← Back to Insights PL
Fintech 20 January 2026 · 5 min

Cross-Border Payments — Regulatory Landscape for Polish Fintechs

The Current Framework: PSD2

PSD2, in force since 2018, established the foundation for modern European payments: open banking through account access APIs, strong customer authentication (SCA), and new categories of payment service providers (AISPs and PISPs). For Polish fintechs, this opened opportunities to build innovative payment products on top of bank infrastructure.

PSD3 and PSR — What's Coming

The European Commission proposed PSD3 (Directive) and PSR (Payment Services Regulation) to replace and modernize PSD2. The split is intentional — PSR will apply directly across all Member States, eliminating the implementation differences that fragmented PSD2.

Key Changes in PSR

  • IBAN/name verification — mandatory matching of IBAN to beneficiary name before transfers, reducing misdirected payments and fraud
  • Enhanced open banking — dedicated APIs must provide performance and features comparable to the bank's own interface; "screen scraping" fallback maintained
  • Expanded fraud liability — payment service providers must fully reimburse authorized push payment (APP) fraud victims within 10 business days
  • Updated SCA — streamlined requirements while maintaining security, including provisions for delegated authentication

Key Changes in PSD3

  • License consolidation — payment institutions (PIs) and electronic money institutions (EMIs) will be merged into a single "payment institution" license category
  • Higher capital requirements — 20-40% increase depending on category
  • Right to bank accounts — explicit right for payment institutions to maintain bank accounts, addressing the persistent "de-risking" problem
  • Cash-in-shop — customers will be able to withdraw cash at retail stores, improving cash access

Timeline

  • 2025-2026 — legislative negotiations in European Parliament and Council
  • 2027 — expected adoption
  • 2028-2029 — full application

Impact on Polish Fintechs

  • Fraud liability increase — APP fraud reimbursement will significantly impact revenue models; build cost estimates now
  • IBAN verification infrastructure — start planning technical integration for name-matching services
  • License strategy — if holding separate PI and EMI licenses, plan for consolidation
  • API compliance — ensure your open banking APIs meet the enhanced performance standards

Immediate Recommendations

  1. Conduct an impact assessment — particularly on fraud liability and IBAN verification
  2. Review capital adequacy — prepare for potential 20-40% capital increase
  3. Strengthen fraud prevention — invest in real-time transaction monitoring; prevention is cheaper than reimbursement
  4. Engage with industry associations — ZBP (Polish Bank Association) and fintech associations are actively participating in consultations

Need regulatory guidance for your fintech? Schedule a consultation.

Related articles

Author: Przemysław Kołakowski · Legal Counsel · Harbor Legal