EBA issues No Action letter on PSD2, PSD3 & MiCA: What crypto and payment firms need to know

Introduction: EBA clarifies EMT regulation under MiCA and PSD2

On Tuesday, 10 June 2025, the European Banking Authority (EBA) published a No Action letter to the EU Commission, EU Council and EU Parliament to avoid requiring dual authorisation under two pieces of EU Law for the activity of transacting Electronic Money Tokens ('EMT'). The letter addresses the overlap between Markets in Crypto-Assets ('MiCA') and Payment Services Directive 2 ('PSD2'), particularly concerning EMT transactions. It advises National Competent Authorities (NCAs) on how to handle EMT transactions during the transition period until PSD3 and PSR are in effect.

Impact on crypto-asset and payment firms

Firms will not need separate authorisations under both PSD2 and MiCA for applicable EMT-related services until 1 March 2026. However, if a Firm wishes to continue providing the relevant services after this date, a PSD2 license will be required from 1 March 2026 onwards. As the application process can be lengthy, Firms should act soon to meet this deadline.

According to the opinion, CASPs applying for Payment Service Providers licenses under PSD2 can leverage information already provided during MiCA authorisation. However, in practice, this may not be the case due to the segmented application processes in place.

The opinion also states that certain PSD2 provisions, such as safeguarding, disclosure of charges, and open banking, will not be strictly enforced during the transitional period. Forvis Mazars urges firms to be vigilant regarding this point, as this opinion does not constitute binding law. Therefore, an NCA may subject each Firm to the full force of the current law in relation to the above points.

Finally, as the activities involving the 'exchange of crypto-assets for funds' and 'exchange of crypto-assets for other crypto-assets' defined under MiCA are not deemed to be payment services and are not subject to the application of PSD2, Firm's should evaluate the activities they are conducting, or intending to conduct, to ensure the correct requirements are understood and applied.

Background: EU regulatory overlap between MiCA and PSD2

On 10 December 2024, the Director General in the Directorate-General for Financial Stability, Financial Services and Capital Markets Union of the European Commission published a letter to the EBA and European Securities and Markets Authority (ESMA) regarding concerns relating to the overlap between crypto-asset services provided by crypto-asset service providers (CASPs) under MiCAR and payment services regulated under PSD2, particularly in the case of specific services relating to EMTs.

This opinion, issued in response to the European Commission's request above, aims to clarify the interplay between these two frameworks and provide guidance for the transitional period until the application of PSD3 and the PSR.

Key takeaways from the EBA No Action letter

The letter of no action has been published to provide the following key elements of advice and direction to Member State National Competent Authorities:

• The EBA advises for the intervening period of 2-3 years, during which PSD2 still applies until the application date of the future Payment Services Regulation (PSR) and the transposition date of the future PSD3, to regard the transfer of crypto assets as a payment service under PSD2 where they entail EMTs and are carried out by the entities on behalf of their clients.
• The EBA advises that the custody and administration of EMTs should be considered as a payment service under PSD2.
• The EBA advises that a custodial wallet should be regarded as a payment account under PSD2, where the wallet is held in the name of one or more clients and allows for the sending and receiving of EMTs to and from third parties.

The No Action letter outlines the authorisation requirements for CASPs and suggests a streamlined process to reduce regulatory burdens: CASPs should be required to obtain authorisation under PSD2 through streamlined procedures leveraging existing MiCA information; only after 1 March 2026, entities without a payment service provider license or partnership must cease EMT-related services that fall into scope; and, certain PSD2 provisions, such as safeguarding and consumer information disclosure, may be deprioritised for supervision.

Once an authorisation as a payment services provider is held, NCAs are advised not to prioritise the supervision and enforcement of several elements of PSD2, such as safeguarding, the disclosure of information to consumers. However, NCAs are also advised to insist on the compliance with other PSD2 provisions, such as strong customer authentication (SCA) for accessing custodial wallets that qualify as payment accounts and the initiation of EMT transfers, the reporting of payment fraud, and the cumulative calculation of own funds requirements.

The EBA also state within the letter that the 'exchange of crypto-assets for funds' and 'exchange of crypto-assets for other crypto-assets' defined under MiCA, are not deemed to be payment services and are not subject to the application of PSD2, including the requirements for licencing under the same.

Conclusion: Practical guidance and strategic implications

The EBA's opinion aims to respond to the letter addressed to the EBA and ESMA, seeking to strike a balance between innovation and competition in the crypto-assets market and the need for robust consumer protection and market stability. By providing clear guidance for the transitional period, the EBA aims to ensure a level playing field for CASPs while minimising regulatory complexity. The opinion highlights the importance of harmonising financial services laws to prevent undue compliance burdens and regulatory arbitrage.  The EBA expect that this advice will result in a large number of EMT transactions not being subject to PSD2 requirements during the intervening period while PSD2 still applies. The EBA states that this advice is solely based on the acknowledgement that any alternative advice would require a much larger number of CASPs to obtain a second authorisation.

This opinion will remain in effect until PSD3 and PSR are implemented unless reassessed earlier by the EBA.

How we can help: Forvis Mazars’ regulatory expertise

Need help navigating MiCA, PSD2 or upcoming PSD3 requirements? Our Prudential Risk experts recognise that regulations remain a pivotal driver for the strategic priorities of financial institutions. Our team excels at helping clients within the financial services sector navigate the intricate web of regulations, including managing the ever-changing timelines. We work in tandem with our clients to identify their regulatory responsibilities and develop comprehensive strategies for full compliance.