If you have ever had anything to do with banking or payments in Europe, you have probably heard the terms PSD2 and open banking. Sometimes used interchangeably, these two concepts are related but distinct – and understanding the difference between open banking and PSD2 is essential for any business operating in the European payments landscape.
In this article, we examine what PSD2 and open banking each mean, the difference between PSD2 and open banking, how the two frameworks unlock opportunities for fintechs and online businesses, and what the upcoming transition to PSD3 means for the future of open banking in Europe.
Table of Contents
What does Open Banking mean?
Open Banking is a framework that allows third-party providers (TPPs) to securely access and handle bank account data via Application Programming Interfaces (APIs). The very first Open Banking regulations in the EU were introduced in 2015. Since then consumers in the majority of European jurisdictions can provide licensed and regulated financial service providers with access to their accounts. Use cases are plentiful and varied, and include payment initiation, account aggregation, identity verification, and other services.
Side note: Open Banking is not a purely European thing, as similar programs have been rolled out in other jurisdictions around the world. In this article, however, we will be focusing mainly on Open Banking in Europe.
Open Banking helps create seamless and convenient customer experiences. Let’s imagine that you are operating an online marketplace. Without Open Banking, you might be limited in the checkout options you could offer your shoppers. With Open Banking, on the other hand, both your clients and your merchants can handle payments, refunds and other transactions without having to jump through hoops. And as Open Banking solutions can be easily embedded into different touchpoints, they don’t even have to leave your website or app to manage their financial matters.
The question is – how is this seemingly free flow of financial datea made safe and secure? Far from being laissez-faire, Open Banking in Europe is a tightly regulated space, where one set of rules is king (for now). Let us introduce the Revised Payment Services Directive, which is better known as PSD2.
Open banking regulations are designed to increase market competition, promote innovation, and improve consumer choice in financial services – while ensuring customer data remains private and secure. Under open banking, consumers must provide explicit consent for their financial data to be shared with third-party providers, and they retain full control over that consent, including the right to revoke it at any time.
What does PSD2 mean?
Adopted in 2015, the Revised Payment Services Directive (commonly known as PSD2) is the regulatory backbone for Open Banking in the European Union and the European Economic Area (EEA). PSD2 sets the standards, particularly around security and authentication, which all licensed financial services providers must adhere to.
One of the main underlying principles of PSD2 is making online payments safer and more convenient, while ensuring that customers receive high-quality banking services.
Safer payments – PSD2 mandates the use of Strong Customer Authentication methods (more on that later);
Better consumer protection – under PSD2, consumers are protected against financial losses from unauthorized transactions;
Increasing competitiveness and boosting innovation – by making banks open their APIs to all regulated financial institutions, PSD2 essentially leveled the playing field for companies developing innovative financial services.
PSD2 went into effect on 13 January 2018 across the EU and EEA, requiring all European banks to expose customer account data to regulated third parties through dedicated APIs. This is what makes open banking technically possible in Europe: PSD2 is the legal mandate; open banking is the practical framework that operates on top of it.
The key components of PSD2
To better understand how PSD2 works in a way that’s secure and efficient, we need to have a grasp on several essential concepts. These include third-party providers (TPPs), access to accounts (XS2A), and strong customer authentication (SCA).
Who is considered a third-party provider according to PSD2?
Third-party providers or TPPs are companies (usually fintechs) that are authorized to initiate transactions and access account information on behalf of a bank customer (individual or business).
To operate under PSD2 as a third-party provider, a company would need to receive either an Account Information Service Provider (AISP) or Payment Initiation Service Provider (PISP) license. AISPs can access and consolidate user account information from different banks, whereas PISPs can initiate payments on behalf of the user.
What does Access to Accounts (XS2A) mean?
Access to Accounts (XS2A) is at the core of all activities that become available under PSD2. In a nutshell, XS2A allows regulated third-party providers (which we’ve just discussed) to access a bank customer’s account. This access facilitates two main services: payment initiation and account information.
Under PSD2, all banks operating in the EU/EEA are required to provide APIs to allow third-party providers access to customer account data. Customers, in turn, can choose from a wide range of apps and services to view their account information or initiate payments.
While it might seem that everything is happening in the background (which it kind of does), it’s important to bear in mind that nothing can happen without the customer’s overt consent. Users decide which data they share and with whom, placing them in full control of their financial data.
And consent isn’t a one-and-done deal. In fact, customers can revoke access to their data from third-party providers (TPPs) at any time.
How does Strong Customer Authentication (SCA) work?
Strong Customer Authentication (SCA) is an inherent part of the PSD2 framework that reduces fraud and makes online payments more secure. To meet SCA requirements, all third-party providers and banks have to integrate additional multi-factor authentication.
Typically, to authenticate a payment, a customer has to provide at least two of the following three elements:
- Something they know. This could be a password, a PIN code, a customer authentication number, and so on.
- Something they have. This can be a physical device – for example, a smartphone equipped with an e-signature.
- Something they are. This can be their fingerprint or other means of biometric identification.
What does PSD2 mean for banking?
For banks, PSD2 fundamentally changed the competitive landscape. Banks are now required to open their payment infrastructure to regulated third parties – removing the monopoly they previously held over customer account access. This has driven significant investment in API infrastructure, fraud prevention systems, and customer authentication technology.
For businesses and fintechs, PSD2 and open banking together provide access to banking infrastructure they could not previously reach without a banking licence. Payment Initiation Service Providers (PISPs) can initiate payments directly from customer accounts, bypassing card networks and reducing processing costs. Account Information Service Providers (AISPs) can aggregate financial data to power budgeting tools, credit assessment, and personalised financial products.
PSD2 requires all payment transactions exceeding €30 initiated by customers to comply with Strong Customer Authentication requirements. It also mandates that Account Servicing Payment Service Providers (ASPSPs) – banks – allow access to customer account data through dedicated API interfaces.
What are the benefits of PSD2 and Open Banking for consumers?
PSD2 and Open Banking enhance the customer experience through improved access to account information and financial services.
For consumers, the main benefits are as follows:
Valuable insights. It is common for people to have many bank accounts, e-wallets, and so on. With Open Banking and PSD2, they can aggregate all financial data across accounts in one platform or app. This consolidated view can provide deeper insights into their financial health, spending habits, and even asset portfolios.
Seamless transfers. Customers can initiate payments or transfer money between accounts across different banks effortlessly, reducing the time and hassle associated with traditional banking processes.
Better customer experience. A level-playing field among fintechs and other financial service providers leads to better and more varied products, as well as lower fees. And as customers start expecting better financial experiences, everyone – including traditional banks – has to up their game.
While there are numerous ways in which Open Banking and PSD2 benefit customers in Europe, the main use cases fit under the following categories: Account aggregation, Personalized financial management tools, and Simplified payment experiences.
Account aggregation allows customers to view all their bank accounts, credit cards, loans, and other financial instruments from different providers in one dashboard. This holistic perspective aids customers in understanding their entire financial picture at a glance.
Personalized financial management tools can analyze transaction history, categorize spending, and help users set budgets. By tracking expenses and setting financial goals, customers can make more informed decisions about their spending habits.
Simplified payment experiences, such as direct account-to-account transfers, bypass the need for intermediaries like credit card networks.
Thanks to Embedded Finance capabilities, customers can receive high-quality financial services across multiple platforms, including e-commerce stores, marketplaces, platforms, travel websites and more.
How PSD2 and Open Banking foster innovation
Open Banking has paved the way for fintech startups to emerge and flourish, each bringing unique solutions, from budgeting tools to investment platforms.
At the same time, traditional banks and fintech firms now engage in partnerships, combining the trust and reach of banks with the innovation and agility of fintechs. This collaboration often results in novel solutions for consumers.
Beyond traditional banking services, we see integrations with other sectors like e-commerce, telecommunications, or even health, thus expanding the horizons of financial services.
How is PSD3 going to change Open Banking in Europe?
On June 28th, 2023, the European Commission unveiled the draft of the third Payment Services Directive (PSD3), intended to replace the currently valid PSD2. In the best case scenario, the new legislation will be passed in the summer of 2024, with expected enforcement commencing at some point 2025.
A few noteworthy elements of the draft PSD3 include:
Enhanced SCA application. Banks will mandate Strong Customer Authentication (SCA) only during initial data access by TPPs. After that, TPPs will oversee the SCA application for subsequent data access.
Consumer data access dashboard. Banks will be expected to introduce intuitive and powerful dashboards, empowering Open Banking users to oversee and manage their data permissions.
Standardization of data and access: Customers can now electronically access their data without extra charges. Financial institutions will need to standardize data sharing via a dedicated financial data-sharing scheme. The objective is to encourage extensive data sharing across the EU while ensuring adherence to quality standards.
The new provisions strike a balance between enhancing user experience, ensuring data security, and promoting consistent open banking practices across the EU.
PSD2 and Open Banking: what this means for your business
PSD2 and open banking have fundamentally changed what is possible for businesses operating in the European payments landscape. Access to banking infrastructure no longer requires a banking licence. Payment initiation, account aggregation, and embedded financial services are now available to any regulated third party willing to build on top of the framework.
For platforms, marketplaces, and fintechs, the practical implication is clear: the barrier between your product and financial services has never been lower. PSD2 created the legal foundation; open banking built the ecosystem on top of it; and the upcoming PSD3 and PSR will strengthen and standardise it further.
ConnectPay operates as a licensed electronic money institution within this framework – meaning our clients inherit the compliance, API infrastructure, and regulatory standing needed to offer payment initiation, multi-currency accounts, and embedded finance without navigating the regulatory complexity themselves. As PSD3 comes into force through 2027 and 2028, ConnectPay will manage the transition on behalf of clients, ensuring continuity and compliance throughout.
If you want to understand what PSD2 and open banking mean specifically for your business model, get in touch with our team.
FAQs: PSD2 and open banking
What is open banking?
Open banking is a framework that allows regulated third-party providers to securely access customer bank account data via APIs, with the customer’s explicit consent. Use cases include payment initiation, account aggregation, identity verification, and personalised financial management tools.
What is PSD2?
PSD2 (the Revised Payment Services Directive) is the EU regulation that forms the legal backbone of open banking in Europe. It went into effect on 13 January 2018 and requires banks to open their APIs to regulated third parties, mandates Strong Customer Authentication for transactions above €30, and creates the licensed roles of AISP and PISP for third-party providers.
What is the difference between open banking and PSD2?
PSD2 is the EU law that mandates banks to open their infrastructure to regulated third parties. Open banking is the practical framework – the products and services – that PSD2 makes possible. PSD2 is the regulatory foundation; open banking is what is built on top of it.
How does PSD2 support open banking?
PSD2 supports open banking by legally requiring banks to provide API access to customer account data for regulated third parties, mandating security standards (SCA) that protect that access, and establishing the licensed categories (AISP, PISP) through which third parties can operate. Without PSD2’s legal mandate, banks in Europe would have no obligation to enable open banking at all.
What is PSD3 and when will it come into force?
PSD3 is the third Payment Services Directive, which alongside a new Payment Services Regulation (PSR) will replace PSD2. A provisional political agreement was reached in November 2025, with publication in the Official Journal anticipated in H1 2026 and full compliance required by late 2027 or 2028 after transition periods. PSD3 introduces stronger fraud liability rules, updated SCA requirements, standardised open banking APIs, and a merged PI/EMI authorisation regime.






