PSD3 & PSR: The Council of the EU proposal on the consent panel andfraud

The Third Payment Services Directive (PSD3) and the associated Payment Services Regulation (PSR) introduce new features that look to enhance transparency while ensuring a more competitive and consumer friendly payments landscape in keeping with the intent and legacy of PSD1 and PSD2.¹

First proposed in June 2023, the revision of PSD3 and PSR is advancing smoothly under the EU’s Ordinary Legislative Procedure.² The EU Parliament having subsequently adopted the proposed texts at first reading, over this past summer the Council of the EU approved its negotiating mandate, clearing the way for trilogue discussions with the European Parliament and European Commission on the final text of the regulations.

Despite initial ambitions to finalize the texts by end of 2025, final versions are more likely in early 2026, with adoption date expected for late 2027, or early 2028. Below, we look at a number of key developments now under discussion.

Changes to proposed dashboard provisions

Under GDPR, Payment Service Providers (PSPs) can access accounts via dashboards embedded in banks’ online portals. The European Commission’s original PSR draft outlined core features of such dashboards, while the Parliament and Council are pushing for a single, standardized dashboard aligned with upcoming regulations like the EU’s Financial Data Access Regulation (FiDA).³

This would provide customers with an overview of active and past permissions – detailing which TPPs have access, to which accounts, for how long, and to what data. Here, the Parliament emphasizes stronger consumer protection through more harmonized and granular data rules (to be defined by the EBA), while the Council relativizes on the other hand.⁴

Both the Commission and Council agree on withdrawing PSP data access and ensuring cease of access and use of data upon withdrawal. The Parliament further proposes general opt-outs from third-party data sharing and guarantees of complete data deletion by PSPs.

The Commission proposed allowing users to reinstate withdrawn access via the dashboard, but this was rejected by Parliament, while the Council suggested a 48-hour limit.⁵ The Commission’s idea to extend time-limited access – backed by the EU Parliament – was also dismissed by the Council, along with real-time notification requirements for PSPs.

Finally, the Council emphasized that dashboards must be free of charge and avoid language discouraging online banking (i.e. PSD2).

Fraud liability and other provisions

Reflecting the increased use of online payments and associated fraud since PSD2 was adopted, PSR seeks to bring in more safeguards and decrease the liability of the consumer.³

The shift in liability from the consumer to the bank is dialed down in the council’s version of the regulation from that of the parliament. The stance of the Council does not deviate significantly from previous versions, and the inclusion of social engineering as a fraud against which customers need to be protected remains.

Like the Parliament’s version of the regulation, the Council mandates greater cooperation by telecom (ICT) companies in combating the increase in spoofing incidents.⁴

Key new changes introduced by the PSR are requirements for transactions monitoring and information exchange. The Council includes additional details about the future fraud mitigation framework, such as the expected level of detail required when data is exchanged between banks on suspected fraud cases.5 The Council adds also the establishment of a board specialized in fraud.

Conclusion

Final details of PSR and PSD3 will be decided in the coming months, but the key outlines of the regulation and directive are already in place. It is not too early to start to analyze the regulation, the gaps in the current infrastructure and plan implementation.

How Capco can help

Capco partners with financial institutions to provide PSD3 and PSR advisory and implementation support, allowing you to navigate the evolving payments landscape confidently and in full compliance. Read this this success story to discover more about our expertise delivering major payments transformations, and contact us to discuss how we can help you prepare for upcoming changes.

References

¹ https://www.europarl.europa.eu/legislative-train/theme-an-economy-that-works-for-people/file-revision-of-eu-rules-on-payment-services?sid=9201
² https://www.taylorwessing.com/en/insights-and-events/insights/2025/09/eu-institutions-negotiate-revised-payments-legislation
³ https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52023PC0367
⁴ Texts adopted - Payment services in the internal market and amending Regulation (EU) No 1093/2010 - Tuesday, 23 April 2024
⁵ data.consilium.europa.eu/doc/document/ST-10268-2025-INIT/en/pdf