On 10 June 2025, the European Banking Authority (EBA) published an opinion on the interplay between the second EU Payment Services Directive (PSD2) and the EU Markets in Crypto Assets Regulation (MiCAR) regarding crypto-asset service providers (CASPs) that transact electronic money tokens (EMTs) (no action letter).
The EBA issued the no action letter in response to a December 2024 request from the European Commission to address issues arising from the interplay between these sets of EU legislation, which could burdensomely require dual authorisation for CASPs transacting EMTs (for example, as a CASP under MiCAR and as a payment institution under PSD2).
The EBA has provided its opinion in this regard including on the short-to-medium term approach of national competent authorities (NCAs) and the longer-term approach of EU legislators in the no action letter.
Advice to NCAs in the short-to-medium term
Until the transposition deadline of the third Payment Services Directive (PSD3) is reached and the Payment Services Regulation (PSR) is applied, the EBA envisages that NCAs would require authorisation under PSD2 for only a particular sub-set of CASPs that transact EMTs, following a transition period that ends on 2 March 2026.
The EBA also sets out which type of EMT transactions NCAs are advised not to regard as payment services (and therefore not to require an additional authorisation for under PSD2) and which type of EMT transactions NCAs are advised to regard as payment services (and therefore to require authorisation for under PSD2) and which PSD2 provisions the EBA recommends that NCAs de-prioritise for the purpose of supervision and enforcement of in-scope firms and from what date.
Types of EMT transactions which the no action letter advises NCAs to regard as payment services
The no action letter advises NCAs:
- to view the transfer of crypto-assets (as defined in MiCAR) as a payment service under PSD2 where they entail EMTs and are offered and carried out by the entities on behalf of their clients;
- to regard the custody and administration of EMTs as a payment service under PSD2 and the custodial wallet as a payment account where the wallet is held in the name of one or more clients and allows to send and receive EMTs to and from third parties.
For these services, the no-action letter advises NCAs to require authorisation under PSD2 only from 2 March 2026 and, during the authorisation process, to apply streamlined procedures that make maximum use of information that legal entities provide during their CASP authorisation process.
Types of EMT transactions which the no action letter advises NCAs not to regard as payment services
NCAs are advised not to consider as payment services (and therefore not to subject to the application of PSD2, including its provisions on licensing):
- the exchange of crypto-assets for funds and the exchange of crypto-assets for other crypto-assets (each as defined in MiCAR).
- cases where CASPs intermediate the purchase of any crypto-assets with EMTs.
Elements of PSD2 to be prioritised by NCAs
To ensure equally high standards of consumer protection regardless of whether a consumer is using EMTs or more traditional funds as a means of payment, NCAs are also advised to insist on compliance with certain PSD2 provisions relating to:
- Security and Strong Customer Authentication (SCA)
The EBA views that the custody and transfer of EMTs need to be as secure as all other payment services subject to PSD2. Therefore, the SCA requirements set out in PSD2 and the related implementing Acts developed by the EBA must apply to the custody and transfer of EMTs. More specifically, the requirements must apply to the access to custodial wallets of EMTs held by CASPs/Payment Service Providers (PSPs) and prior to initiating a transfer of EMTs. However, the EBA acknowledges that the industry will require some time for the necessary technological implementation and advises NCAs not to prioritise the supervision and enforcement of these requirements until 2 March 2026.
- Reporting of payment fraud
As payment fraud requirements under PSD2 are an integral part of the supervision and oversight of the payments sector, from the EBA's perspective, it is important that these requirements apply. However, like the approach used for the SCA requirements, the EBA advises NCAs not to prioritise the supervision and enforcement of the fraud reporting requirements under Article 96(6) PSD2 until 2 March 2026.
- Initial capital and own funds requirements
To address requirements on the calculation of initial capital and own funds in MiCAR and PSD2, the EBA advises NCAs to apply the initial capital/own funds requirements established by PSD2 and MiCAR on a cumulative basis to entities intending to carry out payment services and crypto-asset services.
In relation to whether elements eligible for initial capital/own funds can be counted towards the satisfaction of requirements under more than one Directive/Regulation, the EBA reminds Member States that under PSD2 multiple use of elements eligible for own funds where a payment institution has a hybrid character and carries out activities other than providing payment services should be prevented.
Elements of PSD2 to be deprioritised by NCAs
Once an authorisation as a payment services provider is held by an in-scope firm, NCAs are advised not to prioritise the supervision and enforcement of several important elements of PSD2, such as:
- Safekeeping/safeguarding
The EBA notes that MiCAR imposes specific safekeeping requirements on CASPs/PSPs that hold EMTs on behalf of clients and advises NCAs not to prioritise the supervision and enforcement of the provisions in Article 10 of PSD2 in relation to CASPs/PSPs for the purpose of safeguarding EMTs or the means of access to such crypto-assets.
- Consumer protection
Given that the PSD3/PSR provisions have not been conceived for Distributed Ledger Technology (DLT), certain requirements aimed at ensuring that all payment service users benefit from the same protection, irrespective of the type of payment service they use, and its underlying technology requirements should be fine-tuned to accommodate the technical specificities of services with EMTs that qualify as payments.
The EBA advises NCAs not to prioritise supervision and enforcement of the following requirements in relation to transfers of EMTs and/or custody and administration of EMTs qualifying as payment services provided by CASPs/PSPs:
- information requirements related to the charges payable by the user to the CASPs/PSPs;
- the information requirement on maximum execution time of payment transactions in the limited number of cases where the CASPs/PSPs cannot know in advance the maximum execution time of payment transactions;
- the unique identifier; and
- technical and business requirements for credit transfers and direct debits in euro under the SEPA regulation.
- Open banking
The EBA advises NCAs not to prioritise the supervision and enforcement of the Open Banking provisions under PSD2 in relation to CASPs/PSPs intending to provide or already providing custody and administration of EMTs and/or carrying out transfer services of EMTs from one distributed ledger address or account to another.
Long term approach
The EBA reiterates that, as a rule, any given financial activity should be regulated by one financial services regulatory regime and that the applicability of several regimes to that same activity should be avoided, and EU law should avoid the necessity for a dual authorisation under two EU financial services regimes for the same activity (e.g. transacting EMTs).
The EBA examines several approaches to the issues arising from the interplay between MiCAR and PSD2 and suggests that the solution would preferably be found by the EU Commission, Council and Parliament using the legislative process of PSD3/PSR to amend MiCAR by:
- clarifying in MiCAR that crypto-asset services are only subject to provisions laid down in MiCAR;
- clarifying that CASPs providing crypto-asset services with EMTs qualifying as payment services need only be authorised and supervised under MiCAR; and
- strengthening the requirements laid down in MiCAR by applying to crypto-asset services with EMTs qualifying as payment services.
Conclusion
The EBA recognises that although its advice will result in several EMT transactions not being subject to PSD2 requirements while PSD2 still applies, the alternative would require many CASPs to obtain a second authorisation, imposing a burdensome dual authorisation requirement. For further information, please see the EBA website here.
Contributed by Jane Balfe
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.