Learn how PSD2 relates to contractor payments, platform workflows, payment security, and business compliance considerations.
Important disclaimer: This article provides general information about PSD2 and its implications for contractor payment infrastructure. It reflects EU rules in force and proposals as of July 2026. It does not constitute legal, tax, or financial advice. For guidance specific to your business situation, consult a qualified legal or compliance professional.
Paying contractors across Europe involves more regulatory infrastructure than most businesses account for. PSD2 does not sit on your compliance checklist the same way DAC7 or IR35 does. It works differently. It regulates the payment providers your money moves through, not your contractor relationships directly.
That distinction matters. The infrastructure powering your contractor payments is entirely shaped by PSD2. Understanding where it applies, and where it stops, lets you build payment operations that are secure, predictable, and built on compliant rails.
PSD2 is the Revised Payment Services Directive, formally Directive (EU) 2015/2366. It entered into force on 12 January 2016, and EU member states were required to transpose it into national law by 13 January 2018. The directive covers the European Union and the European Economic Area, which includes Iceland, Norway, and Liechtenstein alongside all EU member states.
The primary targets of PSD2 are payment service providers: banks, e-money institutions, payment processors, and fintechs operating in the EU and EEA. These are the entities PSD2 directly regulates.
Three core objectives drive the directive. First, to level the playing field for payment services by opening access to providers beyond traditional banks. Second, to enable open banking through licensed third-party access to account data and payment initiation. Third, to improve payment security through mandatory Strong Customer Authentication for electronic transactions.
Your company, as a business paying contractors, is not PSD2’s primary regulatory target. You do not need a payment services license to pay contractors. You do not need to restructure your contractor relationships because of PSD2. What the directive does is reshape the infrastructure your payments travel through, and that has direct consequences for how you select, evaluate, and rely on contractor payment platforms.
Strong Customer Authentication (SCA) is PSD2’s core security mechanism for electronic payments. Payment service providers must verify transactions using at least two of three factors: something the payer knows (a PIN or password); something they have (a phone or hardware token); or something they are (a fingerprint or face ID).
When you initiate contractor payments through a banking platform or payment provider operating in the EU, SCA may apply to the authentication step. That means additional verification before a payment processes 3D Secure prompts for card payments, app-based confirmations for bank transfers, or SMS codes from your payment platform.
For corporate B2B payments, PSD2 includes an exemption. Payments made between two businesses using dedicated corporate payment instruments can be exempt from SCA. The scope of this exemption varies by member state, and whether it applies in practice depends on the issuing bank accepting the exemption request. Not all do, consistently.
When building contractor payment workflows at scale, confirm directly with your payment provider how SCA applies to your payment type and volume, and whether the B2B exemption is available for your instruments. Assuming the exemption applies without verification creates unnecessary friction later.
PSD2’s open banking framework requires banks to give licensed third-party providers access to account data and payment initiation, with customer consent. This enabled two categories of licensed provider: Account Information Service Providers (AISPs), which consolidate financial data across accounts, and Payment Initiation Service Providers (PISPs), which initiate payments directly from business bank accounts.
For contractor payments, the relevant development is PISPs. An open banking-enabled payment platform can initiate a payment directly from your business account to a contractor, without routing it through traditional bank transfer infrastructure. These are SEPA Credit Transfers, and they are final: no chargebacks, no reversals. The tradeoff is speed and cost PISP-initiated transfers often settle faster and at lower cost than conventional bank-to-bank payments.
Several contractor payment platforms built their infrastructure on the open banking framework PSD2 created. If you are evaluating payment infrastructure for contractor payouts in the EU, whether a platform uses PISP capabilities, and how that affects settlement timing and costs, is worth examining during due diligence.
PSD2 requires payment service providers to disclose payment conditions before and after each transaction. Fees, exchange rates, execution timelines, and complaint procedures must all be provided. As a business using payment services to pay contractors, you have the right to this information.
The current picture is imperfect. For credit transfers, PSD2’s exchange rate mark-up disclosure requirements have been inconsistently applied. Most providers across the EU do not proactively disclose the spread built into exchange rates for international transfers, particularly for non-card transactions. The European Banking Authority confirmed in 2023 that the mark-up requirement does not currently apply to credit transfers under PSD2, which explains the gap.
The incoming Payment Services Regulation, part of the PSD3 package covered below, addresses this directly. Currency conversion fees will be required to be disclosed as a percentage mark-up over the ECB’s official FX rate, shown before the transaction is initiated.
For now, when selecting a platform for cross-border contractor payments, ask your provider directly for the exchange rate methodology and any mark-up applied. You have the right to that information. Whether you receive it depends on the provider you choose.
For EU credit transfers within the SEPA zone, PSD2 mandates that the payment amount reaches the payee’s payment service provider by the end of the following business day after the payment order is received. Article 87(1) of PSD2 specifies that the credit value date for the payee’s account is no later than the business day on which the amount is credited to the payee’s payment service provider.
In practice, standard SEPA credit transfers settle same-day or by D+1, depending on the sending provider’s cut-off times. Payments initiated after a provider’s cut-off may be treated as received on the next business day. SEPA Instant transfers settle in under 10 seconds where supported.
For businesses paying contractors across the EU, this sets a reliable baseline. Contractors should receive funds within one business day of a properly initiated SEPA transfer. If your current provider takes longer, the issue is not PSD2’s framework it is your provider’s implementation.
For EU contractor payments, PSD2 compliance from your payment provider is a baseline requirement, not a differentiator. Every legitimate provider processing EU payments must be licensed or registered under PSD2 through their relevant national competent authority.
The European Banking Authority maintains a central register of authorized payment institutions and e-money institutions. National competent authorities update it at least once per day. Before committing to any platform for EU contractor payouts, you can verify its authorization status directly through the EBA’s register.
When evaluating a provider, check the following:
Compliance confusion around PSD2 is common. Businesses often overestimate how far the directive reaches into their own operations.
PSD2 does not require your business to obtain a payment services license. That obligation belongs to the payment provider you use. Your role as the payer does not trigger a licensing requirement under PSD2.
PSD2 does not require you to change how you structure contractor relationships. The directive regulates payment infrastructure. It has no bearing on employment classification, worker status, or the terms of your contractor agreements.
PSD2 does not replace your other contractor compliance obligations. DAC7 governs digital platform tax reporting. The EU Platform Work Directive addresses worker classification. W-8BEN and 1099 documentation, IR35 assessments in the UK, and VAT invoice requirements all continue to apply independently. PSD2 operates in parallel with these frameworks, not above them.
PSD2 does not apply to payments where both the payer and payee are outside the European Economic Area. Payments to contractors in non-EEA jurisdictions fall outside PSD2’s scope, though other regulations may apply depending on the territory.
PSD2 sits alongside several regulatory regimes that affect global contractor work. Understanding the boundaries prevents compliance confusion and helps you assign ownership correctly across your teams.
In practice, an EU-based contractor might be covered by PSD2-regulated payments, DAC7 income reporting, and national labour law simultaneously. When designing contractor payment infrastructure, map all applicable frameworks and assign ownership across finance, tax, and HR. Document which system or provider handles which piece this evidences due diligence if regulators ask.
PSD2 is not the end state for EU payment services regulation. The European Commission proposed PSD3 in June 2023. A provisional political agreement between the European Parliament and the Council of the EU was reached in November 2025. The Council published final compromise texts on 23 April 2026, according to a client alert by Morrison Foerster.
Publication in the EU Official Journal is anticipated for June or July 2026, though it may slip to September. The accompanying Payment Services Regulation (PSR) enters into application approximately 21 months after its entry into force. For most businesses, the new regime will take effect in late 2027.
The structural shift is significant. PSD3 is a directive requiring national transposition. The PSR is directly applicable regulation: conduct rules will apply uniformly across all EU member states without the variation that defined PSD2 implementation. The fragmentation that allowed different member states to interpret identical rules differently ends with the PSR.
Three PSD3 changes are directly relevant to contractor payment operations:
As of July 2026, PSD3 and the PSR are not yet in force. Businesses that rely heavily on EU payment infrastructure should monitor legislative developments through qualified advisors and begin assessing how their current payment providers will adapt.
When a business uses an Agent of Record platform for contractor payments, the PSD2-regulated layer of the payment sits with the AOR, not with the business.
The AOR is the licensed payment service provider. It handles SCA requirements, executes payments within the SEPA D+1 framework, and provides the PSD2-required payment condition information. The business’s role is straightforward: pay the AOR. The regulated payment infrastructure is the AOR’s responsibility.
This is one of the practical advantages of the Agent of Record model for businesses paying contractors across the EU. You are not monitoring PSD2 licensing compliance across multiple contractor payment platforms. You work through one regulated entity that carries the compliance obligations the infrastructure requires.
Ruul operates as a PSD2-regulated payment platform. Businesses using Ruul’s Agent of Record model benefit from compliant EU payment infrastructure including SCA-compliant payment flows, D+1 SEPA execution, and clear fee disclosure without managing licensing verification directly. Contractors can invoice without a registered company entity, and payouts are processed within one business day after client payment. Transaction records are centralised and exportable for tax readiness and audit purposes. See how Ruul handles contractor invoicing and payments at ruul.io/invoice-clients.
Use this checklist to assess whether your current contractor payment flows align with PSD2 requirements:
Even if your business is registered outside the EU or EEA, PSD2 affects your payments whenever the banks or payment providers involved are located in the EU or EEA. You do not need your own PSD2 license, but you need to work with PSD2-compliant providers and be prepared for SCA and other security requirements on those payments. The EBA and national competent authorities oversee the licensed providers you rely on.
Many PSD2 safeguards including fee transparency and protection against unauthorised transactions apply to both consumer and business payment service users. However, some protections, such as the unconditional 8-week refund right for direct debits, can differ for corporate accounts. Review your provider’s terms to understand exactly which protections cover business-initiated outbound transfers to contractors.
PSD2 primarily covers payment services based on funds held in bank accounts or e-money, so pure on-chain crypto transfers may fall outside its scope. However, fiat on-ramps and off-ramps used to convert between crypto and traditional currency are generally regulated as payment services. If you want to pay contractors with digital assets, treat this as a separate compliance topic and check applicable local financial regulation beyond PSD2.
Some recurring and merchant-initiated transactions may benefit from SCA exemptions, but the final decision rests with the payment service provider and issuing bank. Discuss batch or scheduled payout options with your provider to understand what exemptions are available for your specific payment type and volume.
PSD2 is the current framework. PSD3 and the PSR are its replacement, currently finalised at the EU level but not yet in force. The new regime is expected to apply from late 2027. You do not need to change anything now, but businesses with significant EU payment volume should begin tracking how their providers plan to adapt particularly on IBAN/name verification and FX disclosure requirements.