Do you really need both PSD2 and MiCA licences? EBA issues no-action letter on interplay between payments and crypto-regulations

“No action letters” are a regulatory instrument which may be taken by authorities to discourage the enforcement of certain legal provisions, notably in case of a risk of contradiction with other potentially contradicting legal provisions. Popularised in the US as “forbearance powers”, these are a recent innovation in the EU, with the EBA and ESMA empowered with such power since a 2019 reform.

The EBA in particular may take such no action letter “only in exceptional circumstances” in case of conflict between legal provisions, lack of delegated or implementing acts raising doubts as to legal consequences of the application of said provisions, and lack of guidelines and recommendations entailing practical difficulties in their application. Simply put, these are for all practical purposes equivalent to opinions taken by the EBA.

The reaction of the EBA and ESMA originated from a letter of the European Commission in December 2024 considering the issuance of such no action letter given the internal differences within the Commission’s services and between national authorities on the overlap between MiCA and PSD2 when it comes to EMTs.

The Commission points out that EMTs are crypto-assets within MiCA but are also deemed to be e-money pursuant to art. 48(2) MiCA and hence would be within the scope of PSD2. Consequently, the provision of payment services with EMTs (such as for peer-to-peer payments) will need to be covered by a payment service provider (“PSP”) license under PSD2 – either held by the CASP or making use of another entity licensed as a PSP.

In addition to this potential overlap in regulatory supervision, the Commission also notes that EMTs may be used for trading purposes (exchanging EMTs for funds or for other crypto-assets) which would fall under the definition of a “payment transaction” under PSD2 even though there would be no intention from the CASP to offer any payment services.

Since these issues are to be dealt with the ongoing proposals for PSD3 and the PSR (currently under review by the Council), the Commission therefore envisages the adoption of a no action letter from the EBA on these issues in the meantime.

The EBA, reaffirming that in principle one activity should be governed exclusively by one text (sic), responded in the affirmative by issuing the Letter, whilst noting that – due to time constraints – it cannot take a position on all issues arising from the overlap between PSD2 and MiCA, but at least recognises the existence of such issues.

The transfer of EMTs offered and carried out by the CASP on behalf of their clients will be considered as a payment service, and hence fall within the scope of PSD2. The Letter however excludes the intermediation services for the purchase of any crypto assets with EMTs from the scope of PSD2.

If a dual license is required in for such EMT activity, the Letter does recommend a cumulation of the capital requirements (so that the requirements are added together, rather than the biggest threshold being taken as the only reference), but also a lower own funds requirement under Article 9(3) of PSD2. The Letter also advises not to prioritise enforcement of consumer protections under PSD2 (including those arising out of the SEPA Regulation – including therefore the instant payments requirements), as well as the PSD2 provisions on safeguarding assets and open banking.

The Letter foresees a grace period until 2 March 2026 in the form of de-prioritising enforcement of PSD2 provisions regarding security (including strong-customer authentication measures), as well as fraud reporting requirements. The scope of the Letter is furthermore limited to entities which would in theory need such dual license by 2 March 2026, in order to avoid CASPs discontinuing their activities due to the (sudden) clarification given by the EBA. In our view, this scope may be reviewed in the future depending on the advancements of the legislative process regarding PSD3 and PSR.

On a practical note, the Letter does recall national supervisory authorities to make use of information already at their disposal, in line with the ‘once only’ principle growing in importance in public administrations.

Custodial wallets allowing transfers of EMTs to and from third parties shall amount to a payment account under PSD2. This being said, the supervision thereof should not be prioritised by national supervisory authorities. The above considerations on the dual authorisations apply as well.

The Letter explicitly excludes the services of ‘exchange of crypto-assets for funds’ and ‘exchange of crypto-assets for other crypto-assets’ from the scope of PSD2. No licence is required for such services.

In terms of outlook, the EBA does explicitly state that the issue at hand involves the incompleteness of MiCA to offer sufficient protection to consumers, which justified the reference and applicability of PSD2 in addition thereto. However, due to the risks of confusion, market distortion, lower consumer protection standards, and regulatory arbitrage, the EBA urges the Commission to remedy these issues during the legislative process of PSD3 and PSR. In particular, one of the approaches proposed by the EBA would consist of MiCA re-producing, or cross referring to, the relevant requirements set out in the forthcoming PSD3 and PSR, so that these would not apply to CASPs, nor would an additional licence be required. It remains to be seen whether such approach will be followed or not, especially in light of the long-term objectives of the EU on competitiveness.

This article was published in the June 2025 edition of Agefi Luxembourg.