In the short term, firms are likely to face dual authorisation and significant regulatory requirements.
On 10 June 2025, the European Banking Authority (EBA) issued a No Action letter on the relationship between the Markets in Crypto-Assets Regulation (MiCA) and the Payment Services Directive 2 (PSD2).
The No Action letter responds to a request from the European Commission (Commission) in December 2024 that sought clarification on issues arising from the interplay between MiCA and PSD2, given that electronic money tokens (EMTs) are deemed electronic money under MiCA and so constitute “funds” for PSD2 purposes. As a result, certain MiCA services carried on in relation to EMTs would potentially constitute payment services under PSD2. However, overlap between these regulatory regimes would result in dual authorisation requirements and inconsistencies in regulatory rules.
This blog post summarises the EBA’s approach to the overlap between the MiCA and PSD2 regimes.
Dual Authorisation Requirements
Subject to a transitional period until 1 March 2026, the EBA’s view is that certain MiCA services will constitute payment services when carried on in relation to EMTs, and so cryptoasset service providers (CASPs) will be subject to PSD2 requirements and required to either obtain authorisation as a payment services provider (PSP) or partner with a PSP to provide these services in their place.
Going forward, the EBA recommends that the Commission, the European Council, and the European Parliament use the PSD3/PSR legislative process to apply appropriate payment services requirements to CASPs without requiring dual authorisation. This could be achieved either through incorporating the relevant payment services requirements into MiCA — which is the EBA’s preferred approach — or updating PSD3/PSR and bringing CASPs in scope of the payment services regime without requiring a full authorisation.
While the EBA’s long-term aim to limit dual authorisation requirements is helpful, its approach would therefore require firms to maintain dual authorisations under PSD2 and MiCA to provide a limited subset of EMT-related services. Furthermore, this dual authorisation requirement would only apply for a limited period of 12-18 months, from the end of the transitional period until implementation of PSD3/PSR. Although the EBA is proposing that national competent authorities (NCAs) adopt a streamlined process for granting authorisation, this would therefore impose a significant compliance burden on firms.
We anticipate many firms will therefore look to “partnership” models, pursuant to which a CASP and PSP may enter into arrangements to provide EMT-related services relying on their separate permissions. Such an approach is likely to be particularly attractive where there is an authorised PSP in the group and used to provide fiat payment rails. However, although the EBA has indicated such models are a path to compliance, it has not provided guidance on how they should be structured, including in light of the many novel flows deployed across the cryptoasset ecosystem. In particular, it has not indicated the extent to which partnership models should make use of PSD agent arrangements, which enable a firm without PSD2 permissions to provide payment services acting on behalf of the authorised PSP. Given divergent regulatory treatment of such models across EU Member States, firms will need to consider the optimal approach based on their existing regulatory footprint and service offering.
Overlap Between MiCA and PSD2
The EBA has indicated that under MiCA, transfer services and custody services will involve payment services when carried out in relation to EMTs. However, services of exchange of cryptoassets for funds and exchange of cryptoassets for cryptoassets will not constitute payment services.
The EBA’s approach helpfully narrows the scope of MiCA/PSD2 overlap. However, the EBA has not set out a clear treatment of other kinds of MiCA service, such as execution of transactions on behalf of clients (typical in agency brokerage), other than to say that intermediation of purchase of cryptoassets with EMTs is out of scope. As a result, firms will still need to conduct analysis of their EMT transaction flows in the absence of comprehensive express guidance, to identify which of their services could trigger PSD2 authorisation and regulatory requirements.
Applicable PSD2 Requirements
The EBA recommends that NCAs apply both MiCA and PSD2 initial capital and own funds requirements on a cumulative basis to firms dual authorised to provide EMT-related services, and prioritise other PSD2 requirements such as strong customer authentication (SCA) and payment fraud reporting requirements. At the same time, the EBA advises NCAs “not to prioritise” enforcement of other elements of PSD2 relating to safeguarding and disclosures.
Again, the EBA has helpfully limited applicable PSD2 requirements, including requirements which could otherwise lead to inconsistencies between the regimes (as is the case seeking to apply PSD2 safeguarding requirements to EMT-related services). However, the requirements the EBA has applied are materially onerous. Requiring firms to double up on prudential requirements will impose significant capital costs, whereas SCA requirements have necessitated significant technology build in the payment services space and are likely to be operationally challenging.
Next Steps
The EBA No Action letter provides some clarity as to regulatory treatment of EMT transactions under MiCA. However, its approach does impose significant burdens on firms, and raises questions as to how services should be structured to mitigate the impact of dual authorisation and PSD2-derived regulatory requirements.
As a result, firms will need to consider what EMT services they provide, where these could constitute payment services, and whether these services can be restructured to mitigate the potential impact. To the extent dual authorisation requirements would be triggered, we anticipate firms will need to consider the availability of partnership arrangements, or engage with their NCAs to determine whether a streamlined authorisation process is available.
