Most people working in fintech understand PSD3 and PSR is one of the main regulation conrnerstones that define how the industry will work in recent years. Two legislation frameworks were proposed together, negotiated together, and will reshape the EU payments landscape together. But treating them as a single package obscures a distinction that actually matters. On 27 November 2025, the EU Parliament & Council made a transitional political confirmation on both instruments. According to Artsiom Liashanau, serial fintech entrepreneur, understanding the structural difference between the two is valid in details – where, as we know, the devil is.
Same goal, but different legal form
The PSR, or Payment Services Regulation, is a directly applicable EU regulation. Once it in full action mode, it applies uniformly across all member states with no national transposition. But PSD3, the third Payment Services Directive, requires all member states to implement its provisions into domestic law within 18 months.
So, why the split? Liashanau thinks – and for good reason – this division is deliberate. The conduct-of-business rules affecting every cross-border payment service provider, like transparency obligations, fraud liability, strong customer authentication and Open Banking access, have been placed in the PSR to eliminate the inconsistencies that plagued PSD2 implementation. The PSR makes the core rules identical everywhere from day one.
Join The European Business Briefing
New subscribers this quarter are entered into a draw to win a Rolex Submariner. Join 40,000+ founders, investors and executives who read EBM every day.
SubscribePSD3, meanwhile, governs who is allowed to operate. It consolidates the auth framework for payment and emoney institutions, and repeals the second E-Money Directive, integrating e-money institutions under a single supervisory structure.
The changes that will be felt in practice
The PSR’s scope covers card transactions, credit transfers, p2p money transfers, debits, and e-money issuers – and the digital wallets such as Google Pay and Apple Pay, which Arstsiom Liashanau considers essential part of modern user experience. It introduces mandatory payee verification before payment execution and shifts liability toward PSPs in cases of impersonation fraud. Where a customer is defrauded through spoofing, the PSP is required to reimburse them. This burden reverse is one of the most commercially significant changes.
As for the Open Banking, the framework set up a requirement for the banks to maintain dedicated API interfaces to a defined technical standard, with public performance statistics and mandatory advance notice before any technical changes. A new permission dashboard gives users direct visibility – within their bank’s own environment – over which third-party providers can access their data, with revocation available without contacting the provider.
What comes next
Both texts are undergoing finalisation before formal adoption, with the PSR expected to be fully operational by mid-2026. PSD3 then gives member states 18 months for transposition, putting full compliance obligations around late 2027 for most jurisdictions.
Artsiom Liashanau notes that the PSD3-PSR split reflects a deliberate regulatory philosophy: harmonisation as a first principle. Those who treat the two regulation tools as separate risk missing the broader point – they only work together.
