At a glance:

• In 2026, new and updated EU regulations reshape fintech across payments, data, AI, credit, cybersecurity, AML, invoicing, and crypto. 
• The nine key EU fintech regulations in 2026 are: PSD3/PSR, IPR, FiDA, CCD2, DORA, AML, the EU AI Act, MiCA, and national e-invoicing mandates.
• They raise compliance standards, harmonize rules across Europe, boost instant payments and Open Finance, and create a clear advantage for fintechs that prepare early.

The European fintech rulebook continues to evolve. Building on the regulatory shifts we covered in our 2025 edition, the pace of change is accelerating as the EU rolls out new and updated legal frameworks once more.

In 2026 and beyond, these EU fintech regulations will shape how payments and financial data are managed. For fintechs operating in Europe, this creates increasing pressure and real opportunities. Those who move early can stay aligned with regulatory expectations, reduce risk, and secure a competitive leadership position rather than scrambling to catch up later.

1. PSD3 & PSR

Purpose

The Payment Services Regulation (PSR) and the Third Payment Services Directive (PSD3) aim to bring greater harmony to EU payment services and strengthen the existing Open Banking framework. Six main goals are at the heart of these regulations:

• To reinforce the fight against fraud (information sharing, transaction blocking, etc.) in order to protect customers from fraud and impose responsibility for customers’ financial losses on the PSPs that fail to implement proper fraud prevention mechanisms. 
• To reinforce consumer rights: provide better information, such as transparency to customers regarding charges prior to payment initiation, and reinforce clarification of reimbursement cases. To require all PSPs to participate in alternative dispute resolution processes according to the customer’s preference and choice. 
• To improve competition and establish an enhanced but level playing field between banks and non-bank payment service providers.
• Reinforce Open Banking with fewer obstacles and improve API quality
• To simplify authorization procedures for payment institutions and harmonize rules across Europe.
• To ensure better access to cash, particularly in remote and rural areas. 

Key updates

The EU Parliament and Council negotiators agreed on the terms and requirements of PSD3 and PSR on 27 November 2025. Both regulations are expected to enter into force between the end of Q1 and the beginning of Q2 2026, with a 21-month transition period after the official enforcement date. 

What this means for fintechs 

Payment service providers must strengthen their fraud prevention protections, especially for online fraud and data misuse. Providers must also offer a higher level of fee and charge transparency. 

2. Instant Payments Regulation (IPR)

Purpose

The Instant Payments Regulation (IPR) makes instant payments a more universally available and accessible service for consumers. It mandates that:

• Payment service providers offering services to send and receive credit transfers must include instant credit transfers as an option.
• Charges for sending and receiving instant credit transfers must not be higher than charges for other types of credit transfers of a corresponding type.
• PSPs must offer payers a service for verifying payees to whom they plan to send a credit transfer, with this rule applying to both standard and instant credit transfers.
• PSPs offering instant credit transfers must verify (on a daily basis at a minimum) if any of their payment service users are persons or entities subject to targeted financial restrictive measures. 

Key updates

Though the IPR has been in effect since 2024, the real impact started in 2025, leading into 2026. EU payment service providers must have the capability to receive instant payments as of 9 January 2025. As of October 2025, PSPs must have the infrastructure in place to send instant payments. Additionally, the Verification of Payee (VoP) scheme rulebook entered into force in October 2025.

What this means for fintechs

Entering 2026, near-instantaneous payments are becoming the new norm across Europe, with many banks and PSPs already allowing users to send them for free. The digital economy is thus receiving new support, allowing it to become faster, more secure, and capable of providing more accessible payment options. From a business standpoint, the key is to ensure all payment processes and PSPs comply with real-time IPR standards. 

3. FiDA

Purpose

First proposed by the European Commission in 2023, the Financial Data Access Regulation (FiDA) is the EU’s initiative to move from Open Banking to Open Finance. Its objective is to give individuals and businesses greater control over their financial data, while enabling new financial services, competition, and innovation across the EU.

FiDA expands consent-based access to financial data beyond payments, which were opened up by PSD2. It establishes a clear regulatory framework for responsible data sharing across the financial sector with legal obligations for financial institutions around consent management, data governance, security, and liability.

In practice, FiDA is designed to unlock a much broader range of financial information, including data on:

• Savings and deposit accounts
• Investments and wealth portfolios
• Loans and credit products
• Insurance policies
• Pension and retirement data

Key updates

As of October 2025, the proposal appeared in Annex III, Pending proposals of a Commission document, but since early 2026, trilogue negotiations have temporarily halted. Nonetheless, this year should be a preparatory year, with a potential implementation date expected in 2027.

What this means for fintechs

While FiDA remains in the proposal phase, now is the time for financial institutions and fintechs to start planning for compliance and technical integration of the regulation. It also enables established and emerging fintechs to roll out more holistic and personalized products, improve credit risk assessment and underwriting, and tap into markets that were previously constrained by incumbents’ control over customer financial data.

4. E-invoicing Mandates in France and Spain

Purpose

Across Europe and specifically within France and Spain, the e-Invoicing Mandate aims to improve business transaction efficiency, reduce administrative costs, and improve VAT compliance. Implemented via the ViDA (VAT in the Digital Age) initiative, the mandate also helps to further the EU-wide initiative to embrace digital payments and invoicing processes.

Key updates

On 19 November 2025, the EU announced its plans to carry out consultations regarding revisions to EU e-Invoicing rules. These consultations aim to improve the harmonization and interoperability of e-invoicing. Other goals include streamlining processes and reducing cross-border administrative burdens.

While the first EU-wide deadlines of ViDA will only start to kick in progressively in a couple of years, member states are already moving ahead, albeit at different speeds. Italy is in the lead, having already established mandatory e-invoicing for B2B and B2C since 2019. Belgium and Latvia have introduced mandatory B2B e-invoicing as of 1 January 2026.

As for France, large and medium enterprises must issue e-invoices by September 2026, with SMEs following suit in September 2027. All French businesses must accept e-invoices in 2026. 

Meanwhile, the Spanish government announced at the end of 2025 its plans to delay implementation of Verifactu, the new Spanish electronic invoicing regulations, until 2027. As of January 2026, Verifactu is expected to come into effect on 1 January 2027 for those paying corporate income tax, and on 1 July 2027 for everyone else. 

What this means for fintechs

National e-invoicing mandates reflect a broader trend in the EU to require e-invoicing for cross-border transactions by 2030. The EU’s adoption of the ViDA package in March 2025 furthered the progress of the e-invoicing initiative. 

As of January 2026, French and Spanish requirements are well ahead of the 2030 deadline, positioning businesses in these countries to benefit early from the efficiency gains of digital invoicing and to ensure early compliance with EU-wide standards. 

Read more: All About the B2B E-Invoicing Mandate in France: A Complete Guide

5. CCD2

Purpose

The Consumer Credit Directive 2 (CCD2) modernizes credit rules to expand consumer protections and bring newer digital products under its wing, such as Buy Now, Pay Later solutions. 

Key updates

Member States were required to transpose CCD2 into national law by 20 November 2025, with full compliance by 20 November 2026, according to the regulation document. Throughout 2026, European lenders will need to implement the new standards according to their specific country’s laws and deadlines. All consumer credit providers will be expected to operate under CCD2 by late 2026.

France transposed CCD2 into law via Ordinance No. 2025-880 in September 2025. 

Meanwhile, Spain has some catching up to do, as it is the last EU Member State that has yet to transpose CCD2 into law. On 6 January 2026, the Spanish government at least took a first step by approving a first draft of a new consumer credit bill, which is open for public review until the end of the same month. In the current form, the regulation would bring significant changes to the consumer lending industry, such as:

• Strict compliance and supervision requirements.
• Caps on management fees and interest rates.
• Prohibition of balloon payments (repayment will have to be spread over a minimum of three monthly installments).

What this means for fintechs

Lenders selling microloans, high-cost loans, or BNPL in the EU will now face strict regulations and may have to rethink their business models. In Spain, pricing caps mean that improving underwriting accuracy, risk segmentation, and operational efficiency becomes key to protecting profitability. For French lenders, success depends on embedding affordability checks, transparency, and compliant UX directly into product design. Across both markets, fintechs that invest in strong data capabilities, responsible credit decisioning, and regulatory credibility will be best positioned to scale sustainably.

Read more: How CCD2 Impacts BNPL Providers

6. DORA

Purpose

The EU’s Digital Operational Resilience Act (DORA) strengthens the financial sector’s digital defenses. Entered into force in January 2025, DORA makes sure financial institutions can adequately withstand, respond to, and recover from cyber attacks and other ICT disruptions. DORA, in conjunction with NIS2, is a solid step forward in protecting European interests and sovereignty.

Key updates

In the first year of DORA becoming an official regulation, regulators focused more on education and remediation over imposing headline penalties. As we move further into 2026, however, firms should start expecting increased audits and enforcement actions for significant lapses. 

What this means for fintechs

The DORA enforcement era has officially begun and will only continue to intensify in 2026. In France and Spain, regulators are actively engaging firms through updated guidelines and IT examinations. 

The focus of the next two years is on embedding these practices within day-to-day operations. Fintechs can expect advanced penetration tests and refined oversight of critical service providers. If a firm has yet to achieve DORA compliance, this is a top priority for 2026. 

Read more: DORA Regulation: How We Implement It at Powens

7. EU AML Framework

Purpose

In 2024, the EU approved a sweeping overhaul of its anti-money laundering (AML) and counter-terrorism financing rules. The region recognized that fragmented national approaches were insufficient for modern risks, and instead aimed to achieve EU-wide cooperation on AML regulations and practices.

Key updates

On 26 June 2024, the new EU AML/CFT package established a first-of-its-kind European Anti-Money Laundering Authority (AMLA) that aims to provide a single rulebook. It tightens oversight, expands the scope of obligations to new sectors (including fintech and crypto), and ensures consistent high standards of due diligence and reporting across all EU member states. The AMLA has already started the majority of its work and expects to reach full operations, including supervision of around 40 high-risk financial entities, by 2028.

What this means for fintechs

AML compliance is entering a new era of intensity in 2026 and beyond for fintech firms, payment service providers, and non-financial players. Fintechs should prepare for updated AML regulations. Moreover, firms that may be classified as high-risk entities will also need to plan for potentially increased supervision by the AMLA.

8. EU AI Act

Purpose

The AI Act is Europe’s response to the increasing usage of AI across all digital sectors, intending to establish a global standard for how AI can capture and analyze data. It assigns AI to three risk categories: 

1. Applications and systems that create unacceptable risk, such as government-run social scoring.
2. High-risk applications, such as CV-scanning tools.
3. Unregulated applications that are not explicitly banned or labeled high-risk.

Key updates

Core requirements for high-risk AI applications become applicable on 2 August 2026. For fintech and financial services, this August 2026 deadline covers AI used in areas like credit scoring, certain insurance underwriting processes, and biometric identification procedures.

What this means for fintechs

Fintechs using AI applications must complete required conformity assessments, documentation, and risk controls so that, from August onward, those AI systems can legally remain on the EU market. 

9. MiCA

Purpose

The Markets in Crypto-Assets Regulation (MiCA) is the European Union’s framework for crypto-asset service providers (CASPs) and how they operate. MiCA entered into application for all EU countries in 2024, with a transitional period ending in June 2026 for CASPs. 

Key updates

By mid-2026, Europe’s crypto-asset sector will operate under a single, rigorous regulatory framework. MiCA includes a grandfathering transitional period up to 1 July 2026 for existing providers in several Member States. 

What this means for fintechs

Some countries chose shorter windows for MiCA compliance. Spain, for example, opted for a 12-month transition, requiring crypto firms to be licensed by the end of 2025. France, on the other hand, allowed firms to have the full 18-month transition period, giving French providers until mid-2026.

Fintech diamonds can’t form without regulatory pressure

Europe’s regulatory acceleration doesn’t leave fintechs much room for improvisation. 

The nine regulations discussed here demand stronger controls and real-time capabilities, all while maintaining demonstrable compliance.

At Powens, we help you turn regulatory pressures into competitive advantages.

Our Open Finance solutions are built for compliance. From financial data aggregation and enrichment that support creditworthiness checks under CCD2 and data access obligations under FiDA, to payment solutions (SEPA instant transfers, SEPA Direct Debit, and Pay by Bank) and verification flows aligned with IPR and PSD3 requirements, compliance is embedded into Powens’ core architecture. For ERP and accounting platforms, Powens enables automated reconciliation and payment flows that directly support French and Spanish e-invoicing mandates.

Beyond individual regulations, our platform is designed to meet the operational resilience and governance expectations set by DORA. With our help, you can move faster and turn regulatory expectations into a foundation for trust and growth.

Talk to our team now to get started.