When do crypto firms need additional EU licences for stablecoin transfers? EBA issues guidance on the interplay between PSD2 and MiCA

On 10 June 2025 the European Banking Authority (EBA) published an opinion (the Opinion) clarifying the interplay between the second EU Payment Services Directive (PSD2) and the EU Markets in Crypto-Assets Regulation (MiCA) in relation to crypto-asset service providers (CASPs) transacting in electronic money tokens (EMTs), which term includes most stablecoins.¹

The Opinion provides supervisory guidance to EU national competent authorities (NCAs) on the application of PSD2 to CASPs and recommendations for longer-term legislative alignment under the upcoming third EU Payment Services Directive (PSD3) and the accompanying EU Payment Services Regulation (PSR).

Key takeaways for CASPs

• Transitional relief: CASPs providing EMT transfer services may, in most cases, operate under their MiCA authorisation alone until 1 March 2026. However, they will generally need to obtain authorisation under PSD2 to continue providing EMT transfer services beyond that date. 

• Streamlined PSD2 authorisation: Where additional PSD2 authorisation is required, NCAs are advised to streamline procedures and leverage information already provided under MiCA.

• Focused supervision: NCAs are encouraged to focus on strong customer authentication, fraud reporting and own funds requirements under PSD2 while de-prioritising enforcement of other PSD2 requirements in respect of EMT transfers.

• Legislative reform: The EBA recommends that PSD3/PSR should clarify the requirements that apply to EMT transfer services and avoid duplicative regulatory authorisation requirements, while ensuring robust consumer protection and market integrity. 

What happens before PSD3/PSR apply?

PSD3 and the PSR are expected to be published in final form by year-end 2025 and apply 18 months after they are published.²

During the period before their application, the EBA advises NCAs to:

• treat the transfer, custody, and administration of EMTs by CASPs on behalf of clients as payment services under PSD2, requiring authorisation as a payment service provider (PSP),³ but provide a transition period until 1 March 2026 for compliance;

• treat as excluded from the scope of PSD2: (i) exchange of crypto-assets for funds or other crypto-assets, and (ii) intermediation of crypto-asset purchases using EMTs;

• recognise custodial wallets holding EMTs as "payment accounts" under PSD2 if they enable sending and receiving EMTs to/from third parties;

• streamline the authorisation process for CASPs seeking authorisation under PSD2 by maximising reliance on information already submitted for authorisation under MiCA.

The EBA recommends that NCAs:

• prioritise enforcement of:
  • strong customer authentication (SCA) requirements for access to custodial wallets and EMT transfers;
  • fraud reporting requirements; 
  • prudential requirements, including cumulative initial capital and own funds requirements for CASPs that are also authorised as PSPs;

• de-prioritise enforcement of certain PSD2 provisions for EMT transactions, including
  • safeguarding requirements (where MiCA’s safekeeping requirements apply);
  • disclosure of exact charges and maximum execution times (where not technically feasible);
  • unique identifier requirements and SEPA Regulation provisions;
  • open banking account access requirements for operators of custodial wallets. 

Will PSD3/PSR fix the problem? 

The Opinion proposes two options to address the overlap between MiCA and PSD2 pathways.

1. Amend MiCA. Use PSD3/PSR to amend MiCA to prescribe a single set of rules applicable to CASPs providing EMT-related payment services.

2. Clarify the application of PSD3/PSR. Alternatively, specify in PSD3/PSR: (a) which EMT-related services fall within scope of PSD3/PSR; (b) which PSD3/PSR requirements apply to CASPs that provide such services; and (c) an exclusion for such CASPs from the requirement to obtain authorisation under PSD3/PSR. 

What should firms do?

• Firms providing EMT-related payment services, such as stablecoin transfer services, in the EU should consider whether they fall within scope of PSD2 authorisation requirements
• Where such authorisation requirements apply, firms should start taking steps to:
  • obtain appropriate authorisation; 
  • partner with a firm that already has such authorisation; or 
  • limit the scope of its stablecoin transfer services in the EU to avoid the authorisation requirements.
• Firms should engage with their NCAs to ensure compliance during the transition period and monitor PSD3/PSR legislative developments for the changes proposed by the EBA.