🇪🇺 Live Banking & Financial Services

EU Payment Services Directive 2 (PSD2 — Directive 2015/2366)

Regulates payment services, open banking, and strong customer authentication for providers in the EU.

View official source document

Rules extracted

150

Obligations decomposed

12.5x

Avg obligations per rule

🇪🇺 European Union

Jurisdiction

About this regulation

PSD2 establishes the legal framework for payment services in the EU internal market. It introduces rules on the authorization and supervision of payment institutions, passporting, safeguarding of funds, and creates a regulatory framework for third-party providers (TPPs) including Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs). Key innovations include Strong Customer Authentication (SCA), open banking API access obligations, enhanced consumer protection, and a ban on surcharging for most payment instruments.

What AuditDSS covers

Source

Regulation

Extracted

Rules

Decomposed

150

Obligations

12.5x

Decomposition ratio

Each rule is decomposed into an average of 12.5 atomic obligations — the smallest testable units that can be independently violated.

Fully extracted & scored

All 150 obligations have been decomposed, titled, risk-scored, and embedded for semantic matching.

Risk scoring

Every obligation in PSD2 is scored across independent risk dimensions:

Obligation Weight

How critical within the regulatory framework

Violation Likelihood

How often breached in practice

Enforcement Evidence

Regulator enforcement history and penalties

Cascade Dependency

How many obligations depend on this one

Regulatory details

Full title: EU Payment Services Directive 2 (PSD2 — Directive 2015/2366)
Regulatory body: European Parliament and Council
Jurisdiction: 🇪🇺 European Union
Document type: directive
Effective date: January 13, 2018
Issuing authority: European Parliament and Council of the European Union
Industry: Banking & Financial Services
Official source: View source document ↗

Who this applies to

payment institutionscredit institutionselectronic money institutionsaccount information service providers (AISPs)payment initiation service providers (PISPs)account servicing payment service providers (ASPSPs)

Key requirements

authorization of payment institutions
passporting and cross-border services
safeguarding of funds
third-party provider (TPP) access
open banking API requirements
Strong Customer Authentication (SCA)
operational and security risk management
liability for unauthorised transactions (EUR 50 cap)
surcharging ban
complaint handling (15 business day response)

Frequently asked questions about PSD2

What is PSD2?

Who does PSD2 apply to?

PSD2 applies to payment institutions, credit institutions, electronic money institutions, account information service providers (AISPs), payment initiation service providers (PISPs), account servicing payment service providers (ASPSPs).

How many obligations does PSD2 contain?

AuditDSS has decomposed PSD2 into 150 atomic obligations from 12 rules. Each obligation is independently testable and risk-scored.

What are the key requirements of PSD2?

The key requirements include: authorization of payment institutions, passporting and cross-border services, safeguarding of funds, third-party provider (TPP) access, open banking API requirements, Strong Customer Authentication (SCA), operational and security risk management, liability for unauthorised transactions (EUR 50 cap), surcharging ban, complaint handling (15 business day response).

How can I assess my PSD2 compliance?

Upload your compliance policy to AuditDSS. The platform maps your document against all 150 PSD2 obligations using deterministic AI scoring — not checklists or LLM summaries. You get a risk-scored gap analysis showing exactly which obligations are covered, partially covered, or missing.

Which jurisdiction enforces PSD2?

PSD2 is enforced in European Union by European Parliament and Council.

When did PSD2 come into effect?

PSD2 became effective on January 13, 2018.

What industry does PSD2 apply to?

PSD2 is primarily relevant to the Banking & Financial Services industry. AuditDSS covers 105 regulations in this industry sector.

Build a PSD2 compliance pack

Don't have a compliance policy yet? AuditDSS generates a complete compliance pack for PSD2 — alone or combined with other regulations your business needs. Every clause is mapped to specific obligations.

Policy

High-level commitments and governance framework covering PSD2 requirements.

Procedures

Step-by-step operational procedures to implement each policy commitment.

Forms & checklists

Ready-to-use forms, registers, and checklists for day-to-day compliance operations.

Multi-regulation

Combine PSD2 with other regulations into a single unified compliance pack for your business.

Build PSD2 compliance pack

Already have a policy? Assess it against PSD2

Upload your document

Upload your compliance policy, program manual, or operational document. AuditDSS accepts any text-based document.

AI maps against 150 obligations

Your document is scored against every obligation in PSD2. Each claim is mapped to the obligation tree and evaluated for coverage.

Risk-scored gap report

Receive every gap ranked by risk priority with remediation guidance, enforcement evidence, and cascade impact analysis.