PSR – European Parliament’s draft amendment

The drafting of the PSR is in full swing: the European Parliament has adopted the European Commission's legislative proposal with some amendments. The draft amendment contains, among other things, new exemptions for payment services, stricter liability rules for fraud prevention and obligations for access to mobile devices for front-end services.

After the European Commission submitted a legislative proposal (“Commission Proposal“) to the Parliament and the Council in summer 2023 to revise Directive (EU) 2015/2366 (Payment Services Directive 2 – “PSD2“), the Parliament adopted the proposal with amendments on 23 April 2024.

The Commission Proposal provides for PSD2 to be amended and split into two legal acts – a directive and a regulation. Provisions regarding the authorisation and supervision of payment institutions are now to be regulated in a directive (“PSD3“) and provisions regarding supervision and the civil law obligations of payment services are to be regulated separately in a regulation (“PSR“). In doing so, the legislator aims to harmonise European regulations, as the PSR is directly applicable to Member States and does not require transposition into national law. At the same time, Directive 2009/110/EC (Second E-Money Directive) will be repealed and e-money institutions will be included in the scope of the Commission Proposal.

We have already commented on the changes resulting from the Commission Proposal and the draft amendment to PSD3. In this article, we take a look at the changes resulting from the European Parliament’s draft amendment to the PSR (“Draft Amendment” or “PSR-D“).

What is new in the Draft Amendment?

  • Exceptions

Among other things, the Draft Amendment introduces a further exception to the existence of a payment service. Under Art. 2 para. 2 lit. ha), the PSR-D should not apply to payment transactions that are carried out using e-money tokens within the meaning of Regulation (EU) 2023/1114 (the EU Regulation on Markets In Crypto-Assets – “MiCAR“) if the payment service provider is already authorised in a Member State in accordance with MiCAR. This is intended to avoid double regulation.

The exemption provision for group payments should now also cover related services “including the collection of funds and the execution of payments” by a group company “on behalf of the group” (Art. 2 para. 2 lit. m) PSR-D). The question arises as to whether the legislator also intends to cover payments from or into the group which, according to the German Federal Financial Supervisory Authority’s (Bundesanstalt für Finanzdienstleistungsaufsicht – “BaFin”) current administrative practice, do not fall under the exemption provision of section 2 para. 1 no. 13 ZAG.

  • Liability / strengthening fraud prevention

Compared to the Commission Proposal, the Draft Amendment contains numerous tightening measures with regard to the liability of payment service providers and so-called providers of electronic communications services. The latter are to include, for example, operators of online platforms or mobile phone operators (Recital 80 PSR-D).

Like the Commission Proposal, the Draft Amendment also provides for payment service providers to be liable to payment service users who are consumers in the event that they fall victim to so-called “spoofing cases” (Art. 59 para. 1 PSR-D).

The Draft Amendment also establishes a fundamental liability obligation for providers of electronic communications services towards payment service providers if they do not remove fraudulent or illegal content when they are aware of it due to a notification from the payment service provider (Art. 59 para. 5 PSR-D).

The provision also contains a comprehensive range of obligations for providers of electronic communications services to prevent fraud, for example by providing customer information or taking organisational measures.

There is to be a further increase in liability for payment service providers if they do not block a payment instrument in the event of objective risks or suspicion of unauthorised or fraudulent use of the payment instrument (Art. 51 para. 2 PSR-D). Previously, the payment service provider only had a right to block under civil law.

  • Access to mobile devices

The Draft Amendment also provides for an obligation for so-called “original equipment manufacturers of mobile devices and providers of electronic communications services” vis-à-vis the providers of front-end services to enable interoperability with the technical functions required for the storage and transmission of data for the processing of payment transactions (Art. 88a para. 1 PSR-D). This obligation is intended to supplement Art. 6 para. 7 of Regulation (EU) 2022/1925 (Digital Markets Act).

The terms “original equipment manufacturer” and “front-end services” are not defined in the PSR-D. The term “front-end services” is defined in the Draft of the Digital Euro Regulation as “all components that are necessary for the provision of services to users of the digital euro and that interact with back-end solutions and other front-end services via defined interfaces“.

The PSR-D also refers to original equipment manufacturers as original manufacturers of mobile devices. Therefore, the provision should essentially aim to give payment service providers who want to provide payment service users with an application on a mobile device to carry out payment services a right to access all the necessary hardware and software components required to carry out these services. The PSR-D focuses primarily on near-field communication and the secure elements of mobile devices.

  • Transparency regulations

The Draft Amendment also introduces a number of transparency provisions into the PSR-D, for example with regard to charges for currency conversion (Art. 5 para. 2, Art. 13 para. 1, Art. 20 lit. c) v), Art. 24 PSR-D), charges for cash provision services (Art. 7 PSR-D) or charges for withdrawals from ATMs (Art. 28 para. 3a PSR-D).

  • Cancellation of framework agreements

For framework agreements between a payment service provider and a payment service user, the Draft Amendment provides for adjustments compared to the Commission Proposal to the effect that no costs may be incurred by the payment service user upon termination of the framework contract if it has been in force for at least three months (instead of the six months provided for in the Commission Proposal) (Art. 23 para. 2 PSR-D).

The Parliament has increased the cancellation period for framework agreements by the payment service provider from two months in the Commission Proposal to three months (Art. 23 para. 3 PSR-D).

  • Charging of fees

The European Parliament has added provisions to the Commission Proposal regarding the charging of fees. For example, payees should not be allowed to charge the payer for payments (Art. 28 para. 3 PSR-D). However, it should be possible to offer discounts or other incentives for the payer to use a certain payment instrument (Art. 28 para. 3b PSR-D).

In addition, payees must offer payment service users at least one payment method for which no surcharge is levied and for which no payment initiation service provider is used (Art. 33 para. 1a PSR-D). The relationship between the prohibition of charges and the possibility of charging surcharges still needs to be clarified.

  • Strong customer authentication

For the question of whether an exception to the obligation for strong customer authentication must be implemented, the consumer or business status of the parties involved in the payment transaction may be used as a criterion within the scope of a delegated act (Art. 85 para. 11 lit. ca) PSR-D).

For the characteristic of inherence, the Draft Amendment provides for environmental and behavioural characteristics that are related, for example, to the location of the payment service user, the time of the transaction or the device used (Art. 85 para. 12 PSR-D). In addition, the Draft Amendment introduces provisions for strong customer authentication, which should take into account customers with disabilities, low digital literacy, older people and people who do not have access to digital channels or payment instruments (Art. 88 para. 2 PSR-D).

  • Access interfaces to payment account

As in the Commission Proposal, account servicing payment service providers (“ASPSP“) do not have to maintain an interface for account information service providers (“AIS“) and payment initiation service providers (“PIS“) in addition to the dedicated interface.

However, they are now expressly obliged to grant AIS and PIS permanent access to such interfaces that enable business continuity (Art. 35 para. 2 PSR-D). In addition, ASPSPs should ensure that they make changes to the technical specification for their dedicated interface available no later than six weeks (instead of three months in the Commission Proposal) before implementing the change in advance (Art. 35 para. 4 PSR-D).

Furthermore, ASPSPs are obliged to confirm to PIS within 30 seconds of authorisation at the latest whether the payment has been or will be executed (Art. 36 para. 5 PSR-D).

Finally, ASPSPs must communicate all updates to the information necessary for the initiation and execution of the payment transaction, which the payer would also receive, to the PIS continuously via the dedicated interface as a push message in real time until the payment has been executed or rejected (Art. 37 para. 3 PSR-D).

  • Refusal to open/close a payment account for a payment institution

The Draft Amendment supplements the Commission Proposal with regard to the opening of a payment account for a payment institution by a credit institution to the effect that the latter may only refuse to open such an account in such cases or may only close such an account if objective, non-discriminatory and proportionate reasons justify this.

The notice period for the closure of such an account should be four months, unless it is in connection with fraud or unlawful behaviour (Art. 32 para. 1 PSR-D). The credit institution is to notify the competent authority of the decision to refuse to open or close a payment account (Art. 32 para. 3a PSR-D). These provisions are intended to counter difficulties encountered by payment institutions when opening bank accounts.

Assessment and outlook

In addition to a large number of detailed changes in the PSR-D, the new liability provisions towards providers of electronic communications services deserve particular attention. The same applies to the obligation towards providers of electronic communications services and original equipment manufacturers of mobile devices to grant front-end services access to the devices. The terminology and regulations used do not yet appear to be entirely consistent and still require clarification. It is to be welcomed that the PSR-D now addresses the question of the demarcation from MiCAR when using e-money tokens.

Due to the large number of regulations, some of which have been amended in great detail, the PSR-D still appears to be a long way from the final version.

Next steps in the legislative process

The European Parliament adopted the European Commission’s proposals for the PSR-D (and PSD3) at first reading on 23 April 2024 with amendments. Next, the Council may either decide to approve the Parliament’s position – in which case the PSR-D will be deemed adopted – or amend it – in which case the Commission Proposal will be referred back to the Parliament for a second reading.

In view of the extensive amendments by the European Parliament and the European elections in June 2024, we expect that the negotiations between the European Parliament and the Council of the European Union will only begin after that.