The European Banking Authority (EBA) has published an Opinion which offers guidance to national authorities on the transition from the existing Payment Services Directive (PSD1) to the revised Directive (PSD2), which will apply from 13 January 2018.
PSD2 has conferred on the EBA the development of twelve Technical Standards and Guidelines covering a number of different areas, including authorisation, passporting, payment security, account access, and consumer protection. However, by the application date of PSD2, 13 January 2018, some of the EBA deliverables will not yet be applicable, either because they have not been completed or because PSD2 itself envisages that certain security-related provisions will be applicable after its application date. Finally, PSD2 also foresees that some groups of providers will not have to comply with all PSD2 requirements from its application date.
The EBA Opinion provides advice to competent authorities on a number of items, including:
- Clarification that even if an EBA instrument does not yet apply, the underlying provision in PSD2 does.
- Guidance re the transitional period under Article 115(4) from 13 January 2018 until the Technical Standards on Strong Customer Authentication and Common and Secure Communication apply (aka EBA/RTS), including the advice that payment services providers comply early with the requirements.
- Direction as to how and when the existing EBA Guidelines on the security of internet payments under PSD1 will be superseded by the provisions in PSD2 and the related EBA instruments.