- A Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, adopted on 13 January 2016 with implementation period until 13 January 2018.
- A delegated regulation of the European Commission supplementing the Directive with regard to regulatory technical standards for strong customer authentication and common secure open standards of communication. Published on 13 March 2018, comes into force on 14 September 2019.
Obligations imposed upon banks:
PSD2 regulates three new types of services, based on the access to the payment account:
- payment initiation services (PIS), regulated in the art. 66 of the PSD2;
- account information services (AIS), regulated in the art. 67 of the PSD2;
- confirmation of availability of funds (CAF), regulated in the art. 65 PSD2.
Banking institutions ought to prepare their IT architecture in a way that allows for the performance of these services and ensures an adequate level of safety.