Better Regulation logo
Table of Contents

Table of Contents

Expand all headings Collapse all headings Expand side bar Collapse side bar
Directive 2015/2366/EU - Payment Services Directive (PSD2)RecitalsTitle I Subject matter, scope and definitions (arts. 1-4)Article 1 Subject matterArticle 2 ScopeArticle 3 ExclusionsArticle 4 DefinitionsTitle II Payment Service Providers (arts. 5-37)Chapter 1 Payment institutions (arts. 5-34)Section 1 General rules (arts. 5-18)Article 5 Applications for authorisationArticle 6 Control of the shareholdingArticle 7 Initial capitalArticle 8 Own fundsArticle 9 Calculation of own fundsArticle 10 Safeguarding requirementsArticle 11 Granting of authorisationArticle 12 Communication of the decisionArticle 13 Withdrawal of authorisationArticle 14 Registration in the home Member StateArticle 15 EBA registerArticle 16 Maintenance of authorisationArticle 17 Accounting and statutory auditArticle 18 ActivitiesSection 2 Other requirements (arts. 19-21)Article 19 Use of agents, branches or entities to which activities are outsourcedArticle 20 LiabilityArticle 21 Record-keepingSection 3 Competent authorities and supervision (arts. 22-31)Article 22 Designation of competent authoritiesArticle 23 SupervisionArticle 24 Professional secrecyArticle 25 Right to apply to the courtsArticle 26 Exchange of informationArticle 27 Settlement of disagreements between competent authorities of different Member StatesArticle 28 Application to exercise the right of establishment and freedom to provide servicesArticle 29 Supervision of payment institutions exercising the right of establishment and freedom to provide servicesArticle 30 Measures in case of non-compliance, including precautionary measuresArticle 31 Reasons and communicationSection 4 Exemption (arts. 32-34)Article 32 ConditionsArticle 33 Account information service providersArticle 34 Notification and informationChapter 2 Common provisions (arts. 35-37)Article 35 Access to payment systemsArticle 35a Conditions for requesting participation in designated payment systemsArticle 36 Access to accounts maintained with a credit institutionArticle 37 Prohibition of persons other than payment service providers from providing payment services and duty of notificationTitle III Transparency of conditions and information requirements for payment services (arts. 38-60)Chapter 1 General rules (arts. 38-42)Article 38 ScopeArticle 39 Other provisions in Union lawArticle 40 Charges for informationArticle 41 Burden of proof on information requirementsArticle 42 Derogation from information requirements for low-value payment instruments and electronic moneyChapter 2 Single payment transactions (arts. 43-49)Article 43 ScopeArticle 44 Prior general informationArticle 45 Information and conditionsArticle 46 Information for the payer and payee after the initiation of a payment orderArticle 47 Information for payer's account servicing payment service provider in the event of a payment initiation serviceArticle 48 Information for the payer after receipt of the payment orderArticle 49 Information for the payee after executionChapter 3 Framework contracts (arts. 50-58)Article 50 ScopeArticle 51 Prior general informationArticle 52 Information and conditionsArticle 53 Accessibility of information and conditions of the framework contractArticle 54 Changes in conditions of the framework contractArticle 55 TerminationArticle 56 Information before execution of individual payment transactionsArticle 57 Information for the payer on individual payment transactionsArticle 58 Information for the payee on individual payment transactionsChapter 4 Common provisions (arts. 59-60)Article 59 Currency and currency conversionArticle 60 Information on additional charges or reductionsTitle IV Rights and obligations in relation to the provision and use of payment services (arts. 61-103)Chapter 1 Common provisions (arts. 61-63)Article 61 ScopeArticle 62 Charges applicableArticle 63 Derogation for low value payment instruments and electronic moneyChapter 2 Authorisation of payment transactions (arts. 64-77)Article 64 Consent and withdrawal of consentArticle 65 Confirmation on the availability of fundsArticle 66 Rules on access to payment account in the case of payment initiation servicesArticle 67 Rules on access to and use of payment account information in the case of account information servicesArticle 68 Limits of the use of the payment instrument and of the access to payment accounts by payment service providersArticle 69 Obligations of the payment service user in relation to payment instruments and personalised security credentialsArticle 70 Obligations of the payment service provider in relation to payment instrumentsArticle 71 Notification and rectification of unauthorised or incorrectly executed payment transactionsArticle 72 Evidence on authentication and execution of payment transactionsArticle 73 Payment service provider's liability for unauthorised payment transactionsArticle 74 Payer's liability for unauthorised payment transactionsArticle 75 Payment transactions where the transaction amount is not known in advanceArticle 76 Refunds for payment transactions initiated by or through a payeeArticle 77 Requests for refunds for payment transactions initiated by or through a payeeChapter 3 Execution of payment transactions (arts. 78-93)Section 1 Payment orders and amounts transferred (arts. 78-81)Article 78 Receipt of payment ordersArticle 79 Refusal of payment ordersArticle 80 Irrevocability of a payment orderArticle 81 Amounts transferred and amounts receivedSection 2 Execution time and value date (arts. 82-87)Article 82 ScopeArticle 83 Payment transactions to a payment accountArticle 84 Absence of payee's payment account with the payment service providerArticle 85 Cash placed on a payment accountArticle 86 National payment transactionsArticle 87 Value date and availability of fundsSection 3 Liability (arts. 88-93)Article 88 Incorrect unique identifiersArticle 89 Payment service providers' liability for non-execution, defective or late execution of payment transactionsArticle 90 Liability in the case of payment initiation services for non-execution, defective or late execution of payment transactionsArticle 91 Additional financial compensationArticle 92 Right of recourseArticle 93 Abnormal and unforeseeable circumstancesChapter 4 Data protection (art. 94)Article 94 Data protectionChapter 5 Operational and security risks and authentication (arts. 95-98)Article 95 Management of operational and security risksArticle 96 Incident reportingArticle 97 AuthenticationArticle 98 Regulatory technical standards on authentication and communicationChapter 6 ADR procedures for the settlement of disputes (arts. 99-103)Section 1 Complaint procedures (arts. 99-100)Article 99 ComplaintsArticle 100 Competent authoritiesSection 2 ADR procedures and penalties (arts. 101-103)Article 101 Dispute resolutionArticle 102 ADR proceduresArticle 103 PenaltiesTitle V Delegates acts and regulatory technical standards (arts. 104-106)Article 104 Delegated actsArticle 105 Exercise of the delegationArticle 106 Obligation to inform consumers of their rightsTitle VI Final provisions (arts. 107-116)Article 107 Full harmonisationArticle 108 Review clauseArticle 109 Transitional provisionArticle 110 Amendments to Directive 2002/65/ECArticle 111 Amendments to Directive 2009/110/ECArticle 112 Amendments to Regulation (EU) No 1093/2010Article 113 Amendment to Directive 2013/36/EUArticle 114 RepealArticle 115 TranspositionArticle 116 Entry into forceArticle 117 AddressesAnnex I Payment servicesAnnex II Correlation tableDone at
Page Overview
Related
Document Overview
Tools
Set a date to view the document
Text comparison options
Full text - Date 1 vs Date 2
Amendments requiring commencement - Current text vs Text requiring commencement
Draft proposed changes - Current text vs Text proposed by drafting documents
Recently generated comparisons
2026-05-21 vs. 2026-05-21
Print / Export options
Current page
Whole document
Selected pages
Consolidated PDF of the entire document as of 17th June 2026
Export
Export line by line
Export provision to provision
Report template
Create report template
Alert me to changes
Manage alerts
Bookmarks
This page
This document
Manage bookmarks
Search within this document
View previous searches
Share
Get page link
Share via email application

AI Summary of Article 96 Incident reporting

Payment service providers must notify, without undue delay, the competent authority in their home Member State of any major operational or security incident and must inform affected payment service users without undue delay when users’ financial interests are or may be affected, including measures to mitigate harm. The competent authority shall promptly provide incident details to the EBA and the ECB, assess relevance for domestic authorities and notify them; EBA and the ECB, with the competent authority, shall assess and notify other Union and national authorities, and the ECB shall inform members of the European System of Central Banks. Competent authorities shall take necessary measures to protect the immediate safety of the financial system.

By 13 January 2018 EBA, with the ECB and after stakeholder consultation, shall issue guidelines to (i) payment service providers on classification of major incidents, notification content, format, templates and procedures; and (ii) competent authorities on criteria to assess relevance and report details to share. EBA and the ECB shall review the guidelines at least every two years and take account of ENISA standards. Member States must ensure providers supply annual statistical fraud data to competent authorities, who shall provide aggregated data to the EBA and the ECB. Paragraphs 1–5 do not apply to specified exempt categories under the Directive and Directive 2009/110/EC.

PreviousNext
Version status: Amended | Document consolidation status: Updated to reflect all known changes
Version date: 16 January 2023 - onwards
Version 3 of 3

Article 96 Incident reporting

DRAFT To be repealed Article 48 Repeal of the Proposal for a Directive of the European Parliament and of the Council on payment services and electronic money services in the Internal Market amending Directive 98/26/EC and repealing Directives 2015/2366/EU and 2009/110/EC (COM(2023) 366 final / 2023/0209 (COD)) (PSD3) (updated 17 April 2026 with 'I' ITEM NOTE and Note)
View:
Current text Draft text as it may be read Compare current vs draft text Whole document current text vs draft text

1. In the case of a major operational or security incident, payment service providers shall, without undue delay, notify the competent authority in the home Member State of the payment service provider.

Where the incident has or may have an impact on the financial interests of its payment service users, the payment service provider shall, without undue delay, inform its payment service users of the incident and of all measures that they can take to mitigate the adverse effects of the incident.

2. Upon receipt of the notification referred to in paragraph 1, the competent authority of the home Member State shall, without undue delay, provide the relevant details of the incident to EBA and to the ECB. That competent authority shall, after assessing the relevance of the incident to relevant authorities of that Member State, notify them accordingly.

EBA and the ECB shall, in cooperation with the competent authority of the home Member State, assess the relevance of the incident to other relevant Union and national authorities and shall notify them accordingly. The ECB shall notify the members of the European System of Central Banks on issues relevant to the payment system.

On the basis of that notification, the competent authorities shall, where appropriate, take all of the necessary measures to protect the immediate safety of the financial system.

PreviousNext