← All articles

PSD3 and the PSR: What the EU's New Payment Rules Mean for Creator Payouts

Oarized · 18 July 2026

Where PSD3 and the PSR Actually Stand

The EU's third Payment Services Directive (PSD3) and its companion Payment Services Regulation (PSR) are not law yet. Some blogs are already circulating claims that PSD3 "took effect" on 1 July 2026 — that is not what the EU's own institutions say, and it's worth being precise about the actual status before making any operational decisions around it.

The European Parliament's Legislative Train Schedule, last updated 20 June 2026, marks the file as "close to adoption" — political agreement, not enactment. The actual sequence: the Commission tabled its proposal on 28 June 2023; Parliament and Council reached provisional political agreement on 27 November 2025; the Council endorsed final compromise texts on 23 April 2026; and Parliament's ECON committee approved the negotiated text on 5 May 2026.

What's still missing is a formal Parliament plenary vote, Council adoption, and publication in the Official Journal. Once published, the PSR enters into force 20 days later as directly applicable law, while PSD3 requires national transposition. The substantive rules then generally apply around 21 months after entry into force — meaning the operative deadline for most obligations sits in 2027 or later, not this summer. For a payout platform, that gap matters: there's time to prepare, but the preparation clock hasn't formally started.

The E-Money License Gets Folded In

The structural change with the most direct bearing on payout infrastructure is licensing. According to the European Parliament's own research briefing on the file, PSD3 integrates e-money institutions as a sub-category of payment institutions, which repeals the second Electronic Money Directive (2009/110/EC) outright. Any platform that pays out creators using its own e-money license, or routes payouts through a partner that holds one, currently operates under a regime that is being retired.

The transition is not abrupt. The briefing lays out transitional provisions: licenses held by existing payment institutions and e-money institutions are grandfathered for up to 30 months after entry into force, and firms must submit an application under the new unified regime within 24 months of entry into force. Application procedures are largely unchanged from PSD2, with one addition — applicants now have to submit a winding-up plan. Initial capital of €50,000 becomes an alternative to professional indemnity insurance for certain payment institutions.

Safeguarding rules for client funds — the mechanism that keeps creator payout balances separate from a platform's operating cash — stay largely the same under the merged regime, with one new option: safeguarding funds in an account at a Member State's central bank, at that central bank's discretion. For platforms holding creator balances between clip approval and payout, that's a new (if optional) safeguarding channel worth tracking as national central banks decide whether to offer it.

Fraud Liability and the IBAN Name-Check

The PSR's fraud provisions were built for a world of push-payment scams, but they land squarely on any platform that moves money to a large number of individual bank accounts — which is exactly what a clipping or creator payout network does at scale. Per the European Parliament's press release on the agreed text, payment service providers will have to verify that a payee's name and unique identifier (the IBAN) match before processing a transaction, refuse the transaction where they don't, and inform the payer of the mismatch.

That requirement is currently standard for many corporate SEPA credit transfers, but it hasn't been a uniform, EU-wide legal obligation covering the account details creators submit during payout onboarding. A name typed slightly differently from the one on a creator's bank account — common with legal names versus display names, or transliterated names — will now trigger a mismatch flag rather than a silent misroute.

Payment service providers face liability for losses if they fail to implement fraud prevention, and must refund customers who fall victim to impersonation scams where fraudsters pose as PSP employees.

The agreement also makes providers liable for losses when they don't implement adequate fraud prevention, and it makes online platforms liable to reimburse a PSP if they fail to remove fraudulent content after being notified. For a payout platform, the practical effect is more verification friction at onboarding and first payout, in exchange for materially lower risk of a payout landing in the wrong account.

The Rule That Protects Payout Fintechs

Buried in the PSR's technical detail is a provision that addresses a problem every non-bank payout operator in Europe has run into: banks quietly closing or refusing to open accounts for payment institutions and e-money institutions, a practice generally known as de-risking. According to the EPRS briefing, PSR Article 32 requires credit institutions to provide payment accounts to payment institutions, and permits refusal or closure only on serious, justified grounds — such as suspicion of illegal activity, breach of contract, or insufficient information from the applicant.

This is not a minor clause for creator payout platforms specifically. They typically need a working bank relationship for two things: holding safeguarded client funds and settling batches of outbound payments. A bank's decision to close that relationship with little explanation has historically been close to unchallengeable, forcing affected platforms into costly last-minute searches for a new banking partner. Article 32 doesn't eliminate a bank's ability to say no, but it narrows the grounds on which it can and creates a documented basis to push back.

The European Central Bank's own opinion on the package, cited in the same briefing, separately raised concerns about large non-bank groups — fintechs and big tech firms — offering a widening range of financial activities, and argued for closer supervisory attention to concentration and contagion risk as that happens. That's a signal that oversight of payment institutions generally is tightening even as account access for legitimate ones is being protected.

What Operators Should Do Now

Given the actual timeline, there are two mistakes to avoid: treating PSD3/PSR as already binding, and treating it as far enough away to ignore. Concretely, for a founder or operator running payouts to creators or clippers in the EU:

  • Ignore "July 2026" deadline claims. Per the European Parliament's own tracker, the file was still short of final Parliament and Council adoption as of its most recent update; publication in the Official Journal and a subsequent 21-month application window come after that.
  • Map your current license chain. Know whether payouts run through your own e-money license or a partner's, and confirm which entity will be responsible for the winding-up plan and re-application once the 24-month clock starts.
  • Start name-matching now, voluntarily. Building IBAN-to-legal-name verification into payout onboarding ahead of any legal deadline reduces failed and misrouted payouts today, independent of when the PSR formally applies.
  • Document your banking relationship. If a bank has pushed back on opening or keeping an account for a payout business, keep records — Article 32's justified-refusal standard is easier to invoke with a paper trail already in place.
  • Watch the EBA and national regulators, not blogs. De Nederlandsche Bank and the European Banking Authority will issue implementing guidance once the texts are formally adopted; that guidance, not secondary commentary, will set the real compliance calendar.

None of this requires immediate structural change. It requires knowing which parts of the story are confirmed — the licensing merger, the name-check rule, the bank-account protection — and which parts are still procedural steps away from taking effect.