After the European Commission’s letter in December 2024, which identified the risks of regulatory arbitrage stemming from diverging interpretations, risks that we also encounter in practice, the European Banking Authority (“EBA”), in its outlook, called for no immediate action regarding the PSD2’s applicability to services related to electronic money tokens (“EMTs”). On 10 June 2025, the long-awaited Opinion of the EBA (the “EBA No Action Letter”) on the interplay between Directive 2015/2366 (“PSD2”) and Regulation 2023/1114 (“MiCA”) in relation to crypto-asset service providers (“CASPs”) that transact in EMTs was finally published.
The Interplay: Issue of Dual Authorization
The interplay causing the double licensing burden arises from the fact that EMTs are deemed to be electronic money under MiCA. This results in certain crypto-asset services also falling within the scope of payment services under PSD2 when they concern EMTs.
In such instances, the EBA No Action Letter explained that these services must be performed by PSD2-authorised entities (i.e. payment service providers or PSPs). Meanwhile, MiCA seek authorisation as CASPs for undertakings providing crypto-asset services.
The EBA No Action Letter refers to PSD2, suggesting that where CASPs provide payment services (i.e. services related to EMTs which are considered payment services), they must either obtain dual authorisation (as CASP under MiCA and PSP under PSD2) or partner with a PSP.
Types of Services: What Falls In and What Falls Out?
The EBA advises national competent authorities (NCAs) not to consider the following as payment services, and therefore, no PSD2 authorisation would be needed even though the services relate to EMTs:
- the exchange of crypto-assets for funds
- the exchange of crypto-assets for other crypto-assets
However, the EBA suggests treating:
- Providing transfer services for crypto-assets on behalf of client related to EMTs
- The custody of EMTs as a payment service,
- Custodial wallets as payment accounts under PSD2 when they enable third-party transfers.
It seems that for other crypto services under MiCA not mentioned explicitly in the EBA No Action Letter as falling under the auspices of PSD 2, the payment service requirements under PSD2 are inapplicable.
The EBA No Action Letter applies to all legal entities offering or planning to offer EMT-related payment services, regardless of whether they have a CASP licence under MiCA, are operating under a national transitional regime of MiCA (so-called Virtual Asset Service Providers or VASPs), or hold a PSP licence under PSD2.
The Interim Period and After: What to Comply and When?
While MiCA's provisions on EMTs are already in operation, the regulatory framework under PSD2 remains in force until the anticipated transition to PSD3 and the Payment Services Regulation (PSR). Therefore, the EBA No Action Letter proposes a transitional period by 2 March 2026, during which no PSD2 authorisation shall be necessary for CASPs and VASPs (benefiting by the national transitional period under MiCA), dealing with EMTs.
- Initial Capital and Own Funds: During this interim period, even though there is no explicit legal provision or established supervisory practice, the EBA’s consistent emphasis throughout the EBA No Action Letter suggests that aligning with Initial Capital and Own Funds requirements without waiting for the end of the interim period would be advisable. PSD2 and MiCA set out requirements for the calculation of initial capital and own funds, both in the context of authorisation and ongoing compliance post-authorisation. The EBA emphasizes that double counting should be avoided, meaning that the same capital cannot be counted toward meeting both sets of requirements. The EBA advises NCAs to apply capital requirements on this basis, meaning that CASPs wishing to also obtain a PSP license should have sufficient capital to meet both capital requirements under MiCA and PSD 2 on a cumulative basis.
For certain obligations, the EBA calls for no action as to NCA not to enforce requirements of PSD2 until 2 March 2026, the end of the transitional period:
- Consumer Protection: The EBA understands that the application of some PSD2 protections may give rise to implementation challenges, due to the features of the Distributed Ledger technology (DLT) and the technical specificities of the crypto-assets services. Thus, NCAs are recommended refraining from enforcing disclosure of exact fees or execution times in cases where CASPs/PSPs cannot determine them in advance. Instead, providers should inform users of applicable charges and estimated execution times as early as possible.
- Security of Payment Services: MiCA requires CASPs to formalize their responsibilities through client agreements that include a description of the security measures. NCAs are advised not to prioritise enforcement of these obligations. This does not affect the liability rules under PSD2; CASPs must remind that, in cases where strong customer authentication is not applied, payers are not liable for financial losses unless they act fraudulently.
- Safeguarding: Despite industry calls for clarity, MiCA already provides strong safeguards through dual requirements, making PSD2 obligations unnecessary. The EBA also advises NCAs not to prioritise the enforcement of PSD2 concerning the safeguarding of EMTs by CASPs.
- Open Banking: As custodial wallets are classified as payment accounts, CASPs must comply with the so-called Open Banking related regulations. The EBA advises NCAs to deprioritize enforcement of Open Banking obligations in PSD2 for CASPs managing EMTs.
After 2 March 2026, if there are no regulatory updates or if a gap period arises before PSD3/PSR is adopted, then due to the overlapping regulatory scope of EMTs, both MiCA and PSD2 requirements would have to be applied cumulatively, without overriding one another. This would mean that:
- Entities would need to hold two separate licences under MiCA and PSD2.
- Initial capital and own funds would need to be calculated and maintained separately in accordance with the requirements of each regime.
- Security of payment services and safeguarding requirements under PSD2 would apply, which are broader and more stringent than the corresponding obligations under MiCA.
- To the extent permitted by DLT and the technical specificities of crypto-asset services, PSD2’s consumer protection requirements would also need to be fulfilled, potentially requiring structural changes in how these technologies are implemented.
What to Expect Ahead: Three Regulatory Scenarios to Watch
After 2 March 2026, one possibility is for EU legislators to specify which EMTs fall under PSD3/PSR and how. As the EBA also mentions in the EBA No Action Letter, this approach would involve setting out obligations for CASPs under PSD3/PSR without requiring a separate licence. From a practice perspective, this solution would be unconventional, even though it could prevent regulatory duplication. However, given that NCAs may not have the expertise to supervise payment-related obligations, it would not be the most favoured.
The least efficient option would be to exclude EMTs entirely from the scope of PSD3/PSR while also leaving MiCA unchanged. The EBA assesses that this approach would create legal uncertainty, distort competition in the EU payments market, weaken consumer protection, and enable regulatory arbitrage. As such, this is considered quite unlikely.
Therefore, we expect that it is most likely that the European Commission, Council, and Parliament will use the PSD3/PSR legislative process as an opportunity to amend MiCA, as the EBA strongly recommends in the EBA No Action Letter, to strengthen MiCA so that it covers all relevant aspects coherently and ensures that licensing falls solely under MiCA, since a single financial activity should be regulated under only one coherent framework.
By Damyan Leshev, Partner, and Inci Sevi Kaya, Consultant, Eversheds Sutherland Bulgaria
