Open Banking and PSD3: What UK Payment Firms Should Prepare For

Open banking in the UK is entering its next phase of development, moving beyond the initial read-only account information and payment initiation services into more sophisticated use cases including variable recurring payments, premium APIs and broader data sharing. Simultaneously, the EU is advancing PSD3 and the Payment Services Regulation (PSR), which will reshape the European payments landscape. UK payment firms must navigate both the domestic evolution and the growing UK-EU regulatory divergence. This article examines the key developments and their practical implications.

The Next Phase of UK Open Banking

The UK's open banking framework, originally driven by the Competition and Markets Authority (CMA) Open Banking Implementation Entity (OBIE), is transitioning to a new regulatory and governance structure. Key developments include:

Variable recurring payments (VRPs). VRPs allow customers to authorise payment service providers to make recurring payments of variable amounts from their bank accounts — enabling use cases such as subscription management, utility bill payments and automated savings. VRPs represent a significant expansion of open banking payment initiation and are expected to be a major growth area for payment institutions.

Premium APIs. The open banking ecosystem is developing premium API services that go beyond the regulatory minimum, offering enhanced data, faster payment processing and additional functionality. Premium APIs create commercial opportunities for both banks and payment service providers.

Expanded scope. The FCA is expected to expand the scope of mandatory API access beyond the original CMA9 banks, potentially requiring more credit institutions and payment firms to provide open banking interfaces.

EU PSD3 and the Payment Services Regulation

The EU is advancing PSD3 and the Payment Services Regulation (PSR) as replacements for PSD2. Key proposals include:

• Strengthened customer authentication requirements
• Enhanced liability frameworks for payment fraud
• Expanded open banking obligations for payment accounts
• New requirements for payment initiation services
• Harmonised rules on transaction fees and pricing transparency

For UK payment firms serving EU customers through passported or locally authorised entities, PSD3/PSR compliance will be a significant implementation programme. The timeline for PSD3 implementation is expected to be 2027–2028.

UK-EU Regulatory Divergence

Post-Brexit, the UK and EU payments regulatory frameworks are increasingly diverging. While both systems share common roots in PSD2, the UK's approach to open banking, safeguarding (PS25/12) and cryptoasset regulation differs from the EU's approach under PSD3, EMD2 revision and MiCA. Firms operating in both markets must maintain parallel compliance frameworks and monitor developments in both jurisdictions.

What UK Payment Firms Should Prepare For

1. VRP capabilities. If your business model involves recurring payment initiation, prepare for VRP integration. This includes technology readiness, customer consent management and risk management for variable payment mandates.

1. API strategy. Assess whether premium API services create commercial opportunities for your business.

1. PSD3 impact assessment. If you serve EU customers, begin assessing the impact of PSD3/PSR on your EU operations.

1. Authentication upgrades. Both the UK and EU are strengthening customer authentication requirements. Ensure your SCA implementation is robust and adaptable.

1. Regulatory monitoring. Establish a structured process for monitoring UK and EU payments regulatory developments and assessing their impact on your business.

Regulatory Counsel advises payment firms on open banking strategy, PSD3 preparation and UK-EU regulatory compliance. Contact us for a free initial consultation.