PSD2
Revised Payment Services Directive — Directive (EU) 2015/2366
Standard Introduction
PSD2 is an active standard published by European Union. It is commonly used across Finance & Banking, Technology, Services, Retail and applies in European Union, European Economic Area.
Use this page to review the official documentation, current status, and the certification or assessment bodies most commonly associated with PSD2.
Implementation Roadmap
Define EU payment services compliance scope
Identify the products, services, systems, entities, jurisdictions, teams, vendors, data flows, and stakeholders covered by PSD2. Confirm owners, boundaries, applicable obligations, documentation, and evidence expectations for payment service authorization, strong customer authentication, secure communication, open banking interfaces, operational and security risk, incident reporting, safeguarding, customer information, complaints, liability, outsourcing, and regulatory reporting.
Assess obligations and gaps
Compare current practices with the expected EU payment services compliance approach. Review licensing governance, SCA implementation, API security, consent management, fraud monitoring, incident reporting, safeguarding controls, customer disclosure, complaint handling, outsourcing oversight, operational risk controls, and regulator communications, then prioritize gaps by legal exposure, user or safety impact, customer commitments, operational dependency, reporting deadlines, and assurance readiness.
Implement controls and evidence
Deploy required procedures, technical controls, review gates, training, supplier workflows, reporting paths, and operational records. Maintain authorization files, policies, SCA test results, API logs, consent records, fraud alerts, incident reports, safeguarding reconciliations, customer communications, complaint logs, outsourcing files, risk reports, and supervisory correspondence as traceable evidence.
Review, report, and improve
Run management reviews, internal checks, technical testing or independent assessments where applicable, corrective actions, and change reviews. Refresh the program when products, vendors, laws, incidents, reporting cycles, or stakeholder expectations change.
Compliance Checklist
checklist Scope and accountability
checklist Controls and records
checklist Monitoring and assurance
Frequently Asked Questions
Who needs PSD2?
expand_more
PSD2 is most relevant to payment institutions, electronic money institutions, account servicing payment service providers, third-party providers, banks, fintechs, and payment platforms operating in the EU/EEA. The exact scope depends on products, services, jurisdictions, reporting duties, customer commitments, technical requirements, and the organization's role in the relevant ecosystem.
Is PSD2 certifiable?
expand_more
PSD2 is an EU legal framework implemented through national law and regulatory technical standards, not a certification. Payment service providers need authorization, governance, security, customer rights, and reporting controls.
What should implementation focus on first?
expand_more
Start by defining scope, obligations, accountable owners, and the evidence expected by regulators, customers, auditors, assurance providers, or governance bodies. Then perform a gap assessment against current controls and prioritize remediation by risk and deadline.
What evidence is useful for PSD2?
expand_more
Useful evidence includes authorization files, policies, SCA test results, API logs, consent records, fraud alerts, incident reports, safeguarding reconciliations, customer communications, complaint logs, outsourcing files, risk reports, and supervisory correspondence. Evidence should be version-controlled, attributable to owners, linked to obligations and controls, and retained for the required review or audit period.
How often should the program be reviewed?
expand_more
Review it at planned intervals and whenever laws, products, vendors, incidents, reporting cycles, customer commitments, technical standards, or assurance expectations change. Higher-risk obligations should have more frequent monitoring and management reporting.
Official Documentation
Official PDF for PSD2
Official publication or summary for PSD2
Official online resource
European Union guidance and reference material
Implementation toolkit
Templates, guidance, or companion resources for PSD2