Introduction
The European Banking Authority (EBA) has issued a critical No-Action Letter on 10 June 2025, clarifying the regulatory interaction between the revised Payment Services Directive (PSD2) and the Markets in Crypto-Assets Regulation (MiCA). EBA’s guidance is especially relevant for Crypto-Asset Service Providers (CASPs) engaging in transactions involving electronic money tokens (EMTs).
This article explores what this means for fintech firms, crypto platforms, and legal compliance teams, and how businesses should respond before the upcoming PSD3/PSR framework enters into force.
1. What Is the Issue Between PSD2 and MiCA?
MiCA and PSD2 are two distinct pillars of EU financial regulation:
- PSD2 governs payment services in the EU.
- MiCA introduces a unified regulatory framework for crypto-assets, including e-money tokens.
Confusion arises because EMTs, while regulated under MiCA, are also considered electronic money under PSD2. This dual nature creates regulatory uncertainty, particularly around whether certain services, like custody or transfer of EMTs, trigger dual licensing obligations.
The result? Many CASPs could be required to hold two separate licenses: one under MiCA and another under PSD2, a burden both the industry and regulators find excessive.
2. Key Takeaways from the EBA No-Action Letter
The EBA’s No-Action Letter, published on 10 June 2025, provides regulatory breathing space by delaying enforcement of certain PSD2 obligations for CASPs engaging in EMT-related activities.
EMT Services That Trigger PSD2 Authorisation:
According to the EBA, these activities qualify as “payment services” under PSD2:
- Transfers of EMTs on behalf of clients.
- Custody and administration of EMTs through custodial wallets.
- Use of custodial wallets to send or receive EMTs.
These services require PSD2 authorisation, unless the CASP partners with a licensed PSP.
EMT Services That DO NOT Require PSD2 Licensing:
The following services are not considered payment services and do not require dual authorisation:
- Exchange of crypto-assets for fiat or other crypto-assets.
- Use of EMTs to purchase other crypto-assets e.g., stablecoin-for-token swaps.
- Transfers of EMTs not conducted on behalf of clients.
3. Transitional Guidance: Enforcement Paused Until March 2026
To ease the compliance burden, the EBA has granted a transition period until 2 March 2026. During this period, National Competent Authorities (in Cyprus, CySEC) are advised:
- Not to enforce authorisation requirements under PSD2 for EMT-related services immediately.
- To streamline the authorisation process for CASPs applying for PSD2 licences.
- To rely on documentation already submitted under MiCA.
This allows CASPs to continue operations while working toward compliance, avoiding service disruption.
After the transition period, the following PSD2 provisions will be enforced for EMT-related services:
- Strong Customer Authentication: Mandatory for accessing custodial wallets and initiating EMT transfers.
- Fraud reporting: Aligned with PSD2 fraud monitoring obligations.
- Cumulative capital and own funds requirements: CASPs must meet both MiCA and PSD2 financial thresholds.
Other requirements, such as consumer disclosure rules, unique identifiers (e.g., IBAN), and SEPA Regulation compliance, will be deprioritised due to blockchain-specific limitations.
4. Long-Term Fix: PSD3 and MiCA Amendment
The EBA urges EU lawmakers to address this regulatory overlap through either:
Preferred Solution: Strengthen MiCA:
- Embed key PSD2-style consumer protections and security rules directly into MiCA.
- Remove the need for separate PSD2 licensing for EMT-related services.
Alternative: Adjust PSD3:
- Allow PSD3/PSR to regulate EMT transfers without requiring CASPs to be licensed under PSD3.
- Avoids full dual regulation, but requires coordination between MiCA and PSD3 regulators.
Both approaches aim to reduce compliance burdens and ensure regulatory clarity and consistency across the EU.
5. Why This Matters for CASPs, Fintechs & Legal Teams
The EBA’s guidance affects:
- Crypto exchanges offering stablecoins and wallet services.
- Blockchain platforms that facilitate EMT-based payments.
- Payment institutions branching into digital assets.
- Compliance officers and legal counsels tasked with licensing strategies.
Failure to obtain the necessary authorisation, or to partner with a PSP, by March 2026 could result in regulatory enforcement and service bans.
6. Key Compliance Recommendations for CASPs
To ensure legal continuity, CASPs shall:
- Assess EMT-related services: Identify which services involve EMT transfers or custody on behalf of clients.
- Decide their authorisation path: Apply for a PSD2 licence; OR establish a partnership with a licensed PSP.
- Prepare for Strong Customer Authentication and fraud reporting compliance by 2 March 2026.
- Avoid offering EMT services that imply payment functionality without meeting PSD2 obligations.
- Monitor PSD3 and MiCA amendments as future obligations could shift.
The EBA’s No-Action Letter marks a pivotal moment for the European digital finance landscape. It acknowledges the growing convergence between crypto-assets and payments, while offering temporary regulatory relief. However, the window to act is limited. Firms operating with EMTs must use this time wisely to align their operations and licensing with evolving EU regulatory expectations.
At POLEMIDIOTIS LAW, we advise leading fintechs, crypto-asset platforms, and financial institutions on navigating EU regulatory frameworks.
Disclaimer
This article does not constitute legal advice and is not intended to provide an exhaustive analysis of the topic. For information or guidance on this matter, you should seek legal counsel. You may contact us for appropriate assistance.
