The EU’s Payment Services Directive 3 takes effect on July 1, 2026, and most European banks are not ready. A February 2026 survey by the European Banking Authority found that 61% of EU-licensed payment institutions had not completed their compliance programs for PSD3. Among traditional banks, the figure was 54%. The directive rewrites the rules for open banking, payment fraud liability, and data sharing across the European Economic Area’s 30 member states.
What PSD3 Changes
PSD3 is the successor to PSD2, which took full effect in 2019 and established the legal framework for open banking in Europe. PSD2 required banks to share customer account data with licensed third-party providers through APIs. It introduced Strong Customer Authentication (SCA) for online payments. And it created the regulatory category of Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs).
PSD3 builds on these foundations with several material changes. First, it creates a mandatory open finance framework that extends data sharing beyond payment accounts to include savings accounts, investment accounts, insurance products, and pension accounts. Banks must provide API access to all these account types by January 2028, according to the European Commission.
Second, PSD3 shifts fraud liability. Under PSD2, if a consumer was tricked into authorizing a fraudulent payment (authorized push payment fraud), the consumer bore the loss. PSD3 introduces shared liability between the sending and receiving payment service providers. The receiving bank must reimburse fraud victims up to 10,000 euros within five business days.
The global open banking market is expected to exceed $123 billion by 2031, and PSD3 is the single largest regulatory driver of open banking expansion in Europe.
The API Compliance Gap
The EBA survey revealed specific technical shortcomings. Of the banks that had begun PSD3 implementation, 38% had not upgraded their APIs from the PSD2-era Berlin Group or Open Banking UK standards to the new PSD3-compliant specifications. The new specs require faster response times (under 500 milliseconds), higher uptime guarantees (99.95%), and support for bulk data requests.
Third-party providers have complained about API quality since PSD2 launched. A 2025 analysis by Konsentus found that 23% of European bank APIs had downtime exceeding 1% per month, violating PSD2 requirements. PSD3 raises the bar further and introduces financial penalties for non-compliance: up to 1% of annual revenue for systematic API failures.
Financial APIs are powering the next generation of fintech platforms, and the quality of those APIs determines whether open banking works in practice or only on paper.
Fraud Liability Is the Expensive Change
The shared fraud liability model is the provision causing the most concern among banks. Authorized push payment (APP) fraud cost European consumers 2.3 billion euros in 2025, according to the Europol Internet Organised Crime Threat Assessment. Under PSD3, banks on both the sending and receiving side must contribute to reimbursement.
The U.K. implemented a similar policy in October 2024 through the Payment Systems Regulator’s mandatory reimbursement rules. In the first six months, U.K. banks reimbursed 312 million pounds in APP fraud losses, a 67% increase over the voluntary reimbursement period. Banks responded by investing in confirmation-of-payee systems and transaction monitoring. The cost of fraud prevention technology at U.K. banks rose 23% in 2025.
Fintech is reshaping the $300 trillion global financial services industry, and fraud prevention is one of the areas where fintechs and banks are both investing heavily. Companies like Featurespace, Feedzai, and ComplyAdvantage have seen revenue growth above 40% as financial institutions prepare for stricter liability rules.
Open Finance Expands the Data Perimeter
PSD3’s extension of data sharing to investment, insurance, and pension accounts creates new product categories. A financial planning app that can read a consumer’s bank accounts, investment portfolio, insurance policies, and pension balance can provide comprehensive advice. Today, building that product requires bilateral agreements with each data holder. After PSD3, it requires a single regulatory license and API access.
The potential market is large. European households hold 33 trillion euros in financial assets, according to the ECB’s sector accounts data. Open finance APIs will give licensed fintech companies access to data about those assets, enabling products like automated portfolio rebalancing, tax optimization, and insurance comparison across providers.
The embedded finance market is forecast to reach $7 trillion by 2030, and open finance data is a prerequisite for many embedded finance products. A car dealership that can instantly check a buyer’s insurance coverage and offer a better rate at the point of sale needs open finance APIs to work.
Who Benefits from PSD3
Account aggregators and personal finance management apps benefit directly from expanded data access. Companies like Tink (acquired by Visa), Plaid (operating in Europe since 2021), and Yapily will gain access to investment and insurance data in addition to payment accounts.
Payment initiation providers benefit from the fraud liability shift. Under PSD2, consumers were reluctant to initiate bank-to-bank payments because they bore the fraud risk. Under PSD3, shared liability makes bank payments more comparable to card payments in terms of consumer protection. This could accelerate the shift from card-based to account-based payments.
75% of banks now collaborate with fintech startups, and PSD3 compliance is accelerating those partnerships. Banks that cannot build PSD3-compliant infrastructure internally are hiring fintechs to provide it. Compliance-as-a-service and API management platforms are among the fastest-growing fintech categories in Europe heading into July 2026.
The July deadline is firm. The European Commission has stated that no extension will be granted. Banks that fail to comply face supervisory action and financial penalties. For the 61% that are not yet ready, the next four months will determine whether PSD3 launches smoothly or in chaos.
