The European Commission's Payment Services Directive 3, published alongside the Payment Services Regulation (PSR), represents the most significant reform of EU payment services legislation since PSD2. While much of the commentary has focused on open banking provisions and fraud liability, the changes to client fund safeguarding are the most operationally consequential for platforms holding customer money. PSD3 requires relevant funds to go directly into a safeguarding account at receipt. No commingling. No later segregation.
On 27 November 2025, the European Parliament and Council reached a provisional political agreement on PSD3 and PSR. Formal adoption is expected in the first half of 2026, with an 18 to 21-month transition period before compliance becomes mandatory. That places full compliance in the second half of 2027 or early 2028. Combined with the UK's parallel reforms under PS25/12 and the US GENIUS Act, the direction is globally consistent: client funds must be structurally segregated.
What PSD3 changes for safeguarding
PSD3 consolidates PSD2 and the revised Electronic Money Directive (EMD2) into a single licensing and supervisory framework for payment institutions. The European Commission's legislative package goes beyond the current regime in several specific areas. Most significantly, the PSR is directly applicable EU regulation, removing the variation that previously existed across member state implementations of PSD2 and ensuring uniform standards across the bloc.
Segregation at receipt means funds must enter a safeguarding account the moment the institution has an entitlement to them. PSD3 eliminates the current practice of receiving funds into operational accounts and subsequently transferring them into safeguarding. Client funds must never, at any point, be commingled with the institution's own funds. The directive also permits payment institutions to safeguard client funds directly with central banks, where the relevant central bank allows it.
The re-licensing requirements add operational urgency. Existing payment institution licenses remain valid for a maximum of 30 months, but firms must submit new applications under the PSD3 framework within that window. As A&O Shearman's regulatory outlook notes, firms need to prepare well in advance for the structural changes to payment flows, safeguarding arrangements, and licensing status. This is not a simple compliance update. It is an infrastructure overhaul.
Two parallel regimes for cross-border firms
For platforms operating in both the UK and EU, the challenge is satisfying two safeguarding regimes simultaneously. The approaches share the same objective, structural protection of client funds, but differ in mechanism. The UK is moving toward a statutory trust framework for safeguarded funds, building on the FCA's existing Client Assets Sourcebook (CASS) approach. The Supplementary Regime, effective May 2026, introduces daily reconciliation, resolution packs, and audit requirements as interim measures.
The EU avoids trust concepts, relying instead on strict segregation and regulatory oversight. PSD3's segregation-at-receipt requirement establishes a structural prohibition on commingling. Proskauer's comparative analysis notes that cross-border firms will need to design frameworks capable of satisfying both approaches simultaneously. Payment flows may need restructuring so that funds are received directly into safeguarding accounts in the EU, while UK operations prepare for the statutory trust overlay.
MiCA adds a third dimension for firms involved in e-money tokens, which must be safeguarded under MiCA rather than PSD3. Platforms that issue or hold e-money tokens alongside traditional payment services will need to manage separate safeguarding regimes for each. The compliance architecture for a cross-border platform operating in the UK and EU, handling both fiat and tokenised assets, is now a multi-regime problem that demands unified infrastructure.
The infrastructure response
Platforms that currently hold client funds in pooled accounts face the most significant adjustment. Pooled structures, where a single bank account holds funds for multiple clients tracked by an internal ledger, are fundamentally at odds with the segregation-at-receipt requirement. If funds enter an operational account before being transferred to safeguarding, the commingling has already occurred, regardless of how quickly the transfer happens. The architecture itself must prevent commingling, not the process layered on top of it.
Named account structures, where each client's funds enter a distinct named custody account at the point of receipt, satisfy the segregation requirement by design. The funds are never commingled because the account structure prevents it. The reconciliation question simplifies from "does our ledger match the bank's aggregate balance" to "does each named account hold the correct amount." The compliance burden shifts from process to architecture.
For platforms operating across the UK and EU simultaneously, a custody architecture that provides structural segregation satisfies both regimes. The named account is both a trust asset under UK law and a segregated safeguarding account under EU regulation. One infrastructure decision addresses both. Platforms that build for the stricter of the two requirements will automatically comply with both, avoiding the cost of maintaining separate custody architectures for each jurisdiction.
Preparing for 2027
The preparation timeline starts now. Any payment flow where client funds touch an operational account before reaching a safeguarding account will need restructuring. Platforms should map their current fund flows against the segregation-at-receipt requirement and identify where commingling occurs, even briefly. The re-licensing process adds a parallel workstream that requires attention before the 30-month window from formal adoption expires.
Platforms that implement cash management infrastructure satisfying the stricter of the UK and EU regimes will automatically comply with both. The Lexology global payments analysis notes that 2026 will see significant regulatory activity around PSD3 implementation, including EPC standard updates, AMLA preparation for direct supervision, and ongoing national-level implementation work. Platforms that wait for final rules before beginning infrastructure changes will find themselves under time pressure.
Lorum provides custody and multi-currency clearing infrastructure that meets the segregation requirements of both the UK and EU regimes. Structural segregation by design, not process, across 30+ markets through a single integration. The preparation window for PSD3 compliance is narrowing. The infrastructure decisions platforms make in 2026 will determine their regulatory posture for years to come.
