What Is a PSD2 License? The Complete Guide for Fintech & Crypto Startups

The digital payments market in Europe is expanding at an unprecedented and explosive rate. However, gaining unrestricted access to this highly lucrative space requires expertly navigating the complexities of the Second Payment Services Directive, commonly known as PSD2. 

It is important to understand from the outset that a PSD2 license is not a single physical document that a company can simply purchase off the shelf. Rather, it is a formal, highly regulated authorisation granted to Payment Institutions (PIs) and Electronic Money Institutions (EMIs) operating under Directive (EU) 2015/2366.

Achieving this authorisation is a monumental task that requires meticulous legal structuring, robust financial health, and a deep understanding of European regulatory expectations (1). LegalBison specialises in simplifying this complex authorisation process for global clients, ensuring that your innovative business model aligns perfectly with the strict requirements of European financial regulators.

Before you continue: Everything You Need to Know About the PSD2 Regulation Transition Period

The core of PSD2: Why it exists

To successfully apply for a license, you must first understand the regulatory philosophy behind it. The European Union introduced this sweeping directive with several clear, transformative objectives in mind. 

The primary goals are increasing overall market transparency, dramatically enhancing consumer security through mechanisms like Strong Customer Authentication (SCA), and fostering a significantly more competitive financial landscape across all member states.

A cornerstone of this legislation is the Open Banking revolution. For decades, traditional banks held a strict monopoly on customer account data and payment infrastructure. PSD2 completely breaks this bank monopoly, legally allowing authorised Third Party Providers (TPPs) to enter the market securely. 

Through Open Banking, banks are legally obligated to provide these third-party fintech companies with secure, programmatic access to financial information and payment initiation networks, provided the end customer has given explicit consent. This levels the playing field, allowing agile startups to build innovative budgeting apps, alternative payment gateways, and sophisticated financial dashboards without needing to become a fully chartered bank themselves.

Types of PSD2 authorisations and which one you need

Choosing the correct authorisation is the absolute most critical first step in your compliance journey. The directive carefully categorises different financial activities into specific roles, each with its own strict set of rules, capital requirements, and permissions. You must align your business model with one of the following licenses:

• Account Information Service Provider (AISP): This authorisation grants read-only access to bank data, making it the ideal choice for budgeting applications, credit scoring tools, and financial analytics platforms that aggregate data but do not move money;
• Payment Initiation Service Provider (PISP): This highly sought-after status allows a company to directly initiate payments on behalf of a user from their bank account, which is a common requirement for streamlined e-commerce checkouts and account-to-account transfer services;
• Payment Institution (PI): This comprehensive and versatile license is designed for companies focused on processing transactions, conducting international money remittance, and acquiring payment transactions for merchants;
• Electronic Money Institution (EMI): This is a crucial distinction from a standard PI, as EMIs can perform all the functions of a PI while also possessing the unique, heavily regulated ability to issue electronic money, enabling the creation of digital fiat wallets and branded prepaid cards.

Startups often confuse the PI and EMI classifications when drafting their initial business plans. If your business model involves storing client funds in a wallet for future use over an extended period, you will very likely need an EMI license. If you only process funds continuously from point A to point B without holding them, a PI license may suffice.

Request a free consultation with our experts

PSD2 and the crypto industry

The intersection between traditional finance and decentralised technology is currently the most heavily scrutinised area by European regulators. While the crypto asset market itself is primarily regulated under comprehensive frameworks like the Regulation (EU) 2023/1114 on markets in crypto-assets (MiCA), crypto businesses interacting with fiat currency often require PSD2 authorisation. If your platform offers fiat on-ramps, off-ramps, or issues crypto-backed debit cards, you are acting as a bridge to traditional finance.

The European Banking Authority (EBA) has provided critical, definitive guidance on the interplay between PSD2 and MiCA, specifically concerning the authorisation and supervision of Crypto-Asset Service Providers (CASPs) that carry out transactions using electronic money tokens (EMTs). The EBA advises national competent authorities (NCAs) to consider a broad subset of crypto-asset services involving EMTs as regulated payment services that will absolutely require an authorisation under PSD2.

This requirement is remarkably expansive and captures activities many founders assume are exempt. For example, the execution of transfers involving EMTs qualifies as a payment service regardless of whether the custodial wallets offered by the CASP officially qualify as standard payment accounts under national law. 

Furthermore, PSD2 does not make an exception for payment transactions executed to or from different payment accounts held by the exact same user. Therefore, even first-party transfers of EMTs still qualify as payment transactions and are fully subject to PSD2 rules. Where a CASP provides custody and executes transfers of EMTs on behalf of clients, these transfers may themselves constitute payment transactions requiring formal authorisation.

To manage this complex overlap, the EBA issued a No Action letter (NAL) on 10 June 2025, providing a transition period that ends on 2 March 2026. This transition period was intentionally limited to a brief nine months to minimise the time during which unauthorised entities could provide payment services in the EU. Consequently, more than 100 CASPs have already approached NCAs or submitted applications for authorisation as payment service providers. 

Obtaining this license is vital for compliance, as NCAs will strictly check that the applicant has not infringed any requirements under MiCA, national Virtual Asset Service Provider regimes, or other EU laws such as anti-money laundering (AML) and counter-terrorist financing (CFT) directives. Without this authorisation by the deadline, NCAs are advised to require the CASP to cease providing EMT payment services and aggressively offboard clients.

Also read: How to Ensure Your Crypto Business Aligns With PSD2 Compliance in 2026

Still unsure? Talk to LegalBison experts

Key requirements for obtaining a license

Acquiring a payment license is a rigorous, multi-layered process that demands significant preparation and capital. Regulatory bodies evaluate applicants across several strict criteria to ensure the utmost stability of the European financial system:

• Initial capital: The exact financial threshold depends heavily on your specific business activities;
• Safeguarding funds: You are under a strict, non-negotiable requirement to keep customer funds completely separate from company operational funds through segregated bank accounts or comprehensive insurance policies, with the EBA noting specific supervisory priorities regarding the safeguarding of EMTs;
• Physical presence: Your business must establish a genuine, operational head office and maintain a real, localised management presence within the specific country where you are applying for the license;
• Governance: You must implement robust internal controls, comprehensive risk management frameworks, and rigorous AML procedures that meet the highest European standards.

Passporting: The European advantage

One of the most powerful and commercially valuable benefits of the European regulatory framework is the concept of passporting. Obtaining a PSD2 license in a single member state effectively unlocks the entire continent. It allows your business to legally provide its authorised payment services across the entire European Economic Area (EEA) without the burdensome, costly need for further authorisations or redundant licensing in each individual country.

Strategic jurisdiction selection is an absolutely vital component of maximising this advantage. Countries like Lithuania have cultivated highly fintech-friendly environments with accessible regulators, while jurisdictions like the Netherlands, Ireland, and Germany offer robust, internationally respected regulatory frameworks. LegalBison expertly assists your startup in choosing the exact right jurisdiction based on your specific operational needs, capital constraints, and target demographics.

How LegalBison facilitates the process

Navigating the lengthy and highly technical authorisation process requires an expert partner. A minor error in your application can result in months of delays or an outright rejection from the regulator. LegalBison provides comprehensive, end-to-end legal support to ensure your application meets and exceeds the exacting standards of European regulators.

Our specialised services include:

• Assistance with meticulous document preparation, including the drafting of your comprehensive Business Plan and Programme of Operations, ensuring total compliance with Article 5 of PSD2 and the relevant EBA Guidelines on the authorisation of payment institutions;
• Navigating the complex Fit and Proper assessments for your company directors and key management personnel, ensuring their backgrounds withstand intense regulatory scrutiny;
• Connecting directly with regulators, such as the Bank of Lithuania or the Central Bank of Ireland, to guide your application smoothly through the pipeline;
• Ensuring that your company responds to all complex queries from the NCA under PSD2 in an exhaustive, transparent, and expeditious manner, which is a mandatory condition for pending applications;
• Helping secure a positive preliminary assessment so that there are reasonable grounds for the regulator to expect your application will be approved rapidly.

Securing a PSD2 authorisation is far more than just a legal obligation for fintech and crypto startups. It is a profound strategic asset that builds immediate trust with your users, unlocks elite banking partnerships, and ensures your longevity in the European market. 

With the transition periods for critical MiCA and PSD2 intersections closing rapidly on 2 March 2026, the time to act is right now. Contact LegalBison today to assess your specific licensing requirements and begin your expedited journey toward full European compliance.

Free consultation for your crypto company set-up

Reference:

(1) https://www.centralbank.ie/docs/default-source/regulation/industry-market-sectors/electronic-money-institutions/authorisation-process/guidance-on-the-psd2-specific-requirements.pdf