Skip to main content

Index

Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (Text with EEA relevance)

Source : EU law
Code/RS : 2015/2366
  • Abbreviation :

    PSDII

  • Provision :

    Art. 67

  • Short description :

    Rules on access to and use of payment account information in the case of account information services

  • Nature of the provision :

    Obligation to share data with data recipients

  • Status :

    In force

  • Sector :

    Finance

Legal text :

1. Member States shall ensure that a payment service user has the right to make use of services enabling access to account information as referred to in point (8) of Annex I. That right shall not apply where the payment account is not accessible online. 2. The account information service provider shall: (a) provide services only where based on the payment service user’s explicit consent; (b) ensure that the personalised security credentials of the payment service user are not, with the exception of the user and the issuer of the personalised security credentials, accessible to other parties and that when they are transmitted by the account information service provider, this is done through safe and efficient channels; (c) for each communication session, identify itself towards the account servicing payment service provider(s) of the payment service user and securely communicate with the account servicing payment service provider(s) and the payment service user, in accordance with point (d) of Article 98(1); (d) access only the information from designated payment accounts and associated payment transactions; (e) not request sensitive payment data linked to the payment accounts; (f) not use, access or store any data for purposes other than for performing the account information service explicitly requested by the payment service user, in accordance with data protection rules. 3. In relation to payment accounts, the account servicing payment service provider shall: (a) communicate securely with the account information service providers in accordance with point (d) of Article 98(1); and (b) treat data requests transmitted through the services of an account information service provider without any discrimination for other than objective reasons. 4. The provision of account information services shall not be dependent on the existence of a contractual relationship between the account information service providers and the account servicing payment service providers for that purpose.

Actor with an obligation to share data

The account servicing payment service provider (e.g., the bank holding the user's account): shall provide all necessary information required for the provision of services.

Beneficiaries

The account information service provider: receives and utilizes the information provided by the account servicing payment service provider to perform its services.

Linking criteria for Switzerland

Linking criteria for Switzerland

Financial aspects

Remuneration may be required.The account servicing payment service provider may pass on transaction-related costs to the account information service provider (free of charge for the user/customer).

Binding and/or enforceable

Binding obligation; enforceable right

Conditions for accessing data

The account accessed by the account information service provider must be online. The user must explicitly consent to access to the information.

Exceptions and limitations

Refer to regulatory standards provided in paragraphs 2 and 3 regarding data retention restrictions and secure communication obligations (e.g., prohibition of data storage, ensuring secure transmission channels).

Dynamic and static data

Format

via API interfaces (Application Programming Interface) Note: "Secure and efficient channels", "in a secure manner". See Commission Delegated Regulation (EU) 2018/389 supplementing Directive (EU) 2015/2366 (RTS, Regulatory Technical Standards), setting out the requirements with which payment service providers must comply in order to implement security measures.

Plateform

n/a

Actor with an obligation to share data The account servicing payment service provider (e.g., the bank holding the user's account): shall provide all necessary information required for the provision of services.

Beneficiaries The account information service provider: receives and utilizes the information provided by the account servicing payment service provider to perform its services.

Linking criteria for Switzerland Cf. Article 2 PSDII: This Directive applies to payment services provided within the Union. Titles III and IV apply to payment transactions denominated in a currency of a Member State, where both the payer’s and payee’s payment service providers are located within the Union, or where the sole payment service provider involved in the payment transaction is located within the Union. [...] Title IV, with the exception of Articles 81 to 86, applies to payment transactions denominated in a currency other than that of a Member State, provided both the payer’s and payee’s payment service providers are located within the Union, or the sole payment service provider involved in the transaction is located within the Union, with regard to those parts of the payment transaction carried out within the Union. [...] Title IV, except for Article 62 (paragraphs 2 and 4), Articles 76, 77 and 81, Article 83 (paragraph 1), and Articles 89 and 92, applies to payment transactions in all currencies when only one of the payment service providers is located within the Union, with regard to those parts of the payment transaction carried out within the Union.

Financial aspects Remuneration may be required.The account servicing payment service provider may pass on transaction-related costs to the account information service provider (free of charge for the user/customer).

Binding and/or enforceable Binding obligation; enforceable right

Conditions for accessing data The account accessed by the account information service provider must be online. The user must explicitly consent to access to the information.

Exceptions and limitations Refer to regulatory standards provided in paragraphs 2 and 3 regarding data retention restrictions and secure communication obligations (e.g., prohibition of data storage, ensuring secure transmission channels).

Time component Dynamic and static data

Format via API interfaces (Application Programming Interface) Note: "Secure and efficient channels", "in a secure manner". See Commission Delegated Regulation (EU) 2018/389 supplementing Directive (EU) 2015/2366 (RTS, Regulatory Technical Standards), setting out the requirements with which payment service providers must comply in order to implement security measures.

Plateform n/a

Compilation and Disclaimer

This index was prepared on behalf of the IPI by the law firm id est avocats Sàrl (for the section on Swiss law) and the law firm Pierstone (for the section on European law). 

This index does not constitute legal advice, and no guarantee is given regarding its completeness. 

Neither id est avocats Sàrl, nor Pierstone, nor the IPI or the FDJP can be held liable for any decisions or actions taken on the basis of this index.