How to bring your ecosystem into compliance with the DSP2

Since January 13, 2018, the new Payment Service Directive (DSP2) has officially entered into force in the 28 member countries of the European Union, making online authentication for payments mandatory.

What is DSP2?

The new version of the Payment Services Directive (DSP2) aims to further harmonize payments regulations by taking into account technological advances, innovations, and to introduce new security requirements for the processing of electronic payments and protecting the financial data of all consumers.

In addition, it recognizes and regulates third-party payment service providers (PSPs) who are authorized to access accounts, aggregate their data and initiate payment services. Thus, this directive disrupts the payments market, especially in e-commerce, by promoting greater competition, transparency, and innovation.

Digital transformation: how to put your ecosystem in conformity with the DSP2

The main deadlines of DSP2

After a long debate, at the end of November 2017, the European Banking Authority published the final version of the Regulatory Technical Standards, detailing the responsibilities and obligations of the different players in the payment market. On 13 March 2018, the European Parliament and the Council of the EU have validated them, but they will not enter into force until 14 September.


The GDPR taught us that compliance is a very delicate exercise. The deadline for alignment with DSP2 is fast approaching and e-money players need to be accompanied in the compliance strategy. It is often mentioned explicitly that authentication and secure communications, the DSP2 involves a lot of security actors.

The DSP2 allows better security of the transactions between banks and PSP and also a protection of the data of the payment accounts.

As intermediaries, platform operators are likely to cash the funds paid by customers to pay back to the merchant’s beneficiaries. However, the fact of collecting money from the merchants and then returning them to them is considered to be a supply of “payment services”, which is regulated by the DSP2. This is the reason why platforms, in general, are concerned by DSP2.

To continue to provide the payment services they offer to their merchant customers, marketplaces now have several alternatives, including:

1. Obtaining a banking license to provide “services” payment
2. The benefit of an exemption approval
3. Appealing to a payment service provider

Finally, the marketplaces that did not anticipate the implementation of the DSP2 will face a barrage of penalties and procedures, greatly threatening their activity. And the threat is real.