Brite Payments logo
Contact
Menu
Edit Template
Table of Contents
Back to all articles
  • Article

EU Payment Regulations 2026: What You Need to Know

EU Payments Regulations 2026 hero image

Europe’s financial sector is entering a major transition. Over the next two years, a wave of new regulations will reshape how payments, compliance, and digital identity work across the EU.

From real-time payments under the Instant Payments Regulation (IPR) to stronger anti-money laundering rules, crypto-asset reporting, and the rollout of the European Digital Identity (EUDI) Wallet, the pace of regulatory change is accelerating.

For banks, fintechs, and payment service providers, 2026 will be a defining year that tests readiness, drives innovation, and sets the foundation for a more connected and transparent financial ecosystem.

In this article, we’ll cover EU payment regulations in 2026 and what institutions should prepare for to meet requirements and strengthen their position in a competitive market.

Instant Payments Regulation (IPR)

The Instant Payments Regulation (IPR) is driving the EU towards real-time euro transfers as the norm. Although the regulation entered into force in April 2024, 2026 marks a critical year as payment service providers (PSPs) prepare for their first mandatory reporting in April.

The IPR requires all euro-denominated payments to be processed within seconds, 24/7, including weekends and holidays. Fees for instant payments must match traditional credit transfers, and banks and PSPs must implement robust fraud prevention and IBAN-name verification to reduce errors and misdirected payments.

By 2026, most banks in the eurozone will be capable of sending and receiving instant payments. The focus shifts to regulatory oversight: PSPs will report on service availability, adoption rates, and compliance, while the European Commission and the EBA utilise this data to monitor progress, identify bottlenecks, and inform enforcement.

Instant payments improve cash flow and liquidity for businesses, while consumers benefit from faster, more convenient transactions. The regulation also standardises cross-border payments, fostering competition and innovation among banks and fintechs.

IPR implementation timeline:

  • April 2024: IPR enters into force.
  • January 2025: Eurozone banks must be able to receive instant payments.
  • October 2025: Eurozone banks must be able to send instant payments.
  • April 2026: First mandatory PSP reporting to regulators on service availability, adoption rates, and compliance.
  • January 2027: Non-eurozone banks must be able to receive instant payments.
  • July 2027: Non-eurozone banks and non-bank PSPs (EMIs, PIs) must be able to send instant payments.

Looking ahead

The April 2026 reporting marks the transition from implementation to assessment, giving PSPs a compliance checkpoint and an opportunity to develop new services built on real-time settlement.

By making instant payments widely available, secure, and affordable, the IPR is set to reshape the EU payments ecosystem, benefiting consumers, businesses, and regulators alike.

Payment Services Directive 3 (PSD3)

The Payment Services Directive third revision (PSD3) is the next step in modernising EU payments regulations 2026. Proposed by the European Commission, PSD3 builds on PSD2 and aims to enhance consumer protection, payment security, and innovation in the payments sector.

The European Parliament and the European Council have reviewed the proposal, each issuing draft texts. The three parties are now working to reach a political agreement, with a final version expected in Q1 or Q2 of 2026. Once adopted, member states will begin transposing the directive into national law.

PSD3 introduces several updates compared with PSD2. These include stricter risk management requirements, improved transparency for consumers, and measures to support emerging payment methods and open banking services. The directive is also expected to clarify responsibilities for third-party providers and strengthen oversight to address evolving cyber threats.

Overall, PSD3 aims to strengthen regulatory clarity, encourage competition, and support the development of secure, innovative payment services across the EU, ensuring the regulatory framework keeps pace with technological and market developments.

PSD3 Implementation timeline:

  • Q1–Q2 2026: Expected final political agreement between the European Commission, European Parliament, and European Council.
  • Post-adoption 2026: EU Member States begin transposing PSD3 into national law.
  • 2026–2027: Financial institutions, fintechs, and payment service providers prepare to update systems, risk management, and compliance frameworks in line with PSD3 requirements.
  • Following national transposition: PSD3 obligations become legally binding, including enhanced consumer protection, open banking support, and cybersecurity measures.

Looking ahead

With a final version expected in early 2026, PSD3 will soon move into national implementation, requiring banks, fintechs, and payment providers to adapt their systems and compliance processes.

PSD3’s focus on risk management, consumer protection, and emerging payment methods will drive innovation and competition, helping the EU build a more secure and future-ready payments ecosystem.

eIDAS 2.0

The eIDAS 2.0 regulation is set to transform digital identity across the EU by introducing the European Digital Identity (EUDI) Wallet. These wallets enable citizens and businesses to securely store and share official documents, identity information, and credentials for a wide range of public and private services.

A key milestone is November 2026, when all EU Member States must make at least one fully operational and certified EUDI Wallet available to their citizens and businesses. This mandatory deadline ensures that digital identity solutions are interoperable across borders, supporting seamless access to services throughout the EU.

The rollout of EUDI Wallets aims to increase trust in digital transactions, simplify access to public and private services, and promote a more secure and user-friendly digital ecosystem. By standardising digital identities across the EU, eIDAS 2.0 helps governments, businesses, and individuals navigate the digital economy safely and efficiently.

eIDAS 2.0 implementation timeline:

  • November 2026: All EU Member States must provide citizens and businesses with at least one fully operational and certified EUDI Wallet.
  • Post-November 2026: Member States and service providers ensure cross-border interoperability and full integration of digital identity solutions into public and private services.

Looking ahead

With EU Member States required to offer at least one fully operational and certified EUDI Wallet by November 2026, citizens and businesses can expect smoother access to public and private services. Governments and companies will need to adapt systems and processes to integrate these digital identities securely and efficiently.

Anti-Money Laundering (AML) – EU Package

The EU’s Anti-Money Laundering (AML) Package represents the most significant update to Europe’s AML/CFT framework in over a decade.

Published in June 2024, the package includes three main laws: the AML Regulation (AMLR), the Sixth AML Directive (AMLD6), and the Anti-Money Laundering Authority Regulation (AMLAR), which establishes the new European Anti-Money Laundering Authority (AMLA) in Frankfurt.

Together, these measures aim to harmonise AML rules across the EU, replacing the current patchwork of national regimes with a single, consistent rulebook. The reforms expand AML obligations to crypto-asset service providers, luxury-goods traders, and real-estate professionals, while strengthening beneficial ownership transparency and improving access to financial and real-estate data for authorities.

AML Package implementation timeline:

  • 1 July 2025: AMLA becomes operational and begins setting technical standards.
  • 10 July 2026: Member States must implement key beneficial ownership registry rules under AMLD6.
  • 10 July 2027: The AMLR applies in full, and Member States must transpose the rest of AMLD6.

Looking ahead

By 2026, AMLA and the EBA will issue detailed technical standards, marking the start of the framework’s operational phase. Financial institutions, fintechs, and crypto-asset providers should use this time to review compliance frameworks, strengthen customer due diligence systems, and enhance governance and reporting.

Crypto-Asset Reporting (DAC8)

The Eighth Directive on Administrative Cooperation (DAC8) marks a major step in the EU’s efforts to enhance tax transparency and oversight of digital assets. Entering into force on 1 January 2026, DAC8 expands the scope of mandatory tax reporting to include crypto-asset service providers (CASPs), e-money institutions, and financial institutions holding or transacting in digital assets.

Under DAC8, CASPs must collect, verify, and report detailed personal and tax information – including the Tax Identification Number (TIN), address, and date of birth – for every client. EU tax authorities will automatically exchange this data to improve compliance and prevent tax evasion.

The directive aligns with the OECD’s Crypto-Asset Reporting Framework (CARF) and updates the Common Reporting Standard (CRS) to include crypto-assets and digital currencies such as e-money and central bank digital currencies (CBDCs). Existing Reporting Financial Institutions (RFIs) will face expanded due diligence and reporting obligations, ensuring consistent oversight across traditional and digital financial sectors.

DAC8 Implementation timeline:

  • 1 January 2026: DAC8 enters into force; CASPs begin collecting and verifying client tax data.
  • 30 June 2027: First reports due for the 2026 financial year, covering transactions and client information.

Looking ahead

The rollout of DAC8 marks the beginning of a new era of cross-border tax transparency for digital assets. CASPs and financial institutions must now implement robust compliance frameworks – including self-certification processes, monitoring of client tax residency, and updated reporting systems.

With DAC8 complementing existing CRS and FATCA obligations, firms that act early to integrate CARF and CRS reporting processes will be best positioned to meet regulatory expectations and avoid duplication. As enforcement ramps up in 2026 and 2027, the directive will strengthen confidence in the EU’s digital asset ecosystem through greater transparency, accountability, and consistency.

Read more: Crypto-Assets and CRS Compliance: DAC 8 redefines the rules

European Banking Authority (EBA) – Guidelines on Sanctions

The European Banking Authority (EBA) has introduced new guidelines on the management of sanctions compliance, set to take effect on 30 December 2025. These guidelines strengthen the EU’s financial sanctions framework by ensuring that financial institutions across the Union apply a consistent, risk-based approach to identifying, preventing, and reporting sanctions breaches.

Developed in response to increased geopolitical tensions and the growing complexity of sanctions regimes, the guidelines require banks, payment institutions, and other financial entities to establish robust internal controls and governance frameworks for sanctions compliance. This includes clear board-level accountability, effective customer due diligence (CDD) processes, and the integration of sanctions screening into broader AML and counter-terrorist financing (CFT) systems.

Institutions must also maintain detailed policies for handling frozen assets, blocked transactions, and error remediation, ensuring that decisions are traceable and well-documented. The guidelines emphasise ongoing staff training, monitoring of sanctions updates, and testing of screening tools to ensure their accuracy and responsiveness.

Sanctions implementation timeline:

  • 30 December 2025: EBA Guidelines on Sanctions become applicable.
  • 2026–onwards: National competent authorities will begin assessing institutions’ compliance frameworks as part of supervisory reviews.

Looking ahead

With the EBA Guidelines coming into force at the end of 2025, financial institutions have a short window to align internal systems, governance, and technology with the new expectations. Firms should prioritise gap assessments, strengthen screening and escalation procedures, and ensure board-level oversight of sanctions risk management.

By harmonising sanctions compliance standards across the EU, the EBA aims to enhance financial system integrity, reduce fragmentation, and bolster the EU’s ability to enforce restrictive measures effectively and consistently.

Read more: EBA Guidelines: Press Release

Navigating the next phase of EU payment regulations 2026

2026 is a pivotal year in the EU payment regulations landscape. From the first mandatory IPR reporting in April to the rollout of EUDI Wallets in November, financial institutions, fintechs, and regulators face a year of significant implementation and oversight milestones.

PSD3, DAC8, and the AML Package further reinforce the EU’s commitment to enhancing consumer protection, financial transparency, and operational resilience. Meanwhile, the EBA Guidelines on Sanctions establish a harmonised framework to ensure consistent risk-based compliance across the Union.

These developments highlight the need for businesses and service providers to review systems, strengthen governance, and implement robust compliance frameworks. At the same time, consumers and citizens can expect faster, more secure, and more convenient payment and digital identity services, alongside improved trust and transparency in financial transactions.

Taken together, these regulations reflect the EU’s broader goal: a modern, interoperable, and secure financial ecosystem that balances innovation, efficiency, and compliance. By preparing for these 2026 milestones now, institutions can meet regulatory obligations and seize opportunities to innovate and strengthen their competitive position in a rapidly evolving market.

Get up to speed with the latest regulations 2026

If you would like to explore how you could benefit from a payments provider that conforms to the latest upcoming regulations and uses the latest and most efficient payments infrastructure, get in touch with Brite’s payments experts today.

Get in touch banner mobile for EU payment regulations 2026
Get in touch banner or EU payment regulations 2026 desktop
Ready for results that make a difference?
Contact Sales
Brite AB

Linnégatan 5
114 47 Stockholm
Sweden

Consumer
Business
Company
Contact
Asterisk yellow

Brite AB (corporate identity number: 559116-1632) is a licensed Payment Institution under the supervision of the Swedish Financial Supervisory Authority (Finansinspektionen). Brite AB provides payment services under the Swedish Payment Services Act (2010:751) as well as the EU Directive 2015/2366 about payment services in the internal market (PSD2) and has, upon notification, the authority to provide payment services across EU/EES.

© 2025 Brite AB