International Markets
June 25, 2025
On 10 June 2025, the European Banking Authority (EBA) issued a No Action letter on the relationship between the Markets in Crypto-Assets Regulation (MiCA) and the Payment Services Directive 2 (PSD2).
The No Action letter responds to a request from the European Commission (Commission) in December 2024, which sought clarification on issues arising from the interplay between MiCA and PSD2. Given that electronic money tokens (EMTs) are deemed electronic money under MiCA and thus constitute “funds” for PSD2 purposes. As a result, certain MiCA services carried on concerning EMTs would potentially constitute payment services under PSD2. However, overlap between these regulatory regimes would result in dual authorisation requirements and inconsistencies in regulatory rules.
This blog post summarises the EBA’s approach to the overlap between the MiCA and PSD2 regimes.
Subject to a transitional period until 1 March 2026, the EBA’s view is that certain MiCA services will constitute payment services when carried on concerning EMTs. Therefore, cryptoasset service providers (CASPs) will be subject to PSD2 requirements and are required to either obtain authorisation as a payment service provider (PSP) or partner with a PSP to provide these services on their behalf.
Going forward, the EBA recommends that the Commission, the European Council, and the European Parliament use the PSD3/PSR legislative process to apply appropriate payment services requirements to CASPs without requiring dual authorisation. This could be achieved either by incorporating the relevant payment services requirements into MiCA—the EBA’s preferred approach—or by updating PSD3/PSR and bringing CASPs within the scope of the payment services regime without requiring a full authorisation.
While the EBA’s long-term aim to limit dual authorisation requirements is helpful, its approach would therefore require firms to maintain dual authorisations under PSD2 and MiCA to provide a limited subset of EMT-related services. Furthermore, this dual authorisation requirement would only apply for a limited period of 12-18 months, from the end of the transitional period until the implementation of PSD3/PSR. Although the EBA proposes that national competent authorities (NCAs) adopt a streamlined process for granting authorisation, this would impose a significant compliance burden on firms.
We anticipate many firms will therefore look to “partnership” models, under which a CASP and PSP may enter into arrangements to provide EMT-related services relying on their separate permissions. Such an approach is likely to be particularly attractive where there is an authorised PSP in the group and used to provide fiat payment rails. However, although the EBA has indicated such models are a path to compliance, it has not provided guidance on how they should be structured, including in light of the many novel flows deployed across the cryptoasset ecosystem. In particular, it has not indicated the extent to which partnership models should make use of PSD agent arrangements, which enable a firm without PSD2 permissions to provide payment services acting on behalf of the authorised PSP. Given divergent regulatory treatment of such models across EU Member States, firms will need to consider the optimal approach based on their existing regulatory footprint and service offering.
The EBA has indicated that, under MiCA, transfer services and custody services will involve payment services when carried out in relation to EMTs. However, the services of exchanging cryptoassets for funds and exchanging cryptoassets for other cryptoassets will not constitute payment services.
The EBA’s approach helpfully narrows the scope of MiCA/PSD2 overlap. However, the EBA has not provided a clear treatment of other types of MiCA services, such as the execution of transactions on behalf of clients (typical in agency brokerage), beyond stating that the intermediation of the purchase of cryptoassets with EMTs is outside its scope. As a result, firms will still need to analyse their EMT transaction flows in the absence of comprehensive express guidance to identify which of their services could trigger PSD2 authorisation and regulatory requirements.
The EBA recommends that NCAs apply both MiCA and PSD2 initial capital and own funds requirements on a cumulative basis to firms that are dual authorised to provide EMT-related services, and prioritise other PSD2 requirements, such as strong customer authentication (SCA) and payment fraud reporting requirements. At the same time, the EBA advises NCAs “not to prioritise” enforcement of other elements of PSD2 relating to safeguarding and disclosures.
Again, the EBA has helpfully limited the applicable PSD2 requirements, including those that could otherwise lead to inconsistencies between the regimes (as is the case with seeking to apply PSD2 safeguarding requirements to EMT-related services). However, the requirements the EBA has applied are materially onerous. Requiring firms to double up on prudential requirements will impose significant capital costs, whereas SCA requirements have necessitated significant technology build in the payment services space and are likely to be operationally challenging.
The EBA No Action letter provides some clarity as to the regulatory treatment of EMT transactions under MiCA. However, its approach does impose significant burdens on firms and raises questions as to how services should be structured to mitigate the impact of dual authorisation and PSD2-derived regulatory requirements.
As a result, firms will need to consider the EMT services they provide, including whether these could constitute payment services, and whether these services can be restructured to mitigate the potential impact. To the extent that dual authorisation requirements are triggered, we anticipate that firms will need to consider the availability of partnership arrangements or engage with their NCAs to determine whether a streamlined authorisation process is available.
The Payments Association
St Clement’s House
27 Clements Lane
London EC4N 7AE
© Copyright 2024 The Payments Association. All Rights Reserved. The Payments Association is the trading name of Emerging Payments Ventures Limited.
Emerging Ventures Limited t/a The Payments Association; Registered in England and Wales, Company Number 06672728; VAT no. 938829859; Registered office address St. Clement’s House, 27 Clements Lane, London, England, EC4N 7AE.
Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.
We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.
Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.
Please click the button below which relates to the issue you’re having.
Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association
Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.
For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.
The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.
Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.
Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.
For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.
