Commission Delegated Regulation (EU) 2022/2360, which amends the regulatory technical standards (RTS) for strong customer authentication under PSD2, has been published in the OJEU.
As a reminder, the amendments to the RTS:
- introduce a mandatory exemption from the requirement to apply SCA that will require account providers not to apply SCA when customers use an AISP to access their payment account information, provided certain conditions are met;
- limit the scope of the voluntary exemption in Article 10 to instances where the customer accesses the account information directly; and
- extend the timeline for the renewal of SCA from every 90 days to every 180 days, both when the information is accessed via an AISP or directly by the customer.
The Delegated Regulation will enter into force on 25 December and will apply from 25 July 2023.