Payment Institution (PI) License in 2026: The Complete Guide
A 2026 deep dive into the EU Payment Institution licence: services, PSD2 to PSD3 and PSR transition, capital thresholds, safeguarding, popular jurisdictions, and PI vs EMI vs bank.
What a Payment Institution licence authorises
A Payment Institution (PI) licence is the EU authorisation that lets a non-bank firm provide regulated payment services under the Payment Services Directive. It is the most common fintech licence in Europe, sitting between a bank charter and a simple agent registration. The licence is issued by the home-state competent authority and, once granted, can be passported across the entire EEA.
Under Annex I of PSD2 a PI can offer any combination of the following services, and the capital requirement scales with the mix you choose.
Execution of payment transactions
Direct debits, standing orders, credit transfers and card-based payments from and to a payment account held with the PI.
Money remittance
Receiving funds from a payer without opening a payment account and delivering them to the payee or another PSP. The classic remittance and MTO use case.
Merchant acquiring
Contracting with merchants to accept and process card-based or account-to-account payments, the core of any PayFac or acquirer build.
Issuance of payment instruments
Issuing non-EMI cards and other payment instruments that initiate transactions from the customer's payment account. E-money issuance needs an EMI licence.
Payment initiation (PISP)
Initiating a payment at the user's request from an account held at another PSP. The open-banking pay-by-bank product sits here.
Account information (AISP)
Consolidating account data from one or more PSPs with customer consent. The foundation of PFM, lending underwriting and accounting integrations.
A PI cannot take deposits and cannot issue e-money. Funds held in a payment account must be ring-fenced (safeguarded) and cannot be used for lending except short credit tightly linked to a payment transaction.
Let's discuss your project and see how we can launch your digital banking product together
Request demoFrom PSD2 to PSD3 and the PSR in 2026
The legal backbone of the PI licence is Directive (EU) 2015/2366 (PSD2), in force across the EEA since January 2018. The 2026 picture is dominated by the transition to the next regime.
- PSD3 (Directive). Replaces PSD2 on authorisation, supervision and prudential rules. The Commission proposal was published in June 2023, the Council and Parliament reached a provisional agreement in 2025, and national transposition is expected 18 months after entry into force. Plan for applicability around 2026 to 2027.
- PSR (Payment Services Regulation). Directly applicable across the EU, it moves conduct rules (fraud, authentication, refunds, open finance access) from a directive into a regulation so they apply uniformly without national transposition.
- Single licensing regime. PSD3 merges the PI and EMI licences into a single authorisation, with e-money treated as a sub-category of payment services. Existing EMIs will be grandfathered.
- Fraud and SCA upgrades. Mandatory IBAN-name check, expanded liability for authorised push payment fraud, refined strong customer authentication rules and clearer API performance obligations on ASPSPs.
- FIDA (Financial Data Access). Extends data sharing beyond payment accounts into investments, pensions, insurance and mortgages, with a compensation model for data holders.
If you apply for a PI licence today, you apply under PSD2 and transition automatically. Regulators are already reviewing new files with one eye on PSD3 expectations, especially around fraud monitoring, incident reporting and outsourcing.
PI vs EMI vs bank
The three main European licences look similar from the outside but behave very differently on capital, scope and customer funds.
| Dimension | Payment Institution (PI) | E-money Institution (EMI) | Credit institution (bank) |
|---|---|---|---|
| Scope of services | PSD2 Annex I services: transfers, acquiring, remittance, PISP, AISP, non-EMI card issuing. | All PI services plus issuance and redemption of electronic money. | Full banking: deposits, lending on own balance sheet, all payment services. |
| Initial capital | EUR 20k / 50k / 125k depending on services. | EUR 350k. | EUR 5M minimum, typically much more in practice. |
| Customer funds | Safeguarded in a segregated account at a credit institution or covered by an insurance policy. Never on the PI's balance sheet. | Safeguarded the same way. E-money is redeemable at par value at any time. | Customer deposits sit on the bank's balance sheet and are covered by deposit-guarantee schemes up to EUR 100k. |
| Lending | Only short-term credit ancillary to a payment transaction, repaid within 12 months. | Same limited ancillary credit as a PI. | Full lending from own funds and deposits. |
| Time to licence | 9 to 18 months in most jurisdictions. | 12 to 24 months. | 3 to 5 years. |
| EU passport | Yes, via home-state notification. | Yes. | Yes, under CRD. |
Rule of thumb: if you only move money, pick PI. If you store value in a wallet or issue prepaid cards, pick EMI. If you take deposits and lend them, you need a bank.
Minimum capital and ongoing own funds
Article 7 of PSD2 (carried into PSD3) ties initial capital to the services you plan to provide. PSD3 keeps the same thresholds while clarifying own-funds methods.
Account information services alone (AISP) do not require initial capital but do require professional indemnity insurance. Initial capital must be paid up in cash at the time of licensing and is only the starting point. From day one, the PI must hold ongoing own funds calculated by one of four methods, and the competent authority picks the method:
- Method A - 10% of the previous year's fixed overheads. Used mostly for new entrants.
- Method B - a scaling percentage of payment volume (from 4.0% down to 0.25% across tranches) multiplied by a scaling factor k depending on services.
- Method C - a percentage of the sum of interest income, commissions and other operating income, again scaled by k.
- Method D - introduced for account information and payment initiation services, based on transaction volumes or a fixed floor.
Own funds are reported quarterly. The regulator can require up to 20% more or allow up to 20% less depending on risk profile. Skimping here is the fastest way to a Pillar 2 add-on and a cap on licensed activities.
The authorisation process, step by step
The procedure is highly standardised across the EU thanks to the EBA authorisation guidelines. The differences are in speed, flexibility and how hands-on the regulator is.
- Choose the home Member State. You must apply where your head office and main activities sit. Substance matters: regulators look at local directors, employees, risk and compliance staff, and real office presence.
- Prepare the authorisation file. Programme of operations, three-year business plan with stressed projections, structural organisation, governance arrangements, internal control framework, AML/CFT manual, safeguarding plan, ICT and security risk assessment, business continuity plan, and fit-and-proper questionnaires for shareholders with qualifying holdings and management.
- Pre-application meeting. Almost every regulator now expects an informal meeting before filing. Bring the business model, capital plan and safeguarding design.
- Formal submission. Statutory clock is three months of complete file for decision under PSD2. In practice, stop-the-clock questions push real timelines to 9 to 18 months.
- Conditions precedent. Once minded-to-approve, the regulator issues conditions: capital paid up, key hires on board, systems tested, safeguarding account live.
- EU passport. After authorisation, notify the home regulator of the Member States where you want to operate under freedom of services or freedom of establishment. Passporting is a notification, not a second licence.
- Agents and distributors. PIs can work through agents listed in the home register. Agents do not need their own licence but must meet fit-and-proper standards and appear in the EBA central register.
A lighter small PI regime exists in several jurisdictions (notably the UK and Lithuania) for firms below an average EUR 3 million monthly payment volume. Lower capital, lighter reporting, but no EU passport.
Popular PI jurisdictions in 2026
All EU regulators apply the same directive, but the experience of getting licensed varies enormously.
Lithuania (Bank of Lithuania)
The fintech licensing champion of the EU, with the largest population of PIs and EMIs per capita. Process in English, published timelines around 6 months for complete files, sandbox and newcomer programme. Substance expectations have tightened significantly since 2023.
Malta (MFSA)
Common-law style regulator, English procedure, strong for crypto-adjacent and gaming-adjacent payment firms. Process is thorough and can run 12 to 18 months, but the quality of the file once you exit is high.
Ireland (Central Bank of Ireland)
Popular post-Brexit relocation target. High-quality supervision, English first language, deep talent pool. Expect 12 to 24 months, heavy substance requirements and very detailed scrutiny of governance and outsourcing.
United Kingdom (FCA)
Outside the EU but still a major PI hub. Small PI (under EUR 3M/month turnover) and authorised PI regimes. No EU passport after Brexit, but a credible market of 70M+ consumers and a deep banking stack. Timelines 6 to 12 months.
Germany, France, Luxembourg and the Netherlands are also frequent homes for PIs with institutional clients. They are slower and more expensive, but pair well with banking partners and corporate customers that value a tier-1 regulator stamp.
Safeguarding customer funds
Safeguarding is the single most important operational rule of the PI regime. Because a PI is not a deposit taker, customer funds must never be comingled with corporate funds and must remain retrievable on insolvency.
Two methods are allowed under PSD2:
- Segregation method. Customer funds are held at the end of each business day in a segregated account with a credit institution, or invested in secure, liquid, low-risk assets approved by the regulator. The account must be legally ring-fenced so no creditor of the PI can claim it.
- Insurance or guarantee method. An insurance policy or guarantee from a credit institution for an amount equivalent to the funds that would otherwise have been segregated. Less common because premiums are high.
PSD3 tightens this further: mandatory diversification across at least two credit institutions above a threshold, explicit recognition of central-bank accounts for safeguarding where available, and clearer rules on reconciliation frequency. Daily reconciliation with full audit trail is the new baseline.
PI or EMI: how to choose
The two licences overlap, but the choice is rarely ambiguous once you describe the product in one sentence.
Choose PI if
- You move money between parties without storing it on a wallet
- You run a PISP or AISP open-banking product
- You acquire card payments for merchants
- You send remittances or operate an MTO
- You want the fastest, cheapest route to an EU passport
Choose EMI if
- You store customer value in a wallet or IBAN account
- You issue prepaid or debit cards with a stored balance
- You run a neobank-style product without lending
- You need to issue e-money vouchers or gift cards
- You plan to offer stablecoin-adjacent e-money under MiCA/PSD3
Note that under PSD3 the two licences will merge, with e-money treated as a sub-activity. Firms already authorised as PI or EMI will be grandfathered, but new applicants should architect the business plan around the future unified regime.
Launch your PI programme with Crassula
A PI licence is the legal layer. You still need technology: ledger, KYC, onboarding, safeguarding reconciliation, card program, payment orchestration, admin back office and reporting. Building all of that in-house takes 18 months and a team of 30. Crassula ships it as a white-label core.
Ledger and IBAN
Double-entry ledger, multi-currency accounts, IBAN provisioning via our BaaS partners.
KYC and AML
Onboarding, sanctions screening, transaction monitoring and case management.
SEPA, SWIFT, cards
SEPA, SEPA Instant, SWIFT, Visa and Mastercard issuing and acquiring.
Regulator ready
Safeguarding reconciliation, own-funds reporting, transaction logs and audit trail.
We work alongside your legal counsel on the authorisation file and plug the technology into your chosen home regulator. Teams launching with Crassula go live in 3 to 6 months once the licence is granted, versus 12 to 18 months for an in-house build.
FAQ
It is the EU authorisation granted under PSD2 (transitioning to PSD3) that lets a non-bank firm provide regulated payment services such as transfers, acquiring, remittance, card issuing, PISP and AISP, with an EU passport but without the right to take deposits or issue e-money.
Initial capital is EUR 20,000 for money remittance only, EUR 50,000 for payment initiation, and EUR 125,000 for transfers, acquiring and card issuing. AISP alone needs no initial capital but professional indemnity insurance. On top of that you hold ongoing own funds calculated under method A, B, C or D, picked by your regulator.
The statutory clock under PSD2 is three months from a complete file, but real-world timelines are 9 to 18 months depending on jurisdiction, file quality and how many stop-the-clock questions the regulator raises. Lithuania and the UK tend to be fastest, Ireland and Germany the most thorough.
Yes. Once authorised in a home Member State, you notify the home regulator of every country where you want to operate, either under freedom of services (cross-border from home) or freedom of establishment (local branch or agents). No second licence is required.
A lighter regime for firms below roughly EUR 3 million monthly average payment volume, available in the UK, Lithuania and a handful of other Member States. Lower capital and reporting, but no EU passport.
PSD3 merges the PI and EMI regimes into a single authorisation, tightens safeguarding, introduces mandatory IBAN-name check, expands liability for authorised push payment fraud and moves most conduct rules into a directly applicable regulation (PSR). Existing PIs will be grandfathered but must upgrade fraud and reporting systems.
Segregating customer payment funds from the PI's own money, either in a dedicated account at a credit institution (or low-risk secure assets) or under an insurance or guarantee policy. Funds must remain legally ring-fenced from the PI's creditors, reconciled daily and reported to the regulator.
Crassula provides the white-label core: ledger, KYC and AML, IBAN and card issuing, SEPA/SWIFT/Instant routing, safeguarding reconciliation, regulatory reports and admin back office. We integrate with your licensed entity or one of our BaaS partners so you can ship a branded payment product in 3 to 6 months after the licence is granted.
