Back to Blog

What PSD3 Means for Fintechs

We break down the upcoming regulations and what they mean for digital financial platforms.
Industry Insights
March 5, 2026

The Payment Services Directive 3 (PSD3) represents the European Union's next major evolution in open banking regulation, building upon PSD2 and set to reshape how fintech companies operate across Europe and in jurisdictions that align with EU standards.

What's Changing with PSD3

PSD3 introduces several significant updates from its predecessor:

1. Stronger SCA Requirements
Strong Customer Authentication (SCA) rules are being enhanced. PSD3 aims to close loopholes in PSD2 SCA implementation, with clearer technical standards and reduced exemption abuse. All payment service providers must implement multi-factor authentication across a broader set of transaction types.

2. Open Finance Expansion
While PSD2 focused on payment accounts, PSD3 expands data sharing mandates to include savings accounts, investments, pensions, and insurance products. This creates new API requirements and opportunities for fintech platforms building comprehensive financial data aggregation services.

3. Fraud Liability Shifts
PSD3 introduces clearer fraud liability rules, including provisions for authorized push payment (APP) fraud. Financial institutions and payment service providers face increased responsibility for reimbursing victims of fraud in certain scenarios, incentivizing stronger anti-fraud controls.

4. Improved API Standards
PSD3 mandates improved API performance standards, requiring banks to provide dedicated interfaces with higher availability and better documentation. This directly addresses a common pain point for fintechs integrating with traditional bank APIs.

5. Non-Bank PSP Access to Payment Systems
PSD3 expands the ability for non-bank payment service providers to access central bank payment systems directly, reducing dependence on sponsor banks and lowering costs.

Implications for Fintech Companies

For fintech companies operating in or expanding to European markets, PSD3 requires:

- Updating technical integrations to comply with new API standards
- Reviewing SCA implementation and authentication flows
- Updating fraud detection and liability management frameworks
- Expanding compliance programs to cover open finance data categories
- Reviewing licensing structures as new PSP categories are introduced

Global Impact

Even for companies outside Europe, PSD3 matters. Many jurisdictions use EU regulatory frameworks as a model for their own open banking regulations. In the UAE, the Central Bank has been developing its own open banking framework, and understanding PSD3 helps fintech companies prepare for similar regulatory trends in the region.

Genesis Capital's regulatory advisory team helps fintech companies assess PSD3 readiness, update compliance frameworks, and identify opportunities within the evolving open banking landscape.

Blog

Related Posts

ADGM vs DFSA: Regulatory Compliance Guide 2025

Comprehensive comparison of ADGM and DFSA regulatory frameworks for fintech companies operating in UAE
Industry Insights
March 5, 2026
Read more

UAE-Turkey Trade Corridor: Structuring Cross-Border Transactions

Practical guide to structuring trade finance transactions between UAE and Turkey with compliance considerations
Industry Insights
March 5, 2026
Read more

FATF Compliance: KYC/AML Best Practices for Fintech

Essential KYC/AML procedures and FATF compliance requirements for fintech companies and financial institutions
Industry Insights
March 5, 2026
Read more