Aller au contenu principal

Index

Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (Text with EEA relevance)

Source : EU law
Code/RS : 2015/2366
  • Abbréviation :

    PSDII

  • Disposition :

    Art. 67

  • Brève description :

    Rules on access to and use of payment account information in the case of account information services

  • Nature de la disposition :

    Obligation to share data with data recipients

  • Statut :

    In force

  • Secteur :

    Finance

Texte légal :

1. Member States shall ensure that a payment service user has the right to make use of services enabling access to account information as referred to in point (8) of Annex I. That right shall not apply where the payment account is not accessible online.

2. The account information service provider shall:

(a) provide services only where based on the payment service user’s explicit consent;

(b) ensure that the personalised security credentials of the payment service user are not, with the exception of the user and the issuer of the personalised security credentials, accessible to other parties and that when they are transmitted by the account information service provider, this is done through safe and efficient channels;

(c) for each communication session, identify itself towards the account servicing payment service provider(s) of the payment service user and securely communicate with the account servicing payment service provider(s) and the payment service user, in accordance with point (d) of Article 98(1);

(d) access only the information from designated payment accounts and associated payment transactions;

(e) not request sensitive payment data linked to the payment accounts;

(f) not use, access or store any data for purposes other than for performing the account information service explicitly requested by the payment service user, in accordance with data protection rules.

3. In relation to payment accounts, the account servicing payment service provider shall:

(a) communicate securely with the account information service providers in accordance with point (d) of Article 98(1); and

(b) treat data requests transmitted through the services of an account information service provider without any discrimination for other than objective reasons.

4. The provision of account information services shall not be dependent on the existence of a contractual relationship between the account information service providers and the account servicing payment service providers for that purpose.

Acteur sur lequel pèse l’obligation de partage de données

The account servicing payment service provider (e.g., the bank holding the user's account): shall provide all necessary information required for the provision of services.

Bénéficiaires

The account information service provider: receives and utilizes the information provided by the account servicing payment service provider to perform its services.

Critères de rattachement pour la Suisse

Critères de rattachement pour la Suisse

Aspects financiers

Remuneration may be required.The account servicing payment service provider may pass on transaction-related costs to the account information service provider (free of charge for the user/customer).

Caractère contraignant et/ou exécutoire

Binding obligation; enforceable right

Conditions à remplir pour accéder aux données

The account accessed by the account information service provider must be online. The user must explicitly consent to access to the information.

Exceptions et limitations

Refer to regulatory standards provided in paragraphs 2 and 3 regarding data retention restrictions and secure communication obligations (e.g., prohibition of data storage, ensuring secure transmission channels).

Dynamic and static data

Format

via API interfaces (Application Programming Interface) Note: "Secure and efficient channels", "in a secure manner". See Commission Delegated Regulation (EU) 2018/389 supplementing Directive (EU) 2015/2366 (RTS, Regulatory Technical Standards), setting out the requirements with which payment service providers must comply in order to implement security measures.

Plateforme

n/a

Acteur sur lequel pèse l’obligation de partage de données The account servicing payment service provider (e.g., the bank holding the user's account): shall provide all necessary information required for the provision of services.

Bénéficiaires The account information service provider: receives and utilizes the information provided by the account servicing payment service provider to perform its services.

Critères de rattachement pour la Suisse Cf. Article 2 PSDII: This Directive applies to payment services provided within the Union. Titles III and IV apply to payment transactions denominated in a currency of a Member State, where both the payer’s and payee’s payment service providers are located within the Union, or where the sole payment service provider involved in the payment transaction is located within the Union. [...] Title IV, with the exception of Articles 81 to 86, applies to payment transactions denominated in a currency other than that of a Member State, provided both the payer’s and payee’s payment service providers are located within the Union, or the sole payment service provider involved in the transaction is located within the Union, with regard to those parts of the payment transaction carried out within the Union. [...] Title IV, except for Article 62 (paragraphs 2 and 4), Articles 76, 77 and 81, Article 83 (paragraph 1), and Articles 89 and 92, applies to payment transactions in all currencies when only one of the payment service providers is located within the Union, with regard to those parts of the payment transaction carried out within the Union.

Aspects financiers Remuneration may be required.The account servicing payment service provider may pass on transaction-related costs to the account information service provider (free of charge for the user/customer).

Caractère contraignant et/ou exécutoire Binding obligation; enforceable right

Conditions à remplir pour accéder aux données The account accessed by the account information service provider must be online. The user must explicitly consent to access to the information.

Exceptions et limitations Refer to regulatory standards provided in paragraphs 2 and 3 regarding data retention restrictions and secure communication obligations (e.g., prohibition of data storage, ensuring secure transmission channels).

Composante temporelle Dynamic and static data

Format via API interfaces (Application Programming Interface) Note: "Secure and efficient channels", "in a secure manner". See Commission Delegated Regulation (EU) 2018/389 supplementing Directive (EU) 2015/2366 (RTS, Regulatory Technical Standards), setting out the requirements with which payment service providers must comply in order to implement security measures.

Plateforme n/a

Élaboration et exclusion de responsabilité

Cet index a été établi sur mandat de l’IPI par l’étude id est avocats Sàrl (pour la partie relative au droit suisse) et par l’étude Pierstone (pour la partie relative au droit européen). 

Cet index ne constitue pas un conseil juridique et aucune garantie n’est donnée quant à son caractère exhaustif. 

Ni id est avocats Sàrl, ni Pierstone, ni l’IPI, ni le DFJP ne sauraient être tenus responsables de décisions ou actions prises sur la base de cet index.