Card Payment Sweden Newsletter (international) Q4/22

Read the newsletter as PDF



On 18 October, the European Commission published its 2023 Work Programme listing upcoming legislation planned for next year. The programme includes several proposals concerning payments. Namely, the Commission confirmed the revision of the Second Payment Services Directive (PSD2) for the second quarter of 2023, which will be accompanied by a proposal on open finance aimed at improving data access in financial services.  The Commission will also propose legislation laying out the principles for the digital euro and a proposal to determine whether the digital euro should be granted legal tender status like cash or not, in Q2 of next year, rather than Q1 as initially planned.  



The Swedish government published the political direction of its Presidency on 18 October, summarized in five headlines: 1) create security for EU citizens and strengthen the EU’s role in the world; 2) stop organised crime; 3) accelerate transformation to avoid climate change; 4) strengthen the EU’s competitiveness for the jobs of the future; 5) and guard the Union’s fundamental values. Other priority issues mentioned were the continued assistance to Ukraine, a targeted focus on the looming economic recession and energy crisis, migration, rule of law, possible Treaty change, and EU enlargement. During Sweden’s EU Presidency, approximately 150 EU meetings are expected to be held in the country. A list of planned meetings is available on the government’s website. At an event on 24 November, Lars Danielsson, Ambassador and Permanent Representative of Sweden to the EU, discussed how the Swedish Presidency intends to stick to the role of the “honest broker”, trying to facilitate agreements on the current files. Danielsson confirmed the detailed programme for the Swedish Presidency will be published on 14 December.



On 26 October, the European Commission published a proposal for a regulation on instant payments. The proposal would oblige banks and other payment service providers to offer instant transfers in euros and not charge more for instant transfers than for non-instant ones. The application of the rules will be staggered, depending on whether the payment provider is in or outside the eurozone. Payment service providers in the eurozone will have to ensure users can receive instant payments 6 months after the regulation enters into force and 12 months for sending instant payments. Outside the eurozone, the timeframe for implementation is set for 30 and 36 months, respectively. To address the risks of fraud, all payment providers will have to offer a voluntary service checking that the payee’s international bank account number matches their name and notifying the user if there are any discrepancies. Furthermore, payment providers will have to “follow a harmonised approach” on sanctions screening. The draft legislation will now move to the Council and Parliament. The Council held its first discussions on the file on 11 November to exchange views. In the Parliament, the ECON Committee will lead while the IMCO Committee decided not to give an opinion.

CPS acknowledges the European Commission proposal for a regulation on instant payments in euros published on 26 October 2022. You can find our statement here.

The uptake of instant payments could enable more competition in the area of payments for consumers and merchants where today established payment solutions exist for certain transactions like payments for online or physical shopping and peer-to-peer (P2P) payments. For consumers in particular, the choice of payment instruments would be expanded with new alternatives to cash and debit card transactions.

However, the investment and development required from payment providers to create a new means of payment at point of interaction for all the different use cases is substantial. Given this, the proposed price cap risks instead undermining the objectives.

Finally, targeted consumer protection is vital. If or when instant payments are available to consumers for online shopping, the same rights protecting users as those offered by card payments should apply. For instance, the proposal should provide measures to allow consumers to dispute unauthorised payment transactions (fraudulent payments) and when the goods or service are not delivered or are damaged/faulty.



At the European Payment Institutions Federation Annual Conference on 15 November, Céu Pereira, team leader on retail payments in the European Commission’s Directorate General for Financial Stability (DG FISMA), said the list of financial actors that have direct access to payment systems may be expanded as part of the PSD2 review. This could include fintechs and other non-bank entities involved in payments, which are currently excluded under the Settlement Finality Directive (SFD). While the SFD is not up for review, the Commission views the PSD2 update as the right avenue to make these changes. The Commission also confirmed the PSD2 update would be proposed towards the second half of Q2 next year.


During the same conference, José Manuel Campa, Chairperson of the European Bank Authority, stressed that the review of PSD2 is an opportunity to ensure further harmonisation of the payments market and avoid regulatory arbitrage and an unlevel-playing field. He argued that one of the EBA’s priorities is to set a much clearer regulatory approach in terms of the applicable requirements to the transactions not subject to strong customer authentication (SCA) given the industry struggled with the interpretation of the requirements for some of the transactions falling outside the scope of SCA.



The European Commission’s Directorate General for Competition (DG COMP) has awarded a contract for a “Study on New Developments in Card-based Payment Markets, Including as Regards Relevant Aspects of the Application of the Interchange Fee Regulation”. The study will be undertaken by Valdani, Vicari e Associati (VVA), a Brussels-based Italian market research and consultancy group, and the Rotterdam-based Global Data Collection Company (GDCC) which provides international telephonic fieldwork services to leading market research and consultancy agencies. The contract was awarded on 17 October 2022 and will run fora a duration of 12 months.



 On 15 September 2022, the European Commission published its proposal for a regulation on cybersecurity requirements for products with digital elements (Cyber Resilience Act). The regulation applies to almost all “products with digital elements” the use of which “includes a direct or indirect logical or physical data connection to a device or network” and is set to cover software and hardware used for payments. Additional stricter requirements are introduced for critical products, divided into two groups: (1) Class I: identity management systems, browsers, password managers, antiviruses, firewalls, virtual private networks (VPNs) and (2) Class II: operating systems for desktop and mobile devices, virtualised operating systems, digital certificate issuers, general purpose microprocessors, smartcard and smartcard readers, robotic sensors, smart meters and all Internet of Things (IoT) products. Under the rules, manufacturers of covered products and software would be required to perform conformity assessments following an internal procedure or an EU-type examination.

CPS has published a statement in response to the European Commission proposal for a regulation on Cybersecurity requirements for products with digital elements.

While CPS supports the Commission’s efforts to enhance cyber security and target vulnerabilities, we strongly believe the requirements should be better aligned with global established security standards and processes applied to payments infrastructure.

All current card payment infrastructures have common security and interoperability requirements. These requirements are vast and already cover the systems used by payment service providers (PSPs) offering card payments, since these systems are connected to payment accounts and banking channels. Overlapping regulation would add extra development costs for card payment service users, initially for merchants, and would eventually end up in a potential increase in retail prices for consumers.

We therefore urge regulators to reconsider whether new and costly cyber security requirements are needed in the payments sphere. Card payments in particular are already covered by several international standards ensuring a high level of cyber security. In addition, given the global nature of the payment environment, it is vital that there are uniform global standards.



The European Parliament adopted its Report on the Alternative Fuels Infrastructure Regulation (AFIR) on 19 October, paving the way for interinstitutional negotiations (trilogues) with the Council. A first trilogue was held on 27 October to exchange stances. A second trilogue is planned for 13 December. The negotiations on the final text are expected to continue throughout 2023 under the Swedish Presidency.

As stated in our position paper on AFIR, CPS welcomes the Parliament’s Report, which would make charge points accessible and user-friendly by ensuring that users always have the option to pay with their payment card. We believe the Commission and Council’s approach to payments at EV charge points risks undermining the objectives of the AFIR proposal by reducing the accessibility of charge points.



The Digital Markets Act (DMA) entered into force on 1 November. The Commission’s designation of gatekeeper platforms subject to the rules is expected to take place in mid-2023 before compliance will be enforced around March 2024. Of relevance to payments, gatekeepers will be prevented from bundling services together and will no longer be able to require app developers to use certain services, including payment systems or identity providers, in order to be listed in app stores. Designated gatekeepers will also have to allow app developers fair access to the supplementary functionalities of smartphones, including contactless payment technology like the NFC chip. To facilitate the enforcement of the DMA, the European Commission is in the process of setting up a high-level working group in the coming months, to be formed by national EU competition regulators and tasked with advising the Commission on DMA enforcement.



On 7 November, a high-level conference jointly held by the Commission and the ECB dedicated to the digital euro took place in Brussels. During the conference, ECB President Lagarde outlined the latest thinking of the ECB on the digital euro, focusing on privacy and the legal tender status. Fabio Panetta, Member of the ECB Executive Board, suggested anonymous payments via the digital euro could be restricted to €50 with a maximum volume of transactions within a certain period. In parallel, German Finance Minister Christian Lindner called on decision-makers to adopt rules for a digital euro that citizens would be comfortable with, rather than policy-makers. Commissioners Dombrovskis and McGuinness both highlighted that a digital euro was inevitable, but they did not yet have all the answers and that further political and stakeholder engagement was needed. In the coming months, the Commission is expected to hold a series of roundtables – together with Commissioners McGuinness, Gentiloni and Breton. In a speech at the Banque de France Conference on 27 September, Finance Commissioner McGuinness revealed that all respondents to the EU’s consultation on the topic agreed that people-to-people and offline payments would add the most value for users, mirroring cash payments.

Also in attendance at the conference, Eurogroup chair Paschal Donohoe said Eurozone finance ministers expect to reach consensus on the features and design of a future digital euro by early 2023. The group of national finance ministers aims to agree on “the key issues” to share with the Commission and ECB at its December or January meeting. By the end of the investigation phase in autumn 2023, the ECB’s Governing Council is set to decide whether to launch a realisation phase on a digital euro, which would take another three years.



Appearing before the Parliament’s ECON committee on 29 September, the European Central Bank Executive Board member Fabio Panetta said a digital euro should be developed under a single standard which would create a “specific brand.” The ECB also rejected criticism from some Members of the European Parliament and stakeholders of its choices of companies to include in a joint prototyping of user interfaces for a digital euro, which include the European Payment Initiative (EPI) and Amazon.



ECB staffers published a paper reflecting on the economics of a digital euro. The paper looked at how it could make savings accounts more attractive and help policymakers battle inflation. The ECB is looking to address banks’ concerns that the digital euro would mean savers leaving money in the hands of the ECB instead of with banks. At the same time, the report argued that banks could “respond by raising interest rates” to make deposits more attractive to mitigate this risk. The paper also claims the digital euro could help ensure central bank policy rates are passed on to savers by increasing competition in deposit markets, pointing out that banks have been slow to translate rate hikes into more attractive deposit offerings.



A statement on the digital euro drafted by the European Data Protection Board (EDPB) published on 10 October asserts that the distinctive value proposal for a digital euro in an already highly competitive and efficient payment landscape would be its high level of privacy. For this reason, a digital euro should be designed as close as possible to physical cash. The EDPB also recommended, both for offline and online modalities, a “privacy threshold” expressed as a value of transaction under which no tracing of the transactions may occur.



SWIFT declared that it’s ready to incorporate central bank digital currencies (CBDCs) and tokenised financial assets into its service. The company made the announcement after it finalised an experiment successfully completing cross-border transactions between different central bank digital currencies, as well as those between traditional forms of currencies and their digitalised equivalents.



 The ECB published results of its first survey on the usage of cash among companies – which was undertaken in 2021. It does not just cover use of cash and shows that cards, including contactless cards, account for 53% of preferences from companies. Very few companies preferred other payment methods, with only 2% opting for direct debit or other means such as mobile payments. Those companies said that the most important criteria for them in terms of acceptance were security of payment (94%) and the reliability of payment methods (92%).



On 3 October, the European Banking Authority (EBA) published a Report on the reliance of the EU financial sector on counterparties, operators, and financing originating from outside the Single Market, which included findings related to card payments. The report is based on a survey of EU banks and shows that there are dependencies on non-EU operators regarding the provision of payment services, clearing and settlement and custody services. The report found that 20% of EU banks’ total fees and commissions expenses were credited to operators residing outside of the EU and that payment services, clearing and settlement and custody services are among the most common types of activities that EU banks source from non-EU operators. The report argues that the dependency on non-EU payment services providers mainly arises from the dependence on major US-originating payment card schemes. In the conclusions to the report, the EBA says that to mitigate the medium-term financial stability risks arising from possible disruptions to these services, it is important that the EU over time develops competitive alternatives to these types of services.


We wish you happy holidays and a fruitful New Year.


Michael Hoffman


Card Payment Sweden



Card Payment Sweden
Stortorget 13 B
SE-211 22 Malmö

+46 (0) 40 250 778