Grandfathering under PSD3: What payment service providers need to know now

The forthcoming Payment Services Directive 3 (PSD3), together with the Payment Services Regulation (PSR), will introduce far-reaching changes to the regulation of financial services across European payments. For existing payment service providers, a central question arises: What does grandfathering under PSD3 mean and how will the new rules affect licences and authorisations already granted? The answer lies in the so-called “PSD2 grandfathering” provisions within PSD3, which enable a structured transition to the new legal framework.

What does grandfathering mean under PSD3?

Grandfathering refers to the rules under which existing licences and authorisations of Payment Institutions (PIs) and E-Money Institutions (EMIs) remain valid under the new PSD3 regime – but only for a limited period and subject to specific conditions.

The European Commission has recognised that an abrupt switch to the new licensing regime would cause significant market disruption. Accordingly, Payment Services Directive 3 (PSD3) sets out detailed transitional provisions in Articles 44 and 45, covering different categories of market participants. In parallel, the Payment Services Regulation (PSR) defines additional technical standards for implementation.

Transitional timelines: the key deadlines at a glance

For payment institutions under PSD2

Existing payment institutions benefit from a phased transition period:

• 18 months after entry into force: cut-off date for capturing existing PSD2 licences
• 24 months after entry into force: end of the grandfathering period and final deadline for demonstrating compliance

Payment institutions authorised under Article 11 of PSD2 up to 18 months after PSD3 enters into force may continue to provide their licensed payment services without a new authorisation for up to 24 months.

PSD3 requirements during the transition

Grandfathering is not a free pass. Institutions must submit all necessary information to the competent authorities within the 24-month period to evidence PSD3 compliance. In Germany, BaFin is coordinating PSD3 implementation and will publish corresponding guidance on evidentiary requirements.

Two possible scenarios:

1. Compliance achieved: automatic authorisation under Article 13 PSD3 and entry in the registers
2. Compliance not achieved: prohibition on providing payment services

E-money institutions: specific transitional rules

E-Money Institutions (EMIs) authorised under Directive 2009/110/EC receive similar transitional rights. Of particular relevance: under the new framework, EMIs are treated as payment institutions, requiring an adjustment to their licensing set-up.

Exemptions and how they are handled

Firms that previously benefited from PSD2 exemptions (Article 32) may either:

• Apply for a new exemption under Article 34 PSD3
• Meet the full PSD3 compliance requirements

Practical examples: how different market participants are affected

Case study 1: Small fintech with a PSD2 exemption

Starting point: A German fintech start-up with 15 employees has used the de minimis exemption under section 2(2) ZAG since 2019 (monthly payment volume below EUR 1 million).

PSD3 challenge: The previous exemption is expiring while compliance requirements have increased.

Strategic options:

• Apply for a new exemption under Article 34 PSD3
• Pursue a full PI licence in line with planned growth
• Adopt a partnership model with a licensed payment service provider

Case study 2: Established e-money issuer

Starting point: An EMI with an e-money licence under Directive 2009/110/EC offering both e-money issuance and payment services.

PSD3 transformation: Mandatory reclassification as a payment institution, as EMIs are no longer regulated separately under PSD3.

Compliance effort: Full review of the licensing set-up and alignment to PI requirements by the 24-month deadline.

Case study 3: Large payment service provider

Starting point: An established PSP with full PSD2 authorisation across multiple EU Member States.

Grandfathering advantage: Seamless transition possible where compliance standards are already high.

Focus: Optimising existing processes and early alignment with tightened requirements.

Audience-specific recommendations

For small fintechs and start-ups

Immediate actions:

• Cost-benefit analysis: Is a full licence worthwhile, or is an exemption sufficient?
• Partnership strategies: Assess Banking-as-a-Service (BaaS) models

Specific challenges:

• Limited compliance resources
• Higher relative cost of regulatory obligations
• Need for lean, cost-efficient solutions

Recommended approach:

1. Rapid review of current exemptions – will they still be available under PSD3?
2. Develop growth forecasts – does the business trajectory justify a full licence?
3. Engage external compliance support for cost-effective implementation

For mid-sized payment service providers

Strategic focus:

• Licence consolidation: optimise the EU-wide licensing footprint
• Operational excellence: automate compliance processes
• Market expansion: use the transition period for strategic development

Action plan:

1. Conduct a PSD3 gap analysis
2. Establish a project team covering compliance, IT and business
3. Develop a phased plan for progressive implementation up to the deadline

Risks arising from inadequate PSD3 preparation

Absent or insufficient PSD3 compliance leads to severe consequences:

• Prohibition on providing payment services
• Exclusion from the EU single market
• Significant revenue losses
• Regulatory sanctions under BaFin’s PSD3 supervision

The transition periods may appear generous, but the complexity of PSD3 requirements demands an early and structured approach. Risks arising from inadequate PSD3 preparation include not only operational disruption but also substantial reputational damage with clients and partners.

PSR: be mindful of parallel challenges

While the PSD3 Directive contains the grandfathering provisions, the parallel Payment Services Regulation (PSR) brings additional requirements that must also be factored into transition planning.

Checklist: your next steps up to the PSD3 deadline

Phase 1: Baseline assessment (months 1–3)

• Analyse licence status – which authorisation categories are currently held?
• Assess the business model – do all activities fall under grandfathering?
• Resource planning – budget and staffing for the implementation project
• Identify external expertise – specialised advisers

Phase 2: PSD3/PSR gap analysis (months 4–6)

• Map PSD3 requirements against the current organisational and process set-up
• Integrate PSR obligations into the overall strategy
• Identify and close documentation gaps
• Plan and budget IT system changes
• Prepare BaFin communications and define the internal point of contact

Phase 3: Implementation (months 7–20)

• Implement the compliance framework
• Conduct staff training
• Adapt internal processes

Phase 4: Finalisation (months 21–24)

• Submit complete documentation
• Successfully complete BaFin review
• Obtain or confirm the new licence

Conclusion: leverage grandfathering as a strategic opportunity

The PSD3 grandfathering provisions are more than mere transitional rules – they provide an opportunity to strategically reposition your payments business.

Successful firms use the transition period to:

• Optimise their licensing structure
• Modernise legacy compliance systems
• Prepare for future regulatory requirements
• Strengthen their competitive position

The 24-month period may seem long, but experience shows that complex compliance projects take considerably more time than initially planned. Firms that start preparations now have a markedly higher chance of success.