DSP3 and PSR: What Really Changes for Fintechs

Alejandro Martínez · 2026-04-23

The DSP3/PSR legislative package marks a big shift in Europe's payment services framework. It's designed to fix the problems that came with DSP2, like ongoing fraud, low user trust, and messy rules across countries. For fintechs, this means real changes you need to know about. During a webinar on April 21, 2026, hosted by France FinTech with Jeantet, David Roche, a partner lawyer focused on Tech and Fintech, broke down the new rules and what they mean for fintech players. Let's dive into the details. ### What Is the DSP3 and PSR Framework? The new DSP3/PSR package uses a two-part structure: a directive and a regulation. This shows the EU's clear goal: make things more uniform by cutting down on how each country can interpret the rules. The PSR regulation, which applies directly across all member states, now handles most of the operational requirements. Meanwhile, DSP3 focuses on licensing and oversight, bringing Electronic Money Institutions (EMEs) under the same umbrella as payment institutions. They'll now need to get licensed as payment institutions too. Instead of starting from scratch, existing firms can update their documents through a grandfather clause, with a 27-month transition period. That's a bit over two years to get everything in order.  ### Goals of the Reform This reform isn't just about one thing. It aims to: - Boost user protection - Make Open Banking work better - Level the playing field between different players - Take a more proactive stance against fraud - Clarify who's responsible for what, especially with anti-money laundering and counter-terrorism financing rules It's a lot to juggle, but the idea is to create a safer, fairer system for everyone. ### Operational and Technical Impacts On the ground, the PSR brings big changes, especially for payment service providers that hold accounts. One of the biggest shifts? You now have to use dedicated APIs for data access. No more letting third parties use customer interfaces. This comes with strict technical standards for how these APIs perform and stay available. There are also new reporting rules, especially around fraud. The goal is to make it easier to share info between companies and regulators. And the rules now cover some technical providers too, which means the whole chain is involved in managing risks. Another big step is making the Verification of Payee (VoP) service more common. It used to be just for instant payments, but now it's spreading to all transactions. That's a smart move for security. ### What Fintechs Should Do Next So, what should you do now? Start planning. Here's a simple roadmap: - **Do a gap analysis**: Figure out where your current practices fall short of the new rules. - **Focus on fraud prevention**: You'll need to join data-sharing networks and pick the right platforms. Don't forget to tell the supervisors you're participating. - **Plan your transition**: Prioritize tasks based on deadlines and what depends on other changes, like contracts or tech upgrades. This isn't something you can put off. The clock is ticking, and getting ahead of it will save you headaches down the road.