Deep Dive: The Netherlands Counter PSD2, GDPR Infrastructure Challenges

Governments and companies looking to comply with PSD2 have had to meet several deadlines, some of which are still approaching. For FIs and merchants to fully integrate PSD2 regulations into their systems, they must comply with strong customer authentication by this September — a deadline that is creeping closer and closer.

Some countries looking to remain compliant may have to do more work than others. One of the key aspects of PSD2 required banks to open their API marketplaces to third-parties by mid-March, but only a few nations were able to meet that benchmark, and they had to overcome a number of challenges to their banking infrastructures to do so.

Among the most recent countries to implement the regulation is the Netherlands, following Finland and Norway, all of which had to balance customer bases used to the speed and security of their legacy banks with the careful entrance of new third-party players. Though 80 percent of Dutch consumers had never even heard of PSD2, they nevertheless wanted to keep their financial experiences frictionless and fast.

These three countries are, nonetheless, becoming part of the open banking system and are now dealing with upgrades to their payment systems, new authentication requirements, discussions surrounding GPDR and other aspects of PSD2. On top of that, they’re still trying to catch up with countries that managed to reach PSD2 compliance in earlier months.

The Netherlands and the PSD2 problem

Consumers in the Netherlands’ were already accustomed to faster payments, so the biggest challenge for the country was meeting their data privacy concerns with more secure authentication. Thus, banks and regulators needed to set very particular standards for third-party providers coming into the market, according to De Nederlandsche Bank (DNB), the central regulator issuing licenses to third-party providers it deems trustworthy.

Moving forward and with the SCA deadline on the horizon, trust will remain a challenging factor for regulators and legacy institutions like DNB. Because so many consumers in the Netherlands are unaware of PSD2, the additional authentication measures that come with SSCA will need to be handled carefully by Dutch businesses. Unfortunately, a recent study shows that 24 percent of businesses currently do not plan to implement SCA on their own, which could lead to issues for regulators and other financial players.

Like PSD2, SCA applies to all merchants operating within the EU — even if they are foreign-based companies. These merchants are also being asked to share more data with acquirers than ever before, which may result in pushback from consumers who are still concerned over where their data is going and why. This is especially true of consumers the Netherlands, where data privacy and transparency can’t come at the expense of customer comfort.

SCA, GDPR and future challenges

The Netherlands is also grappling with GDPR, which could have a significant effect on how consumers cope with data privacy. The regulation asks for an open API marketplace with participation from third-party providers, like PSD2, but it also requires further changes to regulatory risk strategies and data transfers. To ensure compliance, FIs will need to make several changes to the way they handle data. On top of that, they will need to ensure that consumers are adequately informed of these changes. With 80 percent of the Netherlands’ market still looking for clarity on PSD2, that is something that will surely present a challenge.



Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border.

Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.