EU Regulation · Payments
PSD2 compliance, continuously monitored
PSD2 governs strong customer authentication and open banking across the EU — and it is about to be succeeded by PSD3 and the Payment Services Regulation. Kalipso tracks the current rules and the reform as it progresses, maps every obligation to your controls, and shows you exactly what still needs to be done.
What is PSD2?
The second Payment Services Directive (Directive (EU) 2015/2366, “PSD2”) is the EU framework that governs payment services and payment service providers. It introduced strong customer authentication (SCA) for electronic payments and opened access to payment accounts for licensed third parties — the legal basis for open banking — alongside conduct, transparency and incident-reporting requirements transposed into national law across the EU.
PSD2 is not static. The European Banking Authority continues to issue and update the technical standards and guidelines that give it effect, and the Commission has proposed a major reform: a third Payment Services Directive (PSD3) together with a directly-applicable Payment Services Regulation (PSR), which are progressing through the EU legislature and will in time replace much of PSD2. Firms must comply with today’s regime while preparing for the transition.
What PSD2 requires
Strong customer authentication (SCA)
Apply multi-factor authentication to electronic payments and account access, with correctly evidenced use of the permitted exemptions.
Access to accounts and open banking
Provide compliant, secure interfaces for licensed third-party providers, and meet the obligations applying to AIS and PIS where you offer those services.
Authorisation and safeguarding
Hold the appropriate licence, maintain required own funds, and safeguard customer funds in line with the directive and national rules.
Incident reporting and security
Report major operational and security incidents to your competent authority and maintain the mandated security and fraud-monitoring measures.
Transparency and conduct
Meet the information, charging-transparency and customer-rights requirements for payment transactions and framework contracts.
How Kalipso helps with PSD2
Never miss a standard
Kalipso’s Regulatory Radar tracks PSD2, the EBA technical standards and guidelines, and the emerging PSD3/PSR texts and your national authority’s rules — the moment they publish.
From text to obligation
Each update is parsed into the concrete obligations it creates or changes, ranked by how much it affects your firm — so the move from PSD2 to PSD3/PSR is a managed transition, not a scramble.
Gap analysis against your controls
Map SCA, open-banking, safeguarding and reporting requirements to your existing controls and policies, and surface exactly where documentation or controls fall short.
Audit-ready evidence
Every decision, owner and remediation step is logged, so you can show supervisors a defensible trail rather than reconstructing it under pressure.
PSD2 by sector
“Kalipso replaced days of manual horizon scanning with a prioritised list of what actually affects us — and the evidence trail our auditors ask for.”
Frequently asked questions
Is PSD2 being replaced?
Yes, in time. The European Commission has proposed a third Payment Services Directive (PSD3) and a directly-applicable Payment Services Regulation (PSR), which are progressing through the EU legislature and will replace much of PSD2. Until they apply, PSD2 and its technical standards remain the governing regime.
What is strong customer authentication under PSD2?
Strong customer authentication (SCA) requires at least two independent factors — drawn from knowledge, possession and inherence — for electronic payments and account access. PSD2 permits specific exemptions, but firms must be able to evidence that any exemption applied was used correctly.
How does Kalipso keep PSD2 compliance current?
Kalipso continuously monitors PSD2, its technical standards and guidelines, the PSD3/PSR reform and national authority rules, converts each change into the obligations it affects, and flags the gaps against your framework — so your programme stays current, and transition-ready, without manual horizon scanning.
See Kalipso on your obligations
Request a walkthrough and we will show you how Kalipso monitors regulatory change, maps it to your obligations and tracks every gap to closure — on your own regulatory scope.