonation fraud, where a scammer pretends to be a PSP employee and tricks the customer into approving a payment, the PSP must refund the full amount, provided the customer reports the fraud to the police and notifies the PSP.

In a development likely to be welcomed by those calling for greater responsibility from large online platforms, such platforms will be liable to PSPs that have reimbursed defrauded customers if they are informed of fraudulent content and fail to remove it. The announcement notes that this builds on the protections under the Digital Services Act.

René Repasi, the rapporteur for the PSR, said: “Consumers will benefit from new harmonised rules on the payment services regulation. Mandatory fraud preventive measures will be applied and lead to less payment fraud. Banks have to share more of the burden if they fail to do their part.”

Another key development concerns open banking, with the agreement stipulating that authorised providers must be able to access payment account data. The legislation includes a list of prohibited obstacles to data access.

In addition, customers will be given a dashboard to monitor and manage the permissions they have granted for data access, and banks will be required to provide payment institutions with access to payment accounts on a non-discriminatory basis.

Prolonged Limbo On Open Banking Leaves US Financial Sector Navigating Uncertainty

A renewed push from Democratic senators highlights how the stalled Personal Financial Data Rights (PFDR) rule is forcing banks and fintechs to rethink strategy, as shifting political priorities threaten a stable data-access framework for the long term.

Senators Elizabeth Warren (D-MA), Ron Wyden (D-OR) and Richard Blumenthal (D-CT) wrote last week to the Consumer Financial Protection Bureau’s (CFPB) acting director, Russell Vought, urging the agency to continue developing open banking rules in the interests of consumers.

The senate Democrats outlined the history of the PFDR rule over the past year, from the CFPB finalising it in October 2024, through the agency’s May 2025 decision to stop defending the rule in court and join the plaintiffs in seeking to have it vacated, to the August 2025 Advanced Notice of Proposed Rulemaking (ANPR) that sought comments on various aspects of the rule.

They went on to identify two key reasons that a clear open banking rule is important: preventing data providers such as banks from charging fees that would inhibit consumer access to third-party services, and ensuring consumers have broad freedom to authorise third parties to access their data.

The letter also emphasised that the issue is active and unresolved, highlighting the example of JPMorgan Chase seeking to impose fees on third-party data aggregators such as Plaid.

Although the bank later reached an undisclosed agreement with Plaid, the senators argued that its attempt to impose high fees could have had a crippling effect on third-party providers.

The senators concluded that any revisions to the PFDR rule must recognise the importance of consumers being able to exercise their data rights.

ESAs’ List Of Critical ICT Providers Marks A Key Milestone For DORA Implementation

The designation of systemic providers marks the beginning of a significant operational shift for financial institutions, which will need to strengthen their understanding of third-party dependencies and the risks that accompany them.

The European Supervisory Authorities’ (ESAs) November 2025 announcement of their first list of critical ICT third-party service providers (CTPPs) under the Digital Operational Resilience Act (DORA) is a significant milestone in the EU’s implementation of the regime.

It marks a shift from firm-level to systemic ICT risk management, with the ESAs aiming to address concentration risk in critical infrastructure.

DORA fundamentally reshapes how financial institutions manage ICT dependencies, as well as how ICT providers structure their governance, security and resilience frameworks.

The ESAs completed a multi-step assessment with national authorities and identified 19 providers whose services are systemically important and difficult to substitute. The designated organisations cover cloud, data, infrastructure and core banking technology services, and include big tech firms such as Amazon Web Services, Google and Microsoft.

DORA took effect in January 2025 and is designed to strengthen the operational resilience of the EU financial sector. Under the act, third-party ICT service providers identified as playing a critical role for financial entities in the EU are subject to direct oversight by the ESAs.

The ESAs comprise the European Banking Authority (EBA), the European Securities and Markets Authority (ESMA) and the European Insurance and Occupational Pensions Authority (EIOPA).

Europe Advances Plans For Real-Time Payments Connectivity With Asia

By linking its TARGET Instant Payment Settlement (TIPS) system with India and Southeast Asia, the European Central Bank (ECB) is accelerating real-time payments globally and challenging European payment service providers (PSPs) to prepare for faster flows and competitive pressures.

On November 20, 2025, the ECB confirmed that it will advance its ongoing initiative to interlink the Eurosystem’s TIPS system with India’s Unified Payments Interface (UPI).

The ECB’s Governing Council said it will enter the “realisation phase”, the stage focused on detailed design, legal arrangements and technical build-out, for linking TIPS with UPI.

The Council also confirmed it will continue assessing the feasibility of linking TIPS with Nexus Global Payments (NGP), alongside the required legal and technical considerations.

NGP was launched in March 2025 by the central banks and instant payment system operators of India, Malaysia, the Philippines, Singapore and Thailand.

It builds on Project Nexus, a study led by the Bank for International Settlements (BIS) Innovation Hub Centre in Singapore, with participation from the same central banks.

Incorporated as a non-profit, NGP creates a single technical connection point for participating instant payment systems, eliminating the need for bespoke bilateral integrations.

The ECB said its decision to move forward on connections with the two instant payment systems supports the aims of the G20 roadmap for cross-border payments.

Scheduled to be completed by the end of 2027, the roadmap commits G20 members to a set of quantitative targets on faster, cheaper, more transparent and accessible global cross-border payments.

NGP is targeting “near-zero cost” cross-border payments that can be completed in less than 60 seconds. If achieved, this could significantly disrupt current pricing models and force European PSPs to reassess margins on remittance and e-commerce flows.

‍

Want to know more? 

Request a demo with one of our experts today to gain full access to the stories we cover - and much more - and start learning how you can make compliance a competitive advantage for your organisation.