MiCA and PSD2: EBA issues No Action letter on dual authorisation

On 10 June 2025, the EBA issued a No Action letter setting out its opinion on the interplay between Regulation (EU) 2023/1114 on markets in crypto-assets (“MiCA”) and Directive (EU) 2015/2366 on payment services (“PSD2”), particularly in relation to crypto-asset service providers (“CASPs”) that transact with electronic money tokens (“EMTs”) who fall within scope of both regimes. The EBA’s publication follows the European Commission’s letter in December 2024 regarding the overlap between MiCA and PSD2 (see our previous article here).

Background: dual nature of Electronic Money Tokens (EMTs)

The intersection between MiCA and PSD2 arises from the dual nature of EMTs, which are defined under MiCA as “a type of crypto-asset that purports to maintain a stable value by referencing the value of one official currency”. EMTs are also “deemed to be electronic money” under Article 48(2) of MiCA, and therefore also fall within meaning of “funds” under PSD2.

Accordingly, CASPs providing payment services relating to EMTs may be subject to dual authorisation requirements as CASPs under MiCA and as payment institutions under PSD2. Until now, a key area of uncertainty has been the question of which types of CASP services involving EMTs would also be regarded as payment services under PSD2, and the regulatory treatment of such services.

Payment services vs Crypto-asset services

The EBA advises that the following MiCA activities should be regarded as payment services under PSD2:

1. transfer services involving EMTs (under Article 3(1) point 26 of MiCA),
2. custody and administration of EMTs where the service allows for the transfer of EMTs to and from third parties (and, accordingly, the relevant custodial wallets would constitute payment accounts).

The EBA further advises that NCAs should not regard the exchange of crypto-asset for funds or other crypto-assets (as per Article 3(1), points 19 and 20 of MiCA) as a payment service. NCAs should also not require CASPs that intermediate the purchase of crypto-assets using EMTs to obtain PSD2 authorisation.

Dual authorisation: EBA advises No Action under PSD2

The EBA’s letter confirms that carrying out certain crypto-asset services relating to EMTs under MiCA which qualify as payment services would require the CASP in question to obtain an additional authorisation under PSD2. In the immediate term, the EBA advises national competent authorities (“NCAs”) to only enforce the authorisation requirements under PSD2 for such CASP activities from 2 March 2026 onwards.

The EBA also advises NCAs not to prioritise the supervision and enforcement of certain requirements under PSD2, such as:

• article 10 of PSD2 in relation to the safeguarding of EMTs by CASPs,
• information requirements (e.g. providing users with information on charges and maximum execution times),
• Open Banking provisions, and
• until 2 March 2026, strong customer authentication (“SCA”) requirements and payment fraud reporting requirements.

Additionally, the EBA advises NCAs to:

• streamline the authorisation process such as simplifying the information that regulated CASPs should be required to provide when applying for a licence under PSD2 (e.g. allowing such CASPs to rely on information already provided to the NCA),
• apply capital requirements under PSD2 and MiCA on a cumulative basis.

PSD3/PSR: Long term recommendations

The EBA acknowledges that the application of several pieces of law to the same financial activity should be avoided, especially where such a situation imposes multiple authorisation requirements on firms.

In the longer term, the EBA advises the EU Commission, Council and Parliament to either:

1. make use of the ongoing legislative process regarding the future regime under the Third Payment Services Directive (PSD3) and Payment Services Regulation (PSR) (“PSD3/PSR”) to strengthen MiCA, by incorporating appropriate requirements and standards for CASPs carrying out services involving EMTs that qualify as payment services.

   Under this approach, PSD3/PSR would not apply to CASPs (although the amended MiCA may cross-refer or reproduce relevant provisions of the forthcoming PSD3/PSR), such that those CASPs will not need obtain a second authorisation under PSD3/PSR; or

2. if the first approach is not feasible, the EBA proposes that PSD3/PSR should set out which types of CASP services would fall in scope of the payments regime, and to detail how PSD3/PSR would apply.

Under this approach, PSD3/PSR would therefore need to set out requirements applicable to relevant CASPs, without actually requiring such CASPs to be authorised under PSD3/PSR. The EBA acknowledges that this is an unusual approach but would be required to avoid imposing dual authorisation requirements.

The EBA clarifies that its advice is aimed at reducing compliance burden for firms that fall in scope of both regimes—it is not an indication that the EBA considers the current requirements under MiCA to be sufficiently robust to address the risks arising from EMT-related activities. In particular, the EBA notes that payment services and electronic money are more tightly regulated under PSD2 and the Second Electronic Money Directive (EMD2) than crypto-asset activities are regulated under MiCA.

Authored by Christina Wu and Lavan Thasarathakumar.