EBA clarifies interplay between PSD2 and MiCA

Under the Markets in Crypto-Assets Regulation (MiCA), it is specifically stipulated that electronic money tokens (EMTs) are to be considered as electronic money and hence "funds" under the Second Payment Services Directive (PSD2). Significant uncertainty in the market has resulted from this overlapping regulation of EMTs including not least the prospect of crypto-asset service providers (CASPs) requiring dual authorisation (both as CASP under MiCA and as payment institutions (PIs) under PSD2) to provide crypto-asset services regarding EMTs.

In a "No Action Letter" of 10 June 2025 (the Letter), the European Banking Authority (EBA) provides clarification of several of the issues regarding the interplay between MiCA and PSD2. Much of the clarification will no doubt be welcomed by the industry, but the Letter also makes clear that important potential pitfalls and very significant obligations are on the horizon for CASPs providing certain classes of crypto-asset services regarding EMTs. Below, we summarise the key points from the Letter for market participants to note.

General approach of the Letter

In the Letter, the EBA seeks to address uncertainties regarding the interplay between MiCA and PSD2 over two different time frames:

• long-term by advising the EU Commission, Council and Parliament on how to clarify the uncertainties by amending the drafts of the Third Payment Services Directive (PSD3) and Payment Services Regulation (PSR) currently under negotiation between the EU legislators; and
• short-term (the coming 2-3 years until the entry into force of PSR/transposition deadline for PSD3) by advising national competent authorities on questions of interpretation regarding the administration of PSD2 and on "deprioritising" supervision of certain parts of PSD2

Crypto-asset services also constituting payment services under PSD2

On the basis that MiCA defines EMTs as electronic money and considering the definitions of the respective crypto-asset services and payment services under MiCA and PSD2, respectively, the EBA clarifies that:

• the crypto-asset services of "transfer of crypto-assets" and "custody and administration of crypto-assets" constitute payment services under PSD2 when offered with respect to EMTs;
• custodial wallets for EMTs constitute payment accounts under PSD2 (and the operation of such custodial wallets hence constitute opening and operation of payment accounts); and
• the crypto-asset services of "exchange of crypto-assets for funds" and "exchange of crypto-assets for other crypto-assets" do not constitute payment services under PSD2.

Requirement for dual-authorisation as CASP and PI

The Letter confirms the current market understanding that where a CASP seeks to offer crypto-asset services in respect of EMTs which qualify as payment services (including as clarified by the Letter), the CASP currently needs an additional authorisation under PSD2 as a PI.

In its long-term advice to the EU legislators, EBA recommends changing this position so that a CASP only needs its MiCA license to provide such services and not a separate PI license under PSD3/PSR.

In the short term, the EBA recommends that competent authorities not enforce the dual PI license requirement for CASPs until 2 March 2026. CASPs can thereby continue to offer payment services regarding EMTs, provided that they obtain the requisite PI license under PSD2 no later than 2 March 2026.

Initial capital/own funds

Where a CASP is also required to be licensed as a PI under PSD2, EBA clarifies that the initial capital and own funds requirements applicable to a CASP under MiCA and a PI under PSD2, respectively, are cumulative and, consequently, that the same own funds element can only count towards meeting one of these requirements.

EBA further notes that the mere fact that payment services with EMTs entail the offering of crypto-asset services is not in itself reason for competent authorities to increase or reduce the relevant CASP's own funds requirement as a PI under PSD2 - such adjustment requires the identification of some other material factor to justify.

Consumer protection/business conduct rules

Subject to certain caveats, EBA advises competent authorities "not to prioritise" supervision and enforcement of the following parts of PSD2 in the context of transfers or custody and administration of EMTs:

• information requirements relating to the charges payable by users to the CASP where these cannot be known in advance, e.g. due to congestion of the relevant blockchain;
• information requirements regarding maximum execution time for payment transactions;
• providing the user with a unique identifier; and
• (to the extent applicable) the SEPA Regulation in its entirety.

In its long-term advice to the EU legislators, EBA recommends to generally apply the consumer protection/business conduct rules in PSD3/PSR to payment services regarding EMTs but to ensure that they are adapted taking into account the technological differences between traditional "payment rails" and blockchain.

Strong customer authentication

As a consequence of its advice that transfers of EMTs constitute payment services and that custodial wallet for EMTs are payment accounts, it follows that the EBA confirms in the Letter that the extensive requirements for strong customer authentication (SCA) in PSD2 also apply when users initiate transfers of EMTs or access their custodial wallet holding EMTs.

EBA does, however, advise competent authorities "not to prioritise" supervision and enforcement of compliance by CASPs with these requirements until 2 March 2026. CASPs offering these payment services and not complying with SCA requirements should, however, take careful note of Article 74(2) of PSD2 which remains applicable (also before 2 March 2026) and which states (to paraphrase) that where the CASP offering the EMT transfer service or operating the EMT custodial wallet does not apply SCA, the CASP will be fully liable for all user losses resulting from fraud, scams, hacking etc., unless the user itself acted fraudulently.