At the European Banking Authority (EBA) Working Group on APIs under PSD2, a number of market participants raised concerns that there could be a potential mismatch, particularly in the case of a revoked authorisation, between the information contained in the eIDAS PSD2 certificate and the information contained on the EBA and national registers. They highlighted the risk of Financial Institutions (ASPSPs) sharing information with parties no longer authorised by National Competent Authorities (NCAs) but with active eIDAS certificates.
Read more here.
