Directive 2013/11/EU of the European Parliament and of the Council of 21 May 2013 on alternative dispute resolution for consumer disputes and amending Regulation (EC) No 2006/2004 and Directive 2009/22/EC (Directive on consumer ADR) (OJ L 165, 18.6.2013, p. 63).

Substituted by Corrigendum to Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010 and repealing Directive 2007/64/EC (Official Journal of the European Union L 337 of 23 December 2015).

http://www.legislation.gov.uk/eudr/2015/2366/title/IV/2020-12-31Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (Text with EEA relevance)Directive (EU) 2015/2366 of the European Parliament and of the CouncilDirective (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (Text with EEA relevance)2020-12-10King's Printer of Acts of Parliamenthttps://webarchive.nationalarchives.gov.uk/eu-exit/https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02015L2366-20151223texttext/xmlen2015-12-23<num>TITLE IV</num><heading><strong>RIGHTS AND OBLIGATIONS IN RELATION TO THE PROVISION AND USE OF PAYMENT SERVICES</strong></heading><chapter eId="title-IV-chapter-1" period="#period2"><num><em>CHAPTER 1</em></num><heading><strong><em>Common provisions</em></strong></heading><article eId="article-61" period="#period2"><num>Article 61</num><heading>Scope</heading><paragraph eId="article-61-1"><num>1</num><content><p>Where the payment service user is not a consumer, the payment service user and the <ins class="substitution O000005M003 first last"><noteRef href="#c000001" marker="X1" class="commentary attribute X"/>payment service provider may agree that Article 62(1), Article 64(3), and Articles 72, 74, 76, 77, 80, 89 and 90</ins> do not apply in whole or in part. The payment service user and the payment service provider may also agree on time limits that are different from those laid down in Article 71.</p></content></paragraph><paragraph eId="article-61-2"><num>2</num><content><p>Member States may provide that Article 102 does not apply where the payment service user is not a consumer.</p></content></paragraph><paragraph eId="article-61-3"><num>3</num><content><p>Member States may provide that provisions in this Title are applied to microenterprises in the same way as to consumers.</p></content></paragraph><paragraph eId="article-61-4"><num>4</num><content><p>This Directive shall be without prejudice to Directive 2008/48/EC, other relevant Union law or national measures regarding conditions for granting credit to consumers not harmonised by this Directive that comply with Union law.</p></content></paragraph></article><article eId="article-62" period="#period2"><num>Article 62</num><heading>Charges applicable</heading><paragraph eId="article-62-1"><num>1</num><content><p>The payment service provider shall not charge the payment service user for fulfilment of its information obligations or corrective and preventive measures under this Title, <ins class="substitution O000005M004 first last"><noteRef href="#c000001" marker="X1" class="commentary attribute X"/>unless otherwise specified in Article 79(1), Article 80(5) and Article 88(4).</ins> Those charges shall be agreed between the payment service user and the payment service provider and shall be appropriate and in line with the payment service provider’s actual costs.</p></content></paragraph><paragraph eId="article-62-2"><num>2</num><content><p>Member States shall require that for payment transactions provided within the Union, where both the payer’s and the payee’s payment service providers are, or the sole payment service provider in the payment transaction is, located therein, the payee pays the charges levied by his payment service provider, and the payer pays the charges levied by his payment service provider.</p></content></paragraph><paragraph eId="article-62-3"><num>3</num><content><p>The payment service provider shall not prevent the payee from requesting from the payer a charge, offering him a reduction or otherwise steering him towards the use of a given payment instrument. Any charges applied shall not exceed the direct costs borne by the payee for the use of the specific payment instrument.</p></content></paragraph><paragraph eId="article-62-4"><num>4</num><content><p>In any case, Member States shall ensure that the payee shall not request charges for the use of payment instruments for which interchange fees are regulated under Chapter II of Regulation (EU) 2015/751 and for those payment services to which Regulation (EU) No 260/2012 applies.</p></content></paragraph><paragraph eId="article-62-5"><num>5</num><content><p>Member States may prohibit or limit the right of the payee to request charges taking into account the need to encourage competition and promote the use of efficient payment instruments.</p></content></paragraph></article><article eId="article-63" period="#period1"><num>Article 63</num><heading>Derogation for low value payment instruments and electronic money</heading><paragraph eId="article-63-1"><num>1</num><intro><p>In the case of payment instruments which, according to the framework contract, solely concern individual payment transactions not exceeding EUR 30 or which either have a spending limit of EUR 150, or store funds which do not exceed EUR 150 at any time, payment service providers may agree with their payment service users that:</p></intro><subparagraph eId="d4e854"><num>a</num><content><p>point (b) of Article 69(1), points (c) and (d) of Article 70(1), and Article 74(3) do not apply if the payment instrument does not allow its blocking or prevention of its further use;</p></content></subparagraph><subparagraph eId="d4e860"><num>b</num><content><p>Articles 72 and 73, and Article 74(1) and (3), do not apply if the payment instrument is used anonymously or the payment service provider is not in a position for other reasons which are intrinsic to the payment instrument to prove that a payment transaction was authorised;</p></content></subparagraph><subparagraph eId="d4e866"><num>c</num><content><p>by way of derogation from Article 79(1), the payment service provider is not required to notify the payment service user of the refusal of a payment order, if the non-execution is apparent from the context;</p></content></subparagraph><subparagraph eId="d4e872"><num>d</num><content><p>by way of derogation from Article 80, the payer may not revoke the payment order after transmitting the payment order or giving consent to execute the payment transaction to the payee;</p></content></subparagraph><subparagraph eId="d4e878"><num>e</num><content><p>by way of derogation from Articles 83 and 84, other execution periods apply.</p></content></subparagraph></paragraph><paragraph eId="article-63-2"><num>2</num><content><p>For national payment transactions, Member States or their competent authorities may reduce or double the amounts referred to in paragraph 1. They may increase them for prepaid payment instruments up to EUR 500.</p></content></paragraph><paragraph eId="article-63-3"><num>3</num><content><p>Articles 73 and 74 of this Directive shall apply also to electronic money as defined in point (2) of Article 2 of Directive 2009/110/EC, except where the payer’s payment service provider does not have the ability to freeze the payment account on which the electronic money is stored or block the payment instrument. Member States may limit that derogation to payment accounts on which the electronic money is stored or to payment instruments of a certain value.</p></content></paragraph></article></chapter><chapter eId="title-IV-chapter-2" period="#period2"><num><em>CHAPTER 2</em></num><heading><strong><em>Authorisation of payment transactions</em></strong></heading><article eId="article-64" period="#period1"><num>Article 64</num><heading>Consent and withdrawal of consent</heading><paragraph eId="article-64-1"><num>1</num><content><p>Member States shall ensure that a payment transaction is considered to be authorised only if the payer has given consent to execute the payment transaction. A payment transaction may be authorised by the payer prior to or, if agreed between the payer and the payment service provider, after the execution of the payment transaction.</p></content></paragraph><paragraph eId="article-64-2"><num>2</num><content><p>Consent to execute a payment transaction or a series of payment transactions shall be given in the form agreed between the payer and the payment service provider. Consent to execute a payment transaction may also be given via the payee or the payment initiation service provider.</p><p>In the absence of consent, a payment transaction shall be considered to be unauthorised.</p></content></paragraph><paragraph eId="article-64-3"><num>3</num><content><p>Consent may be withdrawn by the payer at any time, but no later than at the moment of irrevocability in accordance with Article 80. Consent to execute a series of payment transactions may also be withdrawn, in which case any future payment transaction shall be considered to be unauthorised.</p></content></paragraph><paragraph eId="article-64-4"><num>4</num><content><p>The procedure for giving consent shall be agreed between the payer and the relevant payment service provider(s).</p></content></paragraph></article><article eId="article-65" period="#period1"><num>Article 65</num><heading>Confirmation on the availability of funds</heading><paragraph eId="article-65-1"><num>1</num><intro><p>Member States shall ensure that an account servicing payment service provider shall, upon the request of a payment service provider issuing card-based payment instruments, immediately confirm whether an amount necessary for the execution of a card-based payment transaction is available on the payment account of the payer, provided that all of the following conditions are met:</p></intro><subparagraph eId="d4e951"><num>a</num><content><p>the payment account of the payer is accessible online at the time of the request;</p></content></subparagraph><subparagraph eId="d4e957"><num>b</num><content><p>the payer has given explicit consent to the account servicing payment service provider to respond to requests from a specific payment service provider to confirm that the amount corresponding to a certain card-based payment transaction is available on the payer’s payment account;</p></content></subparagraph><subparagraph eId="d4e963"><num>c</num><content><p>the consent referred to in point (b) has been given before the first request for confirmation is made.</p></content></subparagraph></paragraph><paragraph eId="article-65-2"><num>2</num><intro><p>The payment service provider may request the confirmation referred to in paragraph 1 where all of the following conditions are met:</p></intro><subparagraph eId="d4e975"><num>a</num><content><p>the payer has given explicit consent to the payment service provider to request the confirmation referred to in paragraph 1;</p></content></subparagraph><subparagraph eId="d4e981"><num>b</num><content><p>the payer has initiated the card-based payment transaction for the amount in question using a card based payment instrument issued by the payment service provider;</p></content></subparagraph><subparagraph eId="d4e987"><num>c</num><content><p>the payment service provider authenticates itself towards the account servicing payment service provider before each confirmation request, and securely communicates with the account servicing payment service provider in accordance with point (d) of Article 98(1).</p></content></subparagraph></paragraph><paragraph eId="article-65-3"><num>3</num><content><p>In accordance with Directive 95/46/EC, the confirmation referred to in paragraph 1 shall consist only in a simple ‘yes’ or ‘no’ answer and not in a statement of the account balance. That answer shall not be stored or used for purposes other than for the execution of the card-based payment transaction.</p></content></paragraph><paragraph eId="article-65-4"><num>4</num><content><p>The confirmation referred to in paragraph 1 shall not allow for the account servicing payment service provider to block funds on the payer’s payment account.</p></content></paragraph><paragraph eId="article-65-5"><num>5</num><content><p>The payer may request the account servicing payment service provider to communicate to the payer the identification of the payment service provider and the answer provided.</p></content></paragraph><paragraph eId="article-65-6"><num>6</num><content><p>This Article does not apply to payment transactions initiated through card-based payment instruments on which electronic money as defined in point (2) of Article 2 of Directive 2009/110/EC is stored.</p></content></paragraph></article><article eId="article-66" period="#period1"><num>Article 66</num><heading>Rules on access to payment account in the case of payment initiation services</heading><paragraph eId="article-66-1"><num>1</num><content><p>Member States shall ensure that a payer has the right to make use of a payment initiation service provider to obtain payment services as referred to in point (7) of Annex I. The right to make use of a payment initiation service provider shall not apply where the payment account is not accessible online.</p></content></paragraph><paragraph eId="article-66-2"><num>2</num><content><p>When the payer gives its explicit consent for a payment to be executed in accordance with Article 64, the account servicing payment service provider shall perform the actions specified in paragraph 4 of this Article in order to ensure the payer’s right to use the payment initiation service.</p></content></paragraph><paragraph eId="article-66-3"><num>3</num><intro><p>The payment initiation service provider shall:</p></intro><subparagraph eId="d4e1042"><num>a</num><content><p>not hold at any time the payer’s funds in connection with the provision of the payment initiation service;</p></content></subparagraph><subparagraph eId="d4e1048"><num>b</num><content><p>ensure that the personalised security credentials of the payment service user are not, with the exception of the user and the issuer of the personalised security credentials, accessible to other parties and that they are transmitted by the payment initiation service provider through safe and efficient channels;</p></content></subparagraph><subparagraph eId="d4e1054"><num>c</num><content><p>ensure that any other information about the payment service user, obtained when providing payment initiation services, is only provided to the payee and only with the payment service user’s explicit consent;</p></content></subparagraph><subparagraph eId="d4e1060"><num>d</num><content><p>every time a payment is initiated, identify itself towards the account servicing payment service provider of the payer and communicate with the account servicing payment service provider, the payer and the payee in a secure way, in accordance with point (d) of Article 98(1);</p></content></subparagraph><subparagraph eId="d4e1066"><num>e</num><content><p>not store sensitive payment data of the payment service user;</p></content></subparagraph><subparagraph eId="d4e1072"><num>f</num><content><p>not request from the payment service user any data other than those necessary to provide the payment initiation service;</p></content></subparagraph><subparagraph eId="d4e1078"><num>g</num><content><p>not use, access or store any data for purposes other than for the provision of the payment initiation service as explicitly requested by the payer;</p></content></subparagraph><subparagraph eId="d4e1084"><num>h</num><content><p>not modify the amount, the payee or any other feature of the transaction.</p></content></subparagraph></paragraph><paragraph eId="article-66-4"><num>4</num><intro><p>The account servicing payment service provider shall:</p></intro><subparagraph eId="d4e1096"><num>a</num><content><p>communicate securely with payment initiation service providers in accordance with point (d) of Article 98(1);</p></content></subparagraph><subparagraph eId="d4e1102"><num>b</num><content><p>immediately after receipt of the payment order from a payment initiation service provider, provide or make available all information on the initiation of the payment transaction and all information accessible to the account servicing payment service provider regarding the execution of the payment transaction to the payment initiation service provider;</p></content></subparagraph><subparagraph eId="d4e1108"><num>c</num><content><p>treat payment orders transmitted through the services of a payment initiation service provider without any discrimination other than for objective reasons, in particular in terms of timing, priority or charges vis-à-vis payment orders transmitted directly by the payer.</p></content></subparagraph></paragraph><paragraph eId="article-66-5"><num>5</num><content><p>The provision of payment initiation services shall not be dependent on the existence of a contractual relationship between the payment initiation service providers and the account servicing payment service providers for that purpose.</p></content></paragraph></article><article eId="article-67" period="#period1"><num>Article 67</num><heading>Rules on access to and use of payment account information in the case of account information services</heading><paragraph eId="article-67-1"><num>1</num><content><p>Member States shall ensure that a payment service user has the right to make use of services enabling access to account information as referred to in point (8) of Annex I. That right shall not apply where the payment account is not accessible online.</p></content></paragraph><paragraph eId="article-67-2"><num>2</num><intro><p>The account information service provider shall:</p></intro><subparagraph eId="d4e1139"><num>a</num><content><p>provide services only where based on the payment service user’s explicit consent;</p></content></subparagraph><subparagraph eId="d4e1145"><num>b</num><content><p>ensure that the personalised security credentials of the payment service user are not, with the exception of the user and the issuer of the personalised security credentials, accessible to other parties and that when they are transmitted by the account information service provider, this is done through safe and efficient channels;</p></content></subparagraph><subparagraph eId="d4e1151"><num>c</num><content><p>for each communication session, identify itself towards the account servicing payment service provider(s) of the payment service user and securely communicate with the account servicing payment service provider(s) and the payment service user, in accordance with point (d) of Article 98(1);</p></content></subparagraph><subparagraph eId="d4e1157"><num>d</num><content><p>access only the information from designated payment accounts and associated payment transactions;</p></content></subparagraph><subparagraph eId="d4e1163"><num>e</num><content><p>not request sensitive payment data linked to the payment accounts;</p></content></subparagraph><subparagraph eId="d4e1169"><num>f</num><content><p>not use, access or store any data for purposes other than for performing the account information service explicitly requested by the payment service user, in accordance with data protection rules.</p></content></subparagraph></paragraph><paragraph eId="article-67-3"><num>3</num><intro><p>In relation to payment accounts, the account servicing payment service provider shall:</p></intro><subparagraph eId="d4e1181"><num>a</num><content><p>communicate securely with the account information service providers in accordance with point (d) of Article 98(1); and</p></content></subparagraph><subparagraph eId="d4e1187"><num>b</num><content><p>treat data requests transmitted through the services of an account information service provider without any discrimination for other than objective reasons.</p></content></subparagraph></paragraph><paragraph eId="article-67-4"><num>4</num><content><p>The provision of account information services shall not be dependent on the existence of a contractual relationship between the account information service providers and the account servicing payment service providers for that purpose.</p></content></paragraph></article><article eId="article-68" period="#period1"><num>Article 68</num><heading>Limits of the use of the payment instrument and of the access to payment accounts by payment service providers</heading><paragraph eId="article-68-1"><num>1</num><content><p>Where a specific payment instrument is used for the purposes of giving consent, the payer and the payer’s payment service provider may agree on spending limits for payment transactions executed through that payment instrument.</p></content></paragraph><paragraph eId="article-68-2"><num>2</num><content><p>If agreed in the framework contract, the payment service provider may reserve the right to block the payment instrument for objectively justified reasons relating to the security of the payment instrument, the suspicion of unauthorised or fraudulent use of the payment instrument or, in the case of a payment instrument with a credit line, a significantly increased risk that the payer may be unable to fulfil its liability to pay.</p></content></paragraph><paragraph eId="article-68-3"><num>3</num><content><p>In such cases the payment service provider shall inform the payer of the blocking of the payment instrument and the reasons for it in an agreed manner, where possible, before the payment instrument is blocked and at the latest immediately thereafter, unless providing such information would compromise objectively justified security reasons or is prohibited by other relevant Union or national law.</p></content></paragraph><paragraph eId="article-68-4"><num>4</num><content><p>The payment service provider shall unblock the payment instrument or replace it with a new payment instrument once the reasons for blocking no longer exist.</p></content></paragraph><paragraph eId="article-68-5"><num>5</num><content><p>An account servicing payment service provider may deny an account information service provider or a payment initiation service provider access to a payment account for objectively justified and duly evidenced reasons relating to unauthorised or fraudulent access to the payment account by that account information service provider or that payment initiation service provider, including the unauthorised or fraudulent initiation of a payment transaction. In such cases the account servicing payment service provider shall inform the payer that access to the payment account is denied and the reasons therefor in the form agreed. That information shall, where possible, be given to the payer before access is denied and at the latest immediately thereafter, unless providing such information would compromise objectively justified security reasons or is prohibited by other relevant Union or national law.</p><p>The account servicing payment service provider shall allow access to the payment account once the reasons for denying access no longer exist.</p></content></paragraph><paragraph eId="article-68-6"><num>6</num><content><p>In the cases referred to in paragraph 5, the account servicing payment service provider shall immediately report the incident relating to the account information service provider or the payment initiation service provider to the competent authority. The information shall include the relevant details of the case and the reasons for taking action. The competent authority shall assess the case and shall, if necessary, take appropriate measures.</p></content></paragraph></article><article eId="article-69" period="#period1"><num>Article 69</num><heading>Obligations of the payment service user in relation to payment instruments and personalised security credentials</heading><paragraph eId="article-69-1"><num>1</num><intro><p>The payment service user entitled to use a payment instrument shall:</p></intro><subparagraph eId="d4e1258"><num>a</num><content><p>use the payment instrument in accordance with the terms governing the issue and use of the payment instrument, which must be objective, non-discriminatory and proportionate;</p></content></subparagraph><subparagraph eId="d4e1264"><num>b</num><content><p>notify the payment service provider, or the entity specified by the latter, without undue delay on becoming aware of the loss, theft, misappropriation or unauthorised use of the payment instrument.</p></content></subparagraph></paragraph><paragraph eId="article-69-2"><num>2</num><content><p>For the purposes of point (a) of paragraph 1, the payment service user shall, in particular, as soon as in receipt of a payment instrument, take all reasonable steps to keep its personalised security credentials safe.</p></content></paragraph></article><article eId="article-70" period="#period1"><num>Article 70</num><heading>Obligations of the payment service provider in relation to payment instruments</heading><paragraph eId="article-70-1"><num>1</num><intro><p>The payment service provider issuing a payment instrument shall:</p></intro><subparagraph eId="d4e1289"><num>a</num><content><p>make sure that the personalised security credentials are not accessible to parties other than the payment service user that is entitled to use the payment instrument, without prejudice to the obligations on the payment service user set out in Article 69;</p></content></subparagraph><subparagraph eId="d4e1295"><num>b</num><content><p>refrain from sending an unsolicited payment instrument, except where a payment instrument already given to the payment service user is to be replaced;</p></content></subparagraph><subparagraph eId="d4e1301"><num>c</num><content><p>ensure that appropriate means are available at all times to enable the payment service user to make a notification pursuant to point (b) of Article 69(1) or to request unblocking of the payment instrument pursuant to Article 68(4); on request, the payment service provider shall provide the payment service user with the means to prove, for 18 months after notification, that the payment service user made such a notification;</p></content></subparagraph><subparagraph eId="d4e1307"><num>d</num><content><p>provide the payment service user with an option to make a notification pursuant to point (b) of Article 69(1) free of charge and to charge, if at all, only replacement costs directly attributed to the payment instrument;</p></content></subparagraph><subparagraph eId="d4e1313"><num>e</num><content><p>prevent all use of the payment instrument once notification pursuant to point (b) of Article 69(1) has been made.</p></content></subparagraph></paragraph><paragraph eId="article-70-2"><num>2</num><content><p>The payment service provider shall bear the risk of sending a payment instrument or any personalised security credentials relating to it to the payment service user.</p></content></paragraph></article><article eId="article-71" period="#period1"><num>Article 71</num><heading>Notification and rectification of unauthorised or incorrectly executed payment transactions</heading><paragraph eId="article-71-1"><num>1</num><content><p>The payment service user shall obtain rectification of an unauthorised or incorrectly executed payment transaction from the payment service provider only if the payment service user notifies the payment service provider without undue delay on becoming aware of any such transaction giving rise to a claim, including that under Article 89, and no later than 13 months after the debit date.</p><p>The time limits for notification laid down in the first subparagraph do not apply where the payment service provider has failed to provide or make available the information on the payment transaction in accordance with Title III.</p></content></paragraph><paragraph eId="article-71-2"><num>2</num><content><p>Where a payment initiation service provider is involved, the payment service user shall obtain rectification from the account servicing payment service provider pursuant to paragraph 1 of this Article, without prejudice to Article 73(2) and Article 89(1).</p></content></paragraph></article><article eId="article-72" period="#period1"><num>Article 72</num><heading>Evidence on authentication and execution of payment transactions</heading><paragraph eId="article-72-1"><num>1</num><content><p>Member States shall require that, where a payment service user denies having authorised an executed payment transaction or claims that the payment transaction was not correctly executed, it is for the payment service provider to prove that the payment transaction was authenticated, accurately recorded, entered in the accounts and not affected by a technical breakdown or some other deficiency of the service provided by the payment service provider.</p><p>If the payment transaction is initiated through a payment initiation service provider, the burden shall be on the payment initiation service provider to prove that within its sphere of competence, the payment transaction was authenticated, accurately recorded and not affected by a technical breakdown or other deficiency linked to the payment service of which it is in charge.</p></content></paragraph><paragraph eId="article-72-2"><num>2</num><content><p>Where a payment service user denies having authorised an executed payment transaction, the use of a payment instrument recorded by the payment service provider, including the payment initiation service provider as appropriate, shall in itself not necessarily be sufficient to prove either that the payment transaction was authorised by the payer or that the payer acted fraudulently or failed with intent or gross negligence to fulfil one or more of the obligations under Article 69. The payment service provider, including, where appropriate, the payment initiation service provider, shall provide supporting evidence to prove fraud or gross negligence on part of the payment service user.</p></content></paragraph></article><article eId="article-73" period="#period1"><num>Article 73</num><heading>Payment service provider’s liability for unauthorised payment transactions</heading><paragraph eId="article-73-1"><num>1</num><content><p>Member States shall ensure that, without prejudice to Article 71, in the case of an unauthorised payment transaction, the payer’s payment service provider refunds the payer the amount of the unauthorised payment transaction immediately, and in any event no later than by the end of the following business day, after noting or being notified of the transaction, except where the payer’s payment service provider has reasonable grounds for suspecting fraud and communicates those grounds to the relevant national authority in writing. Where applicable, the payer’s payment service provider shall restore the debited payment account to the state in which it would have been had the unauthorised payment transaction not taken place. This shall also ensure that the credit value date for the payer’s payment account shall be no later than the date the amount had been debited.</p></content></paragraph><paragraph eId="article-73-2"><num>2</num><content><p>Where the payment transaction is initiated through a payment initiation service provider, the account servicing payment service provider shall refund immediately, and in any event no later than by the end of the following business day the amount of the unauthorised payment transaction and, where applicable, restore the debited payment account to the state in which it would have been had the unauthorised payment transaction not taken place.</p><p>If the payment initiation service provider is liable for the unauthorised payment transaction, it shall immediately compensate the account servicing payment service provider at its request for the losses incurred or sums paid as a result of the refund to the payer, including the amount of the unauthorised payment transaction. In accordance with Article 72(1), the burden shall be on the payment initiation service provider to prove that, within its sphere of competence, the payment transaction was authenticated, accurately recorded and not affected by a technical breakdown or other deficiency linked to the payment service of which it is in charge.</p></content></paragraph><paragraph eId="article-73-3"><num>3</num><content><p>Further financial compensation may be determined in accordance with the law applicable to the contract concluded between the payer and the payment service provider or the contract concluded between the payer and the payment initiation service provider if applicable.</p></content></paragraph></article><article eId="article-74" period="#period1"><num>Article 74</num><heading>Payer’s liability for unauthorised payment transactions</heading><paragraph eId="article-74-1"><num>1</num><intro><p>By way of derogation from Article 73, the payer may be obliged to bear the losses relating to any unauthorised payment transactions, up to a maximum of EUR 50, resulting from the use of a lost or stolen payment instrument or from the misappropriation of a payment instrument.</p><p>The first subparagraph shall not apply if:</p></intro><subparagraph eId="d4e1414"><num>a</num><content><p>the loss, theft or misappropriation of a payment instrument was not detectable to the payer prior to a payment, except where the payer has acted fraudulently; or</p></content></subparagraph><subparagraph eId="d4e1420"><num>b</num><content><p>the loss was caused by acts or lack of action of an employee, agent or branch of a payment service provider or of an entity to which its activities were outsourced.</p></content></subparagraph><wrapUp><p>The payer shall bear all of the losses relating to any unauthorised payment transactions if they were incurred by the payer acting fraudulently or failing to fulfil one or more of the obligations set out in Article 69 with intent or gross negligence. In such cases, the maximum amount referred to in the first subparagraph shall not apply.</p><p>Where the payer has neither acted fraudulently nor intentionally failed to fulfil its obligations under Article 69, Member States may reduce the liability referred to in this paragraph, taking into account, in particular, the nature of the personalised security credentials and the specific circumstances under which the payment instrument was lost, stolen or misappropriated.</p></wrapUp></paragraph><paragraph eId="article-74-2"><num>2</num><content><p>Where the payer’s payment service provider does not require strong customer authentication, the payer shall not bear any financial losses unless the payer has acted fraudulently. Where the payee or the payment service provider of the payee fails to accept strong customer authentication, it shall refund the financial damage caused to the payer’s payment service provider.</p></content></paragraph><paragraph eId="article-74-3"><num>3</num><content><p>The payer shall not bear any financial consequences resulting from use of the lost, stolen or misappropriated payment instrument after notification in accordance with point (b) of Article 69(1), except where the payer has acted fraudulently.</p><p>If the payment service provider does not provide appropriate means for the notification at all times of a lost, stolen or misappropriated payment instrument, as required under point (c) of Article 70(1), the payer shall not be liable for the financial consequences resulting from use of that payment instrument, except where the payer has acted fraudulently.</p></content></paragraph></article><article eId="article-75" period="#period1"><num>Article 75</num><heading>Payment transactions where the transaction amount is not known in advance</heading><paragraph eId="article-75-1"><num>1</num><content><p>Where a payment transaction is initiated by or through the payee in the context of a card-based payment transaction and the exact amount is not known at the moment when the payer gives consent to execute the payment transaction, the payer’s payment service provider may block funds on the payer’s payment account only if the payer has given consent to the exact amount of the funds to be blocked.</p></content></paragraph><paragraph eId="article-75-2"><num>2</num><content><p>The payer’s payment service provider shall release the funds blocked on the payer’s payment account under paragraph 1 without undue delay after receipt of the information about the exact amount of the payment transaction and at the latest immediately after receipt of the payment order.</p></content></paragraph></article><article eId="article-76" period="#period2"><num>Article 76</num><heading>Refunds for payment transactions initiated by or through a payee</heading><paragraph eId="article-76-1"><num>1</num><intro><p>Member States shall ensure that a payer is entitled to a refund from the payment service provider of an authorised payment transaction which was initiated by or through a payee and which has already been executed, if both of the following conditions are met:</p></intro><subparagraph eId="d4e1479"><num>a</num><content><p>the authorisation did not specify the exact amount of the payment transaction when the authorisation was made;</p></content></subparagraph><subparagraph eId="d4e1485"><num>b</num><content><p>the amount of the payment transaction exceeded the amount the payer could reasonably have expected taking into account the previous spending pattern, the conditions in the framework contract and relevant circumstances of the case.</p></content></subparagraph><wrapUp><p>At the payment service provider’s request, the payer shall bear the burden of proving such conditions are met.</p><p>The refund shall consist of the full amount of the executed payment transaction. The credit value date for the payer’s payment account shall be no later than the date the amount was debited.</p><p><ins class="substitution O000005M005 first last"><noteRef href="#c000001" marker="X1" class="commentary attribute X"/>Without prejudice to paragraph 3 of this Article, Member States shall ensure that, in addition to the right referred to in the first subparagraph of this paragraph, for direct debits as referred to in Article 1 of Regulation (EU) No 260/2012, the payer has an unconditional right to a refund within the time limits laid down in Article 77 of this Directive.</ins></p></wrapUp></paragraph><paragraph eId="article-76-2"><num>2</num><content><p>However, for the purposes of point (b) of the first subparagraph of paragraph 1, the payer shall not rely on currency exchange reasons if the reference exchange rate agreed with its payment service provider in accordance with point (d) of Article 45(1) and point (3)(b) of Article 52 was applied.</p></content></paragraph><paragraph eId="article-76-3"><num>3</num><intro><p>It may be agreed in a framework contract between the payer and the payment service provider that the payer has no right to a refund where:</p></intro><subparagraph eId="d4e1513"><num>a</num><content><p>the payer has given consent to execute the payment transaction directly to the payment service provider; and</p></content></subparagraph><subparagraph eId="d4e1519"><num>b</num><content><p>where applicable, information on the future payment transaction was provided or made available in an agreed manner to the payer for at least 4 weeks before the due date by the payment service provider or by the payee.</p></content></subparagraph></paragraph><paragraph eId="article-76-4"><num>4</num><content><p>For direct debits in currencies other than euro, Member States may require their payment service providers to offer more favourable refund rights in accordance with their direct debit schemes provided that they are more advantageous to the payer.</p></content></paragraph></article><article eId="article-77" period="#period1"><num>Article 77</num><heading>Requests for refunds for payment transactions initiated by or through a payee</heading><paragraph eId="article-77-1"><num>1</num><content><p>Member States shall ensure that the payer can request the refund referred to in Article 76 of an authorised payment transaction initiated by or through a payee for a period of 8 weeks from the date on which the funds were debited.</p></content></paragraph><paragraph eId="article-77-2"><num>2</num><content><p>Within 10 business days of receiving a request for a refund, the payment service provider shall either refund the full amount of the payment transaction or provide a justification for refusing the refund and indicate the bodies to which the payer may refer the matter in accordance with Articles 99 to 102 if the payer does not accept the reasons provided.</p><p>The payment service provider’s right under the first subparagraph of this paragraph to refuse the refund shall not apply in the case set out in the fourth subparagraph of Article 76(1).</p></content></paragraph></article></chapter><chapter eId="title-IV-chapter-3" period="#period2"><num><em>CHAPTER 3</em></num><heading><strong><em>Execution of payment transactions</em></strong></heading><section eId="title-IV-chapter-3-section-1" period="#period1"><num><inline name="expanded">Section 1</inline></num><heading><strong><inline name="expanded">Payment orders and amounts transferred</inline></strong></heading><article eId="article-78" period="#period1"><num>Article 78</num><heading>Receipt of payment orders</heading><paragraph eId="article-78-1"><num>1</num><content><p>Member States shall ensure that the time of receipt is when the payment order is received by the payer’s payment service provider.</p><p>The payer’s account shall not be debited before receipt of the payment order. If the time of receipt is not on a business day for the payer’s payment service provider, the payment order shall be deemed to have been received on the following business day. The payment service provider may establish a cut-off time near the end of a business day beyond which any payment order received shall be deemed to have been received on the following business day.</p></content></paragraph><paragraph eId="article-78-2"><num>2</num><content><p>If the payment service user initiating a payment order and the payment service provider agree that execution of the payment order shall start on a specific day or at the end of a certain period or on the day on which the payer has put funds at the payment service provider’s disposal, the time of receipt for the purposes of Article 83 is deemed to be the agreed day. If the agreed day is not a business day for the payment service provider, the payment order received shall be deemed to have been received on the following business day.</p></content></paragraph></article><article eId="article-79" period="#period1"><num>Article 79</num><heading>Refusal of payment orders</heading><paragraph eId="article-79-1"><num>1</num><content><p>Where the payment service provider refuses to execute a payment order or to initiate a payment transaction, the refusal and, if possible, the reasons for it and the procedure for correcting any factual mistakes that led to the refusal shall be notified to the payment service user, unless prohibited by other relevant Union or national law.</p><p>The payment service provider shall provide or make available the notification in an agreed manner at the earliest opportunity, and in any case, within the periods specified in Article 83.</p><p>The framework contract may include a condition that the payment service provider may charge a reasonable fee for such a refusal if the refusal is objectively justified.</p></content></paragraph><paragraph eId="article-79-2"><num>2</num><content><p>Where all of the conditions set out in the payer’s framework contract are met, the payer’s account servicing payment service provider shall not refuse to execute an authorised payment order irrespective of whether the payment order is initiated by a payer, including through a payment initiation service provider, or by or through a payee, unless prohibited by other relevant Union or national law.</p></content></paragraph><paragraph eId="article-79-3"><num>3</num><content><p>For the purposes of Articles 83 and 89 a payment order for which execution has been refused shall be deemed not to have been received.</p></content></paragraph></article><article eId="article-80" period="#period1"><num>Article 80</num><heading>Irrevocability of a payment order</heading><paragraph eId="article-80-1"><num>1</num><content><p>Member States shall ensure that the payment service user shall not revoke a payment order once it has been received by the payer’s payment service provider, unless otherwise specified in this Article.</p></content></paragraph><paragraph eId="article-80-2"><num>2</num><content><p>Where the payment transaction is initiated by a payment initiation service provider or by or through the payee, the payer shall not revoke the payment order after giving consent to the payment initiation service provider to initiate the payment transaction or after giving consent to execute the payment transaction to the payee.</p></content></paragraph><paragraph eId="article-80-3"><num>3</num><content><p>However, in the case of a direct debit and without prejudice to refund rights the payer may revoke the payment order at the latest by the end of the business day preceding the day agreed for debiting the funds.</p></content></paragraph><paragraph eId="article-80-4"><num>4</num><content><p>In the case referred to in Article 78(2) the payment service user may revoke a payment order at the latest by the end of the business day preceding the agreed day.</p></content></paragraph><paragraph eId="article-80-5"><num>5</num><content><p>After the time limits laid down in paragraphs 1 to 4, the payment order may be revoked only if agreed between the payment service user and the relevant payment service providers. In the case referred to in paragraphs 2 and 3, the payee’s agreement shall also be required. If agreed in the framework contract, the relevant payment service provider may charge for revocation.</p></content></paragraph></article><article eId="article-81" period="#period1"><num>Article 81</num><heading>Amounts transferred and amounts received</heading><paragraph eId="article-81-1"><num>1</num><content><p>Member States shall require the payment service provider(s) of the payer, the payment service provider(s) of the payee and any intermediaries of the payment service providers to transfer the full amount of the payment transaction and refrain from deducting charges from the amount transferred.</p></content></paragraph><paragraph eId="article-81-2"><num>2</num><content><p>However, the payee and the payment service provider may agree that the relevant payment service provider deduct its charges from the amount transferred before crediting it to the payee. In such a case, the full amount of the payment transaction and charges shall be separated in the information given to the payee.</p></content></paragraph><paragraph eId="article-81-3"><num>3</num><content><p>If any charges other than those referred to in paragraph 2 are deducted from the amount transferred, the payment service provider of the payer shall ensure that the payee receives the full amount of the payment transaction initiated by the payer. Where the payment transaction is initiated by or through the payee, the payment service provider of the payee shall ensure that the full amount of the payment transaction is received by the payee.</p></content></paragraph></article></section><section eId="title-IV-chapter-3-section-2" period="#period1"><num><inline name="expanded">Section 2</inline></num><heading><strong><inline name="expanded">Execution time and value date</inline></strong></heading><article eId="article-82" period="#period1"><num>Article 82</num><heading>Scope</heading><paragraph eId="article-82-1"><num>1</num><intro><p>This Section applies to:</p></intro><subparagraph eId="d4e1705"><num>a</num><content><p>payment transactions in euro;</p></content></subparagraph><subparagraph eId="d4e1711"><num>b</num><content><p>national payment transactions in the currency of the Member State outside the euro area;</p></content></subparagraph><subparagraph eId="d4e1717"><num>c</num><content><p>payment transactions involving only one currency conversion between the euro and the currency of a Member State outside the euro area, provided that the required currency conversion is carried out in the Member State outside the euro area concerned and, in the case of cross-border payment transactions, the cross-border transfer takes place in euro.</p></content></subparagraph></paragraph><paragraph eId="article-82-2"><num>2</num><content><p>This Section applies to payment transactions not referred to in the paragraph 1, unless otherwise agreed between the payment service user and the payment service provider, with the exception of Article 87, which is not at the disposal of the parties. However, if the payment service user and the payment service provider agree on a longer period than that set in Article 83, for intra-Union payment transactions, that longer period shall not exceed 4 business days following the time of receipt as referred to in Article 78.</p></content></paragraph></article><article eId="article-83" period="#period1"><num>Article 83</num><heading>Payment transactions to a payment account</heading><paragraph eId="article-83-1"><num>1</num><content><p>Member States shall require the payer’s payment service provider to ensure that after the time of receipt as referred to in Article 78, the amount of the payment transaction will be credited to the payee’s payment service provider’s account by the end of the following business day. That time limit may be extended by a further business day for paper-initiated payment transactions.</p></content></paragraph><paragraph eId="article-83-2"><num>2</num><content><p>Member States shall require the payment service provider of the payee to value date and make available the amount of the payment transaction to the payee’s payment account after the payment service provider has received the funds in accordance with Article 87.</p></content></paragraph><paragraph eId="article-83-3"><num>3</num><content><p>Member States shall require the payee’s payment service provider to transmit a payment order initiated by or through the payee to the payer’s payment service provider within the time limits agreed between the payee and the payment service provider, enabling settlement, as far as direct debit is concerned, on the agreed due date.</p></content></paragraph></article><article eId="article-84" period="#period1"><num>Article 84</num><heading>Absence of payee’s payment account with the payment service provider</heading><content><p>Where the payee does not have a payment account with the payment service provider, the funds shall be made available to the payee by the payment service provider who receives the funds for the payee within the time limit laid down in Article 83.</p></content></article><article eId="article-85" period="#period1"><num>Article 85</num><heading>Cash placed on a payment account</heading><content><p>Where a consumer places cash on a payment account with that payment service provider in the currency of that payment account, the payment service provider shall ensure that the amount is made available and value dated immediately after receipt of the funds. Where the payment service user is not a consumer, the amount shall be made available and value dated at the latest on the following business day after receipt of the funds.</p></content></article><article eId="article-86" period="#period1"><num>Article 86</num><heading>National payment transactions</heading><content><p>For national payment transactions, Member States may provide for shorter maximum execution times than those provided for in this Section.</p></content></article><article eId="article-87" period="#period1"><num>Article 87</num><heading>Value date and availability of funds</heading><paragraph eId="article-87-1"><num>1</num><content><p>Member States shall ensure that the credit value date for the payee’s payment account is no later than the business day on which the amount of the payment transaction is credited to the payee’s payment service provider’s account.</p></content></paragraph><paragraph eId="article-87-2"><num>2</num><intro><p>The payment service provider of the payee shall ensure that the amount of the payment transaction is at the payee’s disposal immediately after that amount is credited to the payee’s payment service provider’s account where, on the part of the payee’s payment service provider, there is:</p></intro><subparagraph eId="d4e1800"><num>a</num><content><p>no currency conversion; or</p></content></subparagraph><subparagraph eId="d4e1806"><num>b</num><content><p>a currency conversion between the euro and a Member State currency or between two Member State currencies.</p></content></subparagraph><wrapUp><p>The obligation laid down in this paragraph shall also apply to payments within one payment service provider.</p></wrapUp></paragraph><paragraph eId="article-87-3"><num>3</num><content><p>Member States shall ensure that the debit value date for the payer’s payment account is no earlier than the time at which the amount of the payment transaction is debited to that payment account.</p></content></paragraph></article></section><section eId="title-IV-chapter-3-section-3" period="#period2"><num><inline name="expanded">Section 3</inline></num><heading><strong><inline name="expanded">Liability</inline></strong></heading><article eId="article-88" period="#period1"><num>Article 88</num><heading>Incorrect unique identifiers</heading><paragraph eId="article-88-1"><num>1</num><content><p>If a payment order is executed in accordance with the unique identifier, the payment order shall be deemed to have been executed correctly with regard to the payee specified by the unique identifier.</p></content></paragraph><paragraph eId="article-88-2"><num>2</num><content><p>If the unique identifier provided by the payment service user is incorrect, the payment service provider shall not be liable under Article 89 for non-execution or defective execution of the payment transaction.</p></content></paragraph><paragraph eId="article-88-3"><num>3</num><content><p>However, the payer’s payment service provider shall make reasonable efforts to recover the funds involved in the payment transaction. The payee’s payment service provider shall cooperate in those efforts also by communicating to the payer’s payment service provider all relevant information for the collection of funds.</p><p>In the event that the collection of funds under the first subparagraph is not possible, the payer’s payment service provider shall provide to the payer, upon written request, all information available to the payer’s payment service provider and relevant to the payer in order for the payer to file a legal claim to recover the funds.</p></content></paragraph><paragraph eId="article-88-4"><num>4</num><content><p>If agreed in the framework contract, the payment service provider may charge the payment service user for recovery.</p></content></paragraph><paragraph eId="article-88-5"><num>5</num><content><p>If the payment service user provides information in addition to that specified in point (a) of Article 45(1) or point (2)(b) of Article 52, the payment service provider shall be liable only for the execution of payment transactions in accordance with the unique identifier provided by the payment service user.</p></content></paragraph></article><article eId="article-89" period="#period2"><num>Article 89</num><heading>Payment service providers’ liability for non-execution, defective or late execution of payment transactions</heading><paragraph eId="article-89-1"><num>1</num><content><p>Where a payment order is initiated directly by the payer, the payer’s payment service provider shall, without prejudice to Article 71, Article 88(2) and (3), and Article 93, be liable to the payer for correct execution of the payment transaction, unless it can prove to the payer and, where relevant, to the payee’s payment service provider that the payee’s payment service provider received the amount of the payment transaction in accordance with Article 83(1). In that case, the payee’s payment service provider shall be liable to the payee for the correct execution of the payment transaction.</p><p>Where the payer’s payment service provider is liable under the first subparagraph, it shall, without undue delay, refund to the payer the amount of the non-executed or defective payment transaction, and, where applicable, restore the debited payment account to the state in which it would have been had the defective payment transaction not taken place.</p><p>The credit value date for the payer’s payment account shall be no later than the date on which the amount was debited.</p><p>Where the payee’s payment service provider is liable under the first subparagraph, it shall immediately place the amount of the payment transaction at the payee’s disposal and, where applicable, credit the corresponding amount to the payee’s payment account.</p><p>The credit value date for the payee’s payment account shall be no later than the date on which the amount would have been value dated, had the transaction been correctly executed in accordance with Article 87.</p><p>Where a payment transaction is executed late, the payee’s payment service provider shall ensure, upon the request of the payer’s payment service provider acting on behalf of the payer, that the credit value date for the payee’s payment account is no later than the date the amount would have been value dated had the transaction been correctly executed.</p><p>In the case of a non-executed or defectively executed payment transaction where the payment order is initiated by the payer, the payer’s payment service provider shall, regardless of liability under this paragraph, on request, make immediate efforts to trace the payment transaction and notify the payer of the outcome. This shall be free of charge for the payer.</p></content></paragraph><paragraph eId="article-89-2"><num>2</num><content><p>Where a payment order is initiated by or through the payee, the payee’s payment service provider shall, without prejudice to Article 71, Article 88(2) and (3), and Article 93, be liable to the payee for correct transmission of the payment order to the payment service provider of the payer in accordance with Article 83(3). Where the payee’s payment service provider is liable under this subparagraph, it shall immediately re-transmit the payment order in question to the payment service provider of the payer.</p><p>In the case of a late transmission of the payment order, the amount shall be value dated on the payee’s payment account no later than the date the amount would have been value dated had the transaction been correctly executed.</p><p>In addition, the payment service provider of the payee shall, without prejudice to Article 71, Article 88(2) and (3), and Article 93, be liable to the payee for handling the payment transaction in accordance with its obligations under Article 87. Where the payee’s payment service provider is liable under this subparagraph, it shall ensure that the amount of the payment transaction is at the payee’s disposal immediately after that amount is credited to the payee’s payment service provider’s account. The amount shall be value dated on the payee’s payment account no later than the date the amount would have been value dated had the transaction been correctly executed.</p><p><ins class="substitution O000005M006 first last"><noteRef href="#c000001" marker="X1" class="commentary attribute X"/>In the case of a non-executed or defectively executed payment transaction for which the payee's payment service provider is not liable under the first and third subparagraphs, the payer's payment service provider shall be liable to the payer.</ins> Where the payer’s payment service provider is so liable he shall, as appropriate and without undue delay, refund to the payer the amount of the non-executed or defective payment transaction and restore the debited payment account to the state in which it would have been had the defective payment transaction not taken place. The credit value date for the payer’s payment account shall be no later than the date the amount was debited.</p><p>The obligation under the fourth subparagraph shall not apply to the payer’s payment service provider where the payer’s payment service provider proves that the payee’s payment service provider has received the amount of the payment transaction, even if execution of payment transaction is merely delayed. If so, the payee’s payment service provider shall value date the amount on the payee’s payment account no later than the date the amount would have been value dated had it been executed correctly.</p><p>In the case of a non-executed or defectively executed payment transaction where the payment order is initiated by or through the payee, the payee’s payment service provider shall, regardless of liability under this paragraph, on request, make immediate efforts to trace the payment transaction and notify the payee of the outcome. This shall be free of charge for the payee.</p></content></paragraph><paragraph eId="article-89-3"><num>3</num><content><p>In addition, payment service providers shall be liable to their respective payment service users for any charges for which they are responsible, and for any interest to which the payment service user is subject as a consequence of non-execution or defective, including late, execution of the payment transaction.</p></content></paragraph></article><article eId="article-90" period="#period1"><num>Article 90</num><heading>Liability in the case of payment initiation services for non-execution, defective or late execution of payment transactions</heading><paragraph eId="article-90-1"><num>1</num><content><p>Where a payment order is initiated by the payer through a payment initiation service provider, the account servicing payment service provider shall, without prejudice to Article 71 and Article 88(2) and (3), refund to the payer the amount of the non- executed or defective payment transaction and, where applicable, restore the debited payment account to the state in which it would have been had the defective payment transaction not taken place.</p><p>The burden shall be on the payment initiation service provider to prove that the payment order was received by the payer’s account servicing payment service provider in accordance with Article 78 and that within its sphere of competence the payment transaction was authenticated, accurately recorded and not affected by a technical breakdown or other deficiency linked to the non-execution, defective or late execution of the transaction.</p></content></paragraph><paragraph eId="article-90-2"><num>2</num><content><p>If the payment initiation service provider is liable for the non-execution, defective or late execution of the payment transaction, it shall immediately compensate the account servicing payment service provider at its request for the losses incurred or sums paid as a result of the refund to the payer.</p></content></paragraph></article><article eId="article-91" period="#period1"><num>Article 91</num><heading>Additional financial compensation</heading><content><p>Any financial compensation additional to that provided for under this Section may be determined in accordance with the law applicable to the contract concluded between the payment service user and the payment service provider.</p></content></article><article eId="article-92" period="#period2"><num>Article 92</num><heading>Right of recourse</heading><paragraph eId="article-92-1"><num><ins class="substitution O000005M007 first"><noteRef href="#c000001" marker="X1" class="commentary attribute X"/>1</ins></num><content><p><ins class="substitution O000005M007 last">Where the liability of a payment service provider under Articles 73, 89 and 90 is attributable to another payment service provider or to an intermediary, that payment service provider or intermediary shall compensate the first payment service provider for any losses incurred or sums paid under Articles 73, 89 and 90. That shall include compensation where any of the payment service providers fail to use strong customer authentication.</ins></p></content></paragraph><paragraph eId="article-92-2"><num>2</num><content><p>Further financial compensation may be determined in accordance with agreements between payment service providers and/or intermediaries and the law applicable to the agreement concluded between them.</p></content></paragraph></article><article eId="article-93" period="#period1"><num>Article 93</num><heading>Abnormal and unforeseeable circumstances</heading><content><p>No liability shall arise under Chapter 2 or 3 in cases of abnormal and unforeseeable circumstances beyond the control of the party pleading for the application of those circumstances, the consequences of which would have been unavoidable despite all efforts to the contrary, or where a payment service provider is bound by other legal obligations covered by Union or national law.</p></content></article></section></chapter><chapter eId="title-IV-chapter-4" period="#period1"><num><em>CHAPTER 4</em></num><heading><strong><em>Data protection</em></strong></heading><article eId="article-94" period="#period1"><num>Article 94</num><heading>Data protection</heading><paragraph eId="article-94-1"><num>1</num><content><p>Member States shall permit processing of personal data by payment systems and payment service providers when necessary to safeguard the prevention, investigation and detection of payment fraud. The provision of information to individuals about the processing of personal data and the processing of such personal data and any other processing of personal data for the purposes of this Directive shall be carried out in accordance with Directive 95/46/EC, the national rules which transpose Directive 95/46/EC and with Regulation (EC) No 45/2001.</p></content></paragraph><paragraph eId="article-94-2"><num>2</num><content><p>Payment service providers shall only access, process and retain personal data necessary for the provision of their payment services, with the explicit consent of the payment service user.</p></content></paragraph></article></chapter><chapter eId="title-IV-chapter-5" period="#period1"><num><em>CHAPTER 5</em></num><heading><strong><em>Operational and security risks and authentication</em></strong></heading><article eId="article-95" period="#period1"><num>Article 95</num><heading>Management of operational and security risks</heading><paragraph eId="article-95-1"><num>1</num><content><p>Member States shall ensure that payment service providers establish a framework with appropriate mitigation measures and control mechanisms to manage the operational and security risks, relating to the payment services they provide. As part of that framework, payment service providers shall establish and maintain effective incident management procedures, including for the detection and classification of major operational and security incidents.</p></content></paragraph><paragraph eId="article-95-2"><num>2</num><content><p>Member States shall ensure that payment service providers provide to the competent authority on an annual basis, or at shorter intervals as determined by the competent authority, an updated and comprehensive assessment of the operational and security risks relating to the payment services they provide and on the adequacy of the mitigation measures and control mechanisms implemented in response to those risks.</p></content></paragraph><paragraph eId="article-95-3"><num>3</num><content><p>By 13 July 2017, EBA shall, in close cooperation with the ECB and after consulting all relevant stakeholders, including those in the payment services market, reflecting all interests involved, issue guidelines in accordance with Article 16 of Regulation (EU) No 1093/2010 with regard to the establishment, implementation and monitoring of the security measures, including certification processes where relevant.</p><p>EBA shall, in close cooperation with the ECB, review the guidelines referred to in the first subparagraph on a regular basis and in any event at least every 2 years.</p></content></paragraph><paragraph eId="article-95-4"><num>4</num><content><p>Taking into account experience acquired in the application of the guidelines referred to in paragraph 3, EBA shall, where requested to do so by the Commission as appropriate, develop draft regulatory technical standards on the criteria and on the conditions for establishment, and monitoring, of security measures.</p><p>Power is delegated to the Commission to adopt the regulatory technical standards referred to in the first subparagraph in accordance with Articles 10 to 14 of Regulation (EU) No 1093/2010.</p></content></paragraph><paragraph eId="article-95-5"><num>5</num><content><p>EBA shall promote cooperation, including the sharing of information, in the area of operational and security risks associated with payment services among the competent authorities, and between the competent authorities and the ECB and, where relevant, the European Union Agency for Network and Information Security.</p></content></paragraph></article><article eId="article-96" period="#period1"><num>Article 96</num><heading>Incident reporting</heading><paragraph eId="article-96-1"><num>1</num><content><p>In the case of a major operational or security incident, payment service providers shall, without undue delay, notify the competent authority in the home Member State of the payment service provider.</p><p>Where the incident has or may have an impact on the financial interests of its payment service users, the payment service provider shall, without undue delay, inform its payment service users of the incident and of all measures that they can take to mitigate the adverse effects of the incident.</p></content></paragraph><paragraph eId="article-96-2"><num>2</num><content><p>Upon receipt of the notification referred to in paragraph 1, the competent authority of the home Member State shall, without undue delay, provide the relevant details of the incident to EBA and to the ECB. That competent authority shall, after assessing the relevance of the incident to relevant authorities of that Member State, notify them accordingly.</p><p>EBA and the ECB shall, in cooperation with the competent authority of the home Member State, assess the relevance of the incident to other relevant Union and national authorities and shall notify them accordingly. The ECB shall notify the members of the European System of Central Banks on issues relevant to the payment system.</p><p>On the basis of that notification, the competent authorities shall, where appropriate, take all of the necessary measures to protect the immediate safety of the financial system.</p></content></paragraph><paragraph eId="article-96-3"><num>3</num><intro><p>By 13 January 2018, EBA shall, in close cooperation with the ECB and after consulting all relevant stakeholders, including those in the payment services market, reflecting all interests involved, issue guidelines in accordance with Article 16 of Regulation (EU) No 1093/2010 addressed to each of the following:</p></intro><subparagraph eId="d4e2102"><num>a</num><content><p>payment service providers, on the classification of major incidents referred to in paragraph 1, and on the content, the format, including standard notification templates, and the procedures for notifying such incidents;</p></content></subparagraph><subparagraph eId="d4e2108"><num>b</num><content><p>competent authorities, on the criteria on how to assess the relevance of the incident and the details of the incident reports to be shared with other domestic authorities.</p></content></subparagraph></paragraph><paragraph eId="article-96-4"><num>4</num><content><p>EBA shall, in close cooperation with the ECB, review the guidelines referred to in paragraph 3 on a regular basis and in any event at least every 2 years.</p></content></paragraph><paragraph eId="article-96-5"><num>5</num><content><p>While issuing and reviewing the guidelines referred to in paragraph 3, EBA shall take into account standards and/or specifications developed and published by the European Union Agency for Network and Information Security for sectors pursuing activities other than payment service provision.</p></content></paragraph><paragraph eId="article-96-6"><num>6</num><content><p>Member States shall ensure that payment service providers provide, at least on an annual basis, statistical data on fraud relating to different means of payment to their competent authorities. Those competent authorities shall provide EBA and the ECB with such data in an aggregated form.</p></content></paragraph></article><article eId="article-97" period="#period1"><num>Article 97</num><heading>Authentication</heading><paragraph eId="article-97-1"><num>1</num><intro><p>Member States shall ensure that a payment service provider applies strong customer authentication where the payer:</p></intro><subparagraph eId="d4e2145"><num>a</num><content><p>accesses its payment account online;</p></content></subparagraph><subparagraph eId="d4e2151"><num>b</num><content><p>initiates an electronic payment transaction;</p></content></subparagraph><subparagraph eId="d4e2157"><num>c</num><content><p>carries out any action through a remote channel which may imply a risk of payment fraud or other abuses.</p></content></subparagraph></paragraph><paragraph eId="article-97-2"><num>2</num><content><p>With regard to the initiation of electronic payment transactions as referred to in point (b) of paragraph 1, Member States shall ensure that, for electronic remote payment transactions, payment service providers apply strong customer authentication that includes elements which dynamically link the transaction to a specific amount and a specific payee.</p></content></paragraph><paragraph eId="article-97-3"><num>3</num><content><p>With regard to paragraph 1, Member States shall ensure that payment service providers have in place adequate security measures to protect the confidentiality and integrity of payment service users’ personalised security credentials.</p></content></paragraph><paragraph eId="article-97-4"><num>4</num><content><p>Paragraphs 2 and 3 shall also apply where payments are initiated through a payment initiation service provider. Paragraphs 1 and 3 shall also apply when the information is requested through an account information service provider.</p></content></paragraph><paragraph eId="article-97-5"><num>5</num><content><p>Member States shall ensure that the account servicing payment service provider allows the payment initiation service provider and the account information service provider to rely on the authentication procedures provided by the account servicing payment service provider to the payment service user in accordance with paragraphs 1 and 3 and, where the payment initiation service provider is involved, in accordance with paragraphs 1, 2 and 3.</p></content></paragraph></article><article eId="article-98" period="#period1"><num>Article 98</num><heading>Regulatory technical standards on authentication and communication</heading><paragraph eId="article-98-1"><num>1</num><intro><p>EBA shall, in close cooperation with the ECB and after consulting all relevant stakeholders, including those in the payment services market, reflecting all interests involved, develop draft regulatory technical standards addressed to payment service providers as set out in Article 1(1) of this Directive in accordance with Article 10 of Regulation (EU) No 1093/2010 specifying:</p></intro><subparagraph eId="d4e2200"><num>a</num><content><p>the requirements of the strong customer authentication referred to in Article 97(1) and (2);</p></content></subparagraph><subparagraph eId="d4e2206"><num>b</num><content><p>the exemptions from the application of Article 97(1), (2) and (3), based on the criteria established in paragraph 3 of this Article;</p></content></subparagraph><subparagraph eId="d4e2212"><num>c</num><content><p>the requirements with which security measures have to comply, in accordance with Article 97(3) in order to protect the confidentiality and the integrity of the payment service users’ personalised security credentials; and</p></content></subparagraph><subparagraph eId="d4e2218"><num>d</num><content><p>the requirements for common and secure open standards of communication for the purpose of identification, authentication, notification, and information, as well as for the implementation of security measures, between account servicing payment service providers, payment initiation service providers, account information service providers, payers, payees and other payment service providers.</p></content></subparagraph></paragraph><paragraph eId="article-98-2"><num>2</num><intro><p>The draft regulatory technical standards referred to in paragraph 1 shall be developed by EBA in order to:</p></intro><subparagraph eId="d4e2230"><num>a</num><content><p>ensure an appropriate level of security for payment service users and payment service providers, through the adoption of effective and risk-based requirements;</p></content></subparagraph><subparagraph eId="d4e2236"><num>b</num><content><p>ensure the safety of payment service users’ funds and personal data;</p></content></subparagraph><subparagraph eId="d4e2242"><num>c</num><content><p>secure and maintain fair competition among all payment service providers;</p></content></subparagraph><subparagraph eId="d4e2248"><num>d</num><content><p>ensure technology and business-model neutrality;</p></content></subparagraph><subparagraph eId="d4e2254"><num>e</num><content><p>allow for the development of user-friendly, accessible and innovative means of payment.</p></content></subparagraph></paragraph><paragraph eId="article-98-3"><num>3</num><intro><p>The exemptions referred to in point (b) of paragraph 1 shall be based on the following criteria:</p></intro><subparagraph eId="d4e2266"><num>a</num><content><p>the level of risk involved in the service provided;</p></content></subparagraph><subparagraph eId="d4e2272"><num>b</num><content><p>the amount, the recurrence of the transaction, or both;</p></content></subparagraph><subparagraph eId="d4e2278"><num>c</num><content><p>the payment channel used for the execution of the transaction.</p></content></subparagraph></paragraph><paragraph eId="article-98-4"><num>4</num><content><p>EBA shall submit the draft regulatory technical standards referred to in paragraph 1 to the Commission by 13 January 2017.</p><p>Power is delegated to the Commission to adopt those regulatory technical standards in accordance with Articles 10 to 14 of Regulation (EU) No 1093/2010.</p></content></paragraph><paragraph eId="article-98-5"><num>5</num><content><p>In accordance with Article 10 of Regulation (EU) No 1093/2010, EBA shall review and, if appropriate, update the regulatory technical standards on a regular basis in order, inter alia, to take account of innovation and technological developments.</p></content></paragraph></article></chapter><chapter eId="title-IV-chapter-6" period="#period2"><num><em>CHAPTER 6</em></num><heading><strong><em>ADR procedures for the settlement of disputes</em></strong></heading><section eId="title-IV-chapter-6-section-1" period="#period2"><num><inline name="expanded">Section 1</inline></num><heading><strong><inline name="expanded">Complaint procedures</inline></strong></heading><article eId="article-99" period="#period2"><num>Article 99</num><heading>Complaints</heading><paragraph eId="article-99-1"><num><ins class="substitution O000005M008 first"><noteRef href="#c000001" marker="X1" class="commentary attribute X"/>1</ins></num><content><p><ins class="substitution O000005M008 last">Member States shall ensure that procedures are set up which allow payment service users and other interested parties including consumer associations, to submit complaints to the competent authorities with regard to payment service providers' alleged infringements of the provisions of national law implementing the provisions of this Directive.</ins></p></content></paragraph><paragraph eId="article-99-2"><num>2</num><content><p>Where appropriate and without prejudice to the right to bring proceedings before a court in accordance with national procedural law, the reply from the competent authorities shall inform the complainant of the existence of the ADR procedures set up in accordance with Article 102.</p></content></paragraph></article><article eId="article-100" period="#period1"><num>Article 100</num><heading>Competent authorities</heading><paragraph eId="article-100-1"><num>1</num><intro><p>Member States shall designate competent authorities to ensure and monitor effective compliance with this Directive. Those competent authorities shall take all appropriate measures to ensure such compliance.</p><p>They shall be either:</p></intro><subparagraph eId="d4e2352"><num>a</num><content><p>competent authorities within the meaning of Article 4(2) of Regulation (EU) No 1093/2010; or</p></content></subparagraph><subparagraph eId="d4e2358"><num>b</num><content><p>bodies recognised by national law or by public authorities expressly empowered for that purpose by national law.</p></content></subparagraph><wrapUp><p>They shall not be payment service providers, with the exception of national central banks.</p></wrapUp></paragraph><paragraph eId="article-100-2"><num>2</num><content><p>The authorities referred to in paragraph 1 shall possess all powers and adequate resources necessary for the performance of their duties. Where more than one competent authority is empowered to ensure and monitor effective compliance with this Directive, Member States shall ensure that those authorities collaborate closely so that they can discharge their respective duties effectively.</p></content></paragraph><paragraph eId="article-100-3"><num>3</num><intro><p>The competent authorities shall exercise their powers in accordance with national law either:</p></intro><subparagraph eId="d4e2379"><num>a</num><content><p>directly under their own authority or under the supervision of the judicial authorities; or</p></content></subparagraph><subparagraph eId="d4e2385"><num>b</num><content><p>by application to courts which are competent to grant the necessary decision, including, where appropriate, by appeal, if the application to grant the necessary decision is not successful.</p></content></subparagraph></paragraph><paragraph eId="article-100-4"><num>4</num><content><p>In the event of infringement or suspected infringement of the provisions of national law transposing Titles III and IV, the competent authorities referred to in paragraph 1 of this Article shall be those of the home Member State of the payment service provider, except for agents and branches conducted under the right of establishment where the competent authorities shall be those of the host Member State.</p></content></paragraph><paragraph eId="article-100-5"><num>5</num><content><p>Member States shall notify the Commission of the designated competent authorities referred to in paragraph 1 as soon as possible and in any event by 13 January 2018. They shall inform the Commission of any division of duties of those authorities. They shall immediately notify the Commission of any subsequent change concerning the designation and respective competences of those authorities.</p></content></paragraph><paragraph eId="article-100-6"><num>6</num><content><p>EBA shall, after consulting the ECB, issue guidelines, addressed to the competent authorities, in accordance with Article 16 of Regulation (EU) No 1093/2010 on the complaints procedures to be taken into consideration to ensure compliance with paragraph 1 of this Article. Those guidelines shall be issued by 13 January 2018 and shall be updated on a regular basis, as appropriate.</p></content></paragraph></article></section><section eId="title-IV-chapter-6-section-2" period="#period2"><num><inline name="expanded">Section 2</inline></num><heading><strong><inline name="expanded">ADR procedures and penalties</inline></strong></heading><article eId="article-101" period="#period1"><num>Article 101</num><heading>Dispute resolution</heading><paragraph eId="article-101-1"><num>1</num><content><p>Member States shall ensure that payment service providers put in place and apply adequate and effective complaint resolution procedures for the settlement of complaints of payment service users concerning the rights and obligations arising under Titles III and IV of this Directive and shall monitor their performance in that regard.</p><p>Those procedures shall be applied in every Member State where the payment service provider offers the payment services and shall be available in an official language of the relevant Member State or in another language if agreed between the payment service provider and the payment service user.</p></content></paragraph><paragraph eId="article-101-2"><num>2</num><content><p>Member States shall require that payment service providers make every possible effort to reply, on paper or, if agreed between payment service provider and payment service user, on another durable medium, to the payment service users’ complaints. Such a reply shall address all points raised, within an adequate timeframe and at the latest within 15 business days of receipt of the complaint. In exceptional situations, if the answer cannot be given within 15 business days for reasons beyond the control of the payment service provider, it shall be required to send a holding reply, clearly indicating the reasons for a delay in answering to the complaint and specifying the deadline by which the payment service user will receive the final reply. In any event, the deadline for receiving the final reply shall not exceed 35 business days.</p><p>Member States may introduce or maintain rules on dispute resolution procedures that are more advantageous to the payment service user than that referred to in the first subparagraph. Where they do so, those rules shall apply.</p></content></paragraph><paragraph eId="article-101-3"><num>3</num><content><p>The payment service provider shall inform the payment service user about at least one ADR entity which is competent to deal with disputes concerning the rights and obligations arising under Titles III and IV.</p></content></paragraph><paragraph eId="article-101-4"><num>4</num><content><p>The information referred to in paragraph 3 shall be mentioned in a clear, comprehensive and easily accessible way on the website of the payment service provider, where one exists, at the branch, and in the general terms and conditions of the contract between the payment service provider and the payment service user. It shall specify how further information on the ADR entity concerned and on the conditions for using it can be accessed.</p></content></paragraph></article><article eId="article-102" period="#period2"><num>Article 102</num><heading>ADR procedures</heading><paragraph eId="article-102-1"><num>1</num><content><p>Member States shall ensure that adequate, independent, impartial, transparent and effective ADR procedures for the settlement of disputes between payment service users and payment service providers concerning the rights and obligations arising under Titles III and IV of this Directive are established according to the relevant national and Union law in accordance with Directive 2013/11/EU of the European Parliament and the Council<noteRef href="#f00035" class="footnote" marker="35"/>, using existing competent bodies where appropriate. <ins class="substitution O000005M009 first last"><noteRef href="#c000001" marker="X1" class="commentary attribute X"/>Member States shall ensure that ADR procedures are applicable to payment service providers.</ins></p></content></paragraph><paragraph eId="article-102-2"><num>2</num><content><p>Member States shall require the bodies referred to in paragraph 1 of this Article to cooperate effectively for the resolution of cross-border disputes concerning the rights and obligations arising under Titles III and IV.</p></content></paragraph></article><article eId="article-103" period="#period1"><num>Article 103</num><heading>Penalties</heading><paragraph eId="article-103-1"><num>1</num><content><p>Member States shall lay down rules on penalties applicable to infringements of the national law transposing this Directive and shall take all necessary measures to ensure that they are implemented. Such penalties shall be effective, proportionate and dissuasive.</p></content></paragraph><paragraph eId="article-103-2"><num>2</num><content><p>Member States shall allow their competent authorities to disclose to the public any administrative penalty that is imposed for infringement of the measures adopted in the transposition of this Directive, unless such disclosure would seriously jeopardise the financial markets or cause disproportionate damage to the parties involved.</p></content></paragraph></article></section></chapter>
This XML file does not appear to have any style information associated with it. The document tree is shown below.
<akomaNtoso xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://docs.oasis-open.org/legaldocml/ns/akn/3.0" xsi:schemaLocation="http://docs.oasis-open.org/legaldocml/ns/akn/3.0 http://docs.oasis-open.org/legaldocml/akn-core/v1.0/cos01/part2-specs/schemas/akomantoso30.xsd">
<portion includedIn="http://www.legislation.gov.uk/id/eudr/2015/2366">
<meta>
<identification source="#source">
<FRBRWork>
<FRBRthis value="http://www.legislation.gov.uk/id/eudr/2015/2366"/>
<FRBRuri value="http://www.legislation.gov.uk/id/eudr/2015/2366"/>
<FRBRdate date="2015-11-25" name="adopted"/>
<FRBRauthor href="http://publications.europa.eu/resource/authority/corporate-body/OP_DATPRO"/>
<FRBRcountry value="EU"/>
<FRBRnumber value="2366"/>
<FRBRname value="Directive (EU) 2015/2366"/>
<FRBRprescriptive value="true"/>
</FRBRWork>
<FRBRExpression>
<FRBRthis value="http://www.legislation.gov.uk/eudr/2015/2366/title/IV/2020-12-31"/>
<FRBRuri value="http://www.legislation.gov.uk/eudr/2015/2366/2020-12-31"/>
<FRBRdate date="2015-12-23" name="validFrom"/>
<FRBRauthor href="#source"/>
<FRBRlanguage language="eng"/>
</FRBRExpression>
<FRBRManifestation>
<FRBRthis value="http://www.legislation.gov.uk/eudr/2015/2366/title/IV/2020-12-31/data.akn"/>
<FRBRuri value="http://www.legislation.gov.uk/eudr/2015/2366/2020-12-31/data.akn"/>
<FRBRdate date="2024-11-20Z" name="transform"/>
<FRBRauthor href="http://www.legislation.gov.uk"/>
<FRBRformat value="application/akn+xml"/>
</FRBRManifestation>
</identification>
<lifecycle source="#source">
<eventRef date="2015-11-25" type="generation" eId="enacted-date" source="#source"/>
<eventRef date="2015-11-25" type="amendment" source="#source"/>
<eventRef date="2015-12-23" type="amendment" source="#source"/>
<eventRef date="2015-11-25" eId="effective-date-1" source="#source"/>
<eventRef date="2015-12-23" eId="effective-date-2" source="#source"/>
</lifecycle>
<analysis source="#source">
<passiveModifications>
<textualMod type="substitution" eId="mod-O000005M003">
<source href="#c000001"/>
<destination href="#article-61-1"/>
</textualMod>
<textualMod type="substitution" eId="mod-O000005M004">
<source href="#c000001"/>
<destination href="#article-62-1"/>
</textualMod>
<textualMod type="substitution" eId="mod-O000005M005">
<source href="#c000001"/>
<destination href="#article-76-1"/>
</textualMod>
<textualMod type="substitution" eId="mod-O000005M006">
<source href="#c000001"/>
<destination href="#article-89-2"/>
</textualMod>
<textualMod type="substitution" eId="mod-O000005M007">
<source href="#c000001"/>
<destination href="#article-92-1"/>
</textualMod>
<textualMod type="substitution" eId="mod-O000005M008">
<source href="#c000001"/>
<destination href="#article-99-1"/>
</textualMod>
<textualMod type="substitution" eId="mod-O000005M009">
<source href="#c000001"/>
<destination href="#article-102-1"/>
</textualMod>
</passiveModifications>
<restrictions source="#source">
<restriction refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#d4e752" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-61" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-62" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-63" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-64" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-65" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-66" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-67" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-68" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-69" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-70" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-71" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-72" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-73" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-74" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-75" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-76" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-77" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-78" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-79" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-80" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-81" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-82" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-83" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-84" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-85" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-86" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-87" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-88" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-89" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-90" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-91" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-92" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-93" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-94" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-95" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-96" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-97" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-98" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-99" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-100" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-101" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-102" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#article-103" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#title-IV" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#title-IV-chapter-1" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#title-IV-chapter-2" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#title-IV-chapter-3" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#title-IV-chapter-3-section-1" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#title-IV-chapter-3-section-2" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#title-IV-chapter-3-section-3" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#title-IV-chapter-4" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#title-IV-chapter-5" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#title-IV-chapter-6" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#title-IV-chapter-6-section-1" refersTo="#e+w+s+ni" type="jurisdiction"/>
<restriction href="#title-IV-chapter-6-section-2" refersTo="#e+w+s+ni" type="jurisdiction"/>
</restrictions>
</analysis>
<temporalData source="#source">
<temporalGroup eId="period1">
<timeInterval start="#effective-date-1" refersTo="#period-concept1"/>
</temporalGroup>
<temporalGroup eId="period2">
<timeInterval start="#effective-date-2" refersTo="#period-concept2"/>
</temporalGroup>
</temporalData>
<references source="#source">
<TLCOrganization eId="source" href="http://www.legislation.gov.uk/id/publisher/KingsOrQueensPrinterOfActsOfParliament" showAs="King's Printer of Acts of Parliament"/>
<TLCLocation eId="e+w+s+ni" href="/ontology/jurisdictions/uk.EnglandWalesScotlandNorthernIreland" showAs="England, Wales, Scotland, Northern Ireland"/>
<TLCConcept eId="period-concept1" href="/ontology/time/2015.11.25" showAs="since 2015-11-25"/>
<TLCConcept eId="period-concept2" href="/ontology/time/2015.12.23" showAs="since 2015-12-23"/>
</references>
<notes source="#source">
<note class="footnote" eId="f00035">
<p>
Directive 2013/11/EU of the European Parliament and of the Council of 21 May 2013 on alternative dispute resolution for consumer disputes and amending Regulation (EC) No 2006/2004 and Directive 2009/22/EC (Directive on consumer ADR) (
<ref href="https://webarchive.nationalarchives.gov.uk/eu-exit/https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2013.165.01.0063.01.ENG">OJ L 165, 18.6.2013, p. 63</ref>
).
</p>
</note>
<note class="commentary X" eId="c000001">
<p>
Substituted by
<ref href="http://www.legislation.gov.uk/eudr/2015/2366/pdfs/eudrcs_20152366_en_001.pdf">Corrigendum to Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010 and repealing Directive 2007/64/EC (Official Journal of the European Union L 337 of 23 December 2015)</ref>
.
</p>
</note>
</notes>
<proprietary xmlns:ukl="http://www.legislation.gov.uk/namespaces/legislation" xmlns:ukm="http://www.legislation.gov.uk/namespaces/metadata" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:dct="http://purl.org/dc/terms/" xmlns:atom="http://www.w3.org/2005/Atom" source="#source">
<ukl:RestrictStartDate value="2015-12-23"/>
<dc:identifier>http://www.legislation.gov.uk/eudr/2015/2366/title/IV/2020-12-31</dc:identifier>
<dc:title>Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (Text with EEA relevance)</dc:title>
<dct:alternative>Directive (EU) 2015/2366 of the European Parliament and of the Council</dct:alternative>
<dc:description>Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (Text with EEA relevance)</dc:description>
<dc:modified>2020-12-10</dc:modified>
<dc:publisher>King's Printer of Acts of Parliament</dc:publisher>
<dc:source>https://webarchive.nationalarchives.gov.uk/eu-exit/https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02015L2366-20151223</dc:source>
<dc:type>text</dc:type>
<dc:format>text/xml</dc:format>
<dc:language>en</dc:language>
<dct:valid>2015-12-23</dct:valid>
<atom:link rel="self" href="http://www.legislation.gov.uk/eudr/2015/2366/title/IV/2020-12-31/data.xml" type="application/xml"/>
<atom:link rel="http://www.legislation.gov.uk/def/navigation/resources" href="http://www.legislation.gov.uk/eudr/2015/2366/resources" title="More Resources"/>
<atom:link rel="http://www.legislation.gov.uk/def/navigation/act" href="http://www.legislation.gov.uk/eudr/2015/2366/2020-12-31" title="whole act"/>
<atom:link rel="http://www.legislation.gov.uk/def/navigation/introduction" href="http://www.legislation.gov.uk/eudr/2015/2366/introduction/2020-12-31" title="introduction"/>
<atom:link rel="http://www.legislation.gov.uk/def/navigation/body" href="http://www.legislation.gov.uk/eudr/2015/2366/body/2020-12-31" title="body"/>
<atom:link rel="http://www.legislation.gov.uk/def/navigation/annexes" href="http://www.legislation.gov.uk/eudr/2015/2366/annexes/2020-12-31" title="annexes"/>
<atom:link rel="http://www.legislation.gov.uk/def/date/euexitday" href="http://www.legislation.gov.uk/eudr/2015/2366/title/IV/2020-01-31" title="2020-01-31"/>
<atom:link rel="http://www.legislation.gov.uk/def/date/euexitTransitionEnd" href="http://www.legislation.gov.uk/eudr/2015/2366/title/IV/2020-12-31" title="2020-12-31"/>
<atom:link rel="alternate" type="application/rdf+xml" href="http://www.legislation.gov.uk/eudr/2015/2366/title/IV/2020-12-31/data.rdf" title="RDF/XML"/>
<atom:link rel="alternate" type="application/akn+xml" href="http://www.legislation.gov.uk/eudr/2015/2366/title/IV/2020-12-31/data.akn" title="AKN"/>
<atom:link rel="alternate" type="application/xhtml+xml" href="http://www.legislation.gov.uk/eudr/2015/2366/title/IV/2020-12-31/data.xht" title="HTML snippet"/>
<atom:link rel="alternate" type="text/html" href="http://www.legislation.gov.uk/eudr/2015/2366/title/IV/2020-12-31/data.htm" title="Website (XHTML) Default View"/>
<atom:link rel="alternate" type="text/csv" href="http://www.legislation.gov.uk/eudr/2015/2366/title/IV/2020-12-31/data.csv" title="CSV"/>
<atom:link rel="alternate" type="application/pdf" href="http://www.legislation.gov.uk/eudr/2015/2366/title/IV/2020-12-31/data.pdf" title="PDF"/>
<atom:link rel="alternate" type="application/akn+xhtml" href="http://www.legislation.gov.uk/eudr/2015/2366/title/IV/2020-12-31/data.html" title="HTML5 snippet"/>
<atom:link rel="http://purl.org/dc/terms/tableOfContents" hreflang="en" href="http://www.legislation.gov.uk/eudr/2015/2366/contents/2020-12-31" title="Table of Contents"/>
<atom:link rel="http://purl.org/dc/terms/replaces" href="http://www.legislation.gov.uk/eudr/2015/2366/title/IV/2015-11-25" title="2015-11-25"/>
<atom:link rel="http://purl.org/dc/terms/hasVersion" href="http://www.legislation.gov.uk/eudr/2015/2366/title/IV/adopted" title="adopted"/>
<atom:link rel="http://purl.org/dc/terms/hasVersion" href="http://www.legislation.gov.uk/eudr/2015/2366/title/IV/2015-11-25" title="2015-11-25"/>
<atom:link rel="http://purl.org/dc/terms/hasVersion" href="http://www.legislation.gov.uk/eudr/2015/2366/title/IV/2015-12-23" title="2015-12-23"/>
<atom:link rel="http://purl.org/dc/terms/hasVersion" href="http://www.legislation.gov.uk/eudr/2015/2366/title/IV" title="current"/>
<atom:link rel="up" href="http://www.legislation.gov.uk/eudr/2015/2366/2020-12-31" title="Entire legislation"/>
<atom:link rel="prev" href="http://www.legislation.gov.uk/eudr/2015/2366/title/III/2020-12-31" title="Title; Title III"/>
<atom:link rel="prevInForce" href="http://www.legislation.gov.uk/eudr/2015/2366/title/III/2020-12-31" title="Title; Title III"/>
<atom:link rel="next" href="http://www.legislation.gov.uk/eudr/2015/2366/title/V/2020-12-31" title="Title; Title V"/>
<atom:link rel="nextInForce" href="http://www.legislation.gov.uk/eudr/2015/2366/title/V/2020-12-31" title="Title; Title V"/>
<ukm:EUMetadata>
<ukm:DocumentClassification>
<ukm:DocumentCategory Value="euretained"/>
<ukm:DocumentMainType Value="EuropeanUnionDirective"/>
<ukm:DocumentStatus Value="revised"/>
</ukm:DocumentClassification>
<ukm:Year Value="2015"/>
<ukm:Number Value="2366"/>
<ukm:EURLexIdentifiers>
<ukm:Cellar Value="4f1c6ee8-bdb3-4e55-a477-0bb9379bf566"/>
<ukm:ELI Value="dir:2015:2366:2015-12-23"/>
<ukm:CELEX Value="02015L2366-20151223"/>
</ukm:EURLexIdentifiers>
<ukm:EnactmentDate Date="2015-11-25"/>
<ukm:EURLexModified Date="2020-07-30T16:20:10Z"/>
<ukm:EURLexExtracted Date="2020-07-30T18:28:16Z"/>
<ukm:XMLGenerated Date="2020-12-10T23:21:05Z"/>
<ukm:XMLImported Date="2020-12-10T23:56:47Z"/>
<ukm:CreatedBy Label="Provisional data" URI="http://publications.europa.eu/resource/authority/corporate-body/OP_DATPRO"/>
</ukm:EUMetadata>
<ukm:Alternatives>
<ukm:Alternative URI="http://www.legislation.gov.uk/eudr/2015/2366/pdfs/eudr_20152366_adopted_en.pdf" Date="2015-11-25" Size="1467309"/>
<ukm:Alternative URI="http://www.legislation.gov.uk/eudr/2015/2366/pdfs/eudr_20152366_2015-12-23_en.pdf" Date="2015-12-23" Size="762724" Revised="2015-12-23"/>
</ukm:Alternatives>
<ukm:CorrectionSlips>
<ukm:CorrectionSlip URI="http://www.legislation.gov.uk/eudr/2015/2366/pdfs/eudrcs_20152366_en_001.pdf" Date="2018-04-23" Size="375396"/>
</ukm:CorrectionSlips>
<ukm:Statistics>
<ukm:TotalParagraphs Value="125"/>
<ukm:BodyParagraphs Value="117"/>
<ukm:ScheduleParagraphs Value="8"/>
<ukm:AttachmentParagraphs Value="0"/>
<ukm:TotalImages Value="0"/>
</ukm:Statistics>
</proprietary>
</meta>
<portionBody eId="body" period="#period2">
<title eId="title-IV" period="#period2">
<num>TITLE IV</num>
<heading>
<strong>RIGHTS AND OBLIGATIONS IN RELATION TO THE PROVISION AND USE OF PAYMENT SERVICES</strong>
</heading>
<chapter eId="title-IV-chapter-1" period="#period2">
<num>
<em>CHAPTER 1</em>
</num>
<heading>
<strong>
<em>Common provisions</em>
</strong>
</heading>
<article eId="article-61" period="#period2">
<num>Article 61</num>
<heading>Scope</heading>
<paragraph eId="article-61-1">
<num>1</num>
<content>
<p>
Where the payment service user is not a consumer, the payment service user and the
<ins class="substitution O000005M003 first last">
<noteRef href="#c000001" marker="X1" class="commentary attribute X"/>
payment service provider may agree that Article 62(1), Article 64(3), and Articles 72, 74, 76, 77, 80, 89 and 90
</ins>
do not apply in whole or in part. The payment service user and the payment service provider may also agree on time limits that are different from those laid down in Article 71.
</p>
</content>
</paragraph>
<paragraph eId="article-61-2">
<num>2</num>
<content>
<p>Member States may provide that Article 102 does not apply where the payment service user is not a consumer.</p>
</content>
</paragraph>
<paragraph eId="article-61-3">
<num>3</num>
<content>
<p>Member States may provide that provisions in this Title are applied to microenterprises in the same way as to consumers.</p>
</content>
</paragraph>
<paragraph eId="article-61-4">
<num>4</num>
<content>
<p>This Directive shall be without prejudice to Directive 2008/48/EC, other relevant Union law or national measures regarding conditions for granting credit to consumers not harmonised by this Directive that comply with Union law.</p>
</content>
</paragraph>
</article>
<article eId="article-62" period="#period2">
<num>Article 62</num>
<heading>Charges applicable</heading>
<paragraph eId="article-62-1">
<num>1</num>
<content>
<p>
The payment service provider shall not charge the payment service user for fulfilment of its information obligations or corrective and preventive measures under this Title,
<ins class="substitution O000005M004 first last">
<noteRef href="#c000001" marker="X1" class="commentary attribute X"/>
unless otherwise specified in Article 79(1), Article 80(5) and Article 88(4).
</ins>
Those charges shall be agreed between the payment service user and the payment service provider and shall be appropriate and in line with the payment service provider’s actual costs.
</p>
</content>
</paragraph>
<paragraph eId="article-62-2">
<num>2</num>
<content>
<p>Member States shall require that for payment transactions provided within the Union, where both the payer’s and the payee’s payment service providers are, or the sole payment service provider in the payment transaction is, located therein, the payee pays the charges levied by his payment service provider, and the payer pays the charges levied by his payment service provider.</p>
</content>
</paragraph>
<paragraph eId="article-62-3">
<num>3</num>
<content>
<p>The payment service provider shall not prevent the payee from requesting from the payer a charge, offering him a reduction or otherwise steering him towards the use of a given payment instrument. Any charges applied shall not exceed the direct costs borne by the payee for the use of the specific payment instrument.</p>
</content>
</paragraph>
<paragraph eId="article-62-4">
<num>4</num>
<content>
<p>In any case, Member States shall ensure that the payee shall not request charges for the use of payment instruments for which interchange fees are regulated under Chapter II of Regulation (EU) 2015/751 and for those payment services to which Regulation (EU) No 260/2012 applies.</p>
</content>
</paragraph>
<paragraph eId="article-62-5">
<num>5</num>
<content>
<p>Member States may prohibit or limit the right of the payee to request charges taking into account the need to encourage competition and promote the use of efficient payment instruments.</p>
</content>
</paragraph>
</article>
<article eId="article-63" period="#period1">
<num>Article 63</num>
<heading>Derogation for low value payment instruments and electronic money</heading>
<paragraph eId="article-63-1">
<num>1</num>
<intro>
<p>In the case of payment instruments which, according to the framework contract, solely concern individual payment transactions not exceeding EUR 30 or which either have a spending limit of EUR 150, or store funds which do not exceed EUR 150 at any time, payment service providers may agree with their payment service users that:</p>
</intro>
<subparagraph eId="d4e854">
<num>a</num>
<content>
<p>point (b) of Article 69(1), points (c) and (d) of Article 70(1), and Article 74(3) do not apply if the payment instrument does not allow its blocking or prevention of its further use;</p>
</content>
</subparagraph>
<subparagraph eId="d4e860">
<num>b</num>
<content>
<p>Articles 72 and 73, and Article 74(1) and (3), do not apply if the payment instrument is used anonymously or the payment service provider is not in a position for other reasons which are intrinsic to the payment instrument to prove that a payment transaction was authorised;</p>
</content>
</subparagraph>
<subparagraph eId="d4e866">
<num>c</num>
<content>
<p>by way of derogation from Article 79(1), the payment service provider is not required to notify the payment service user of the refusal of a payment order, if the non-execution is apparent from the context;</p>
</content>
</subparagraph>
<subparagraph eId="d4e872">
<num>d</num>
<content>
<p>by way of derogation from Article 80, the payer may not revoke the payment order after transmitting the payment order or giving consent to execute the payment transaction to the payee;</p>
</content>
</subparagraph>
<subparagraph eId="d4e878">
<num>e</num>
<content>
<p>by way of derogation from Articles 83 and 84, other execution periods apply.</p>
</content>
</subparagraph>
</paragraph>
<paragraph eId="article-63-2">
<num>2</num>
<content>
<p>For national payment transactions, Member States or their competent authorities may reduce or double the amounts referred to in paragraph 1. They may increase them for prepaid payment instruments up to EUR 500.</p>
</content>
</paragraph>
<paragraph eId="article-63-3">
<num>3</num>
<content>
<p>Articles 73 and 74 of this Directive shall apply also to electronic money as defined in point (2) of Article 2 of Directive 2009/110/EC, except where the payer’s payment service provider does not have the ability to freeze the payment account on which the electronic money is stored or block the payment instrument. Member States may limit that derogation to payment accounts on which the electronic money is stored or to payment instruments of a certain value.</p>
</content>
</paragraph>
</article>
</chapter>
<chapter eId="title-IV-chapter-2" period="#period2">
<num>
<em>CHAPTER 2</em>
</num>
<heading>
<strong>
<em>Authorisation of payment transactions</em>
</strong>
</heading>
<article eId="article-64" period="#period1">
<num>Article 64</num>
<heading>Consent and withdrawal of consent</heading>
<paragraph eId="article-64-1">
<num>1</num>
<content>
<p>Member States shall ensure that a payment transaction is considered to be authorised only if the payer has given consent to execute the payment transaction. A payment transaction may be authorised by the payer prior to or, if agreed between the payer and the payment service provider, after the execution of the payment transaction.</p>
</content>
</paragraph>
<paragraph eId="article-64-2">
<num>2</num>
<content>
<p>Consent to execute a payment transaction or a series of payment transactions shall be given in the form agreed between the payer and the payment service provider. Consent to execute a payment transaction may also be given via the payee or the payment initiation service provider.</p>
<p>In the absence of consent, a payment transaction shall be considered to be unauthorised.</p>
</content>
</paragraph>
<paragraph eId="article-64-3">
<num>3</num>
<content>
<p>Consent may be withdrawn by the payer at any time, but no later than at the moment of irrevocability in accordance with Article 80. Consent to execute a series of payment transactions may also be withdrawn, in which case any future payment transaction shall be considered to be unauthorised.</p>
</content>
</paragraph>
<paragraph eId="article-64-4">
<num>4</num>
<content>
<p>The procedure for giving consent shall be agreed between the payer and the relevant payment service provider(s).</p>
</content>
</paragraph>
</article>
<article eId="article-65" period="#period1">
<num>Article 65</num>
<heading>Confirmation on the availability of funds</heading>
<paragraph eId="article-65-1">
<num>1</num>
<intro>
<p>Member States shall ensure that an account servicing payment service provider shall, upon the request of a payment service provider issuing card-based payment instruments, immediately confirm whether an amount necessary for the execution of a card-based payment transaction is available on the payment account of the payer, provided that all of the following conditions are met:</p>
</intro>
<subparagraph eId="d4e951">
<num>a</num>
<content>
<p>the payment account of the payer is accessible online at the time of the request;</p>
</content>
</subparagraph>
<subparagraph eId="d4e957">
<num>b</num>
<content>
<p>the payer has given explicit consent to the account servicing payment service provider to respond to requests from a specific payment service provider to confirm that the amount corresponding to a certain card-based payment transaction is available on the payer’s payment account;</p>
</content>
</subparagraph>
<subparagraph eId="d4e963">
<num>c</num>
<content>
<p>the consent referred to in point (b) has been given before the first request for confirmation is made.</p>
</content>
</subparagraph>
</paragraph>
<paragraph eId="article-65-2">
<num>2</num>
<intro>
<p>The payment service provider may request the confirmation referred to in paragraph 1 where all of the following conditions are met:</p>
</intro>
<subparagraph eId="d4e975">
<num>a</num>
<content>
<p>the payer has given explicit consent to the payment service provider to request the confirmation referred to in paragraph 1;</p>
</content>
</subparagraph>
<subparagraph eId="d4e981">
<num>b</num>
<content>
<p>the payer has initiated the card-based payment transaction for the amount in question using a card based payment instrument issued by the payment service provider;</p>
</content>
</subparagraph>
<subparagraph eId="d4e987">
<num>c</num>
<content>
<p>the payment service provider authenticates itself towards the account servicing payment service provider before each confirmation request, and securely communicates with the account servicing payment service provider in accordance with point (d) of Article 98(1).</p>
</content>
</subparagraph>
</paragraph>
<paragraph eId="article-65-3">
<num>3</num>
<content>
<p>In accordance with Directive 95/46/EC, the confirmation referred to in paragraph 1 shall consist only in a simple ‘yes’ or ‘no’ answer and not in a statement of the account balance. That answer shall not be stored or used for purposes other than for the execution of the card-based payment transaction.</p>
</content>
</paragraph>
<paragraph eId="article-65-4">
<num>4</num>
<content>
<p>The confirmation referred to in paragraph 1 shall not allow for the account servicing payment service provider to block funds on the payer’s payment account.</p>
</content>
</paragraph>
<paragraph eId="article-65-5">
<num>5</num>
<content>
<p>The payer may request the account servicing payment service provider to communicate to the payer the identification of the payment service provider and the answer provided.</p>
</content>
</paragraph>
<paragraph eId="article-65-6">
<num>6</num>
<content>
<p>This Article does not apply to payment transactions initiated through card-based payment instruments on which electronic money as defined in point (2) of Article 2 of Directive 2009/110/EC is stored.</p>
</content>
</paragraph>
</article>
<article eId="article-66" period="#period1">
<num>Article 66</num>
<heading>Rules on access to payment account in the case of payment initiation services</heading>
<paragraph eId="article-66-1">
<num>1</num>
<content>
<p>Member States shall ensure that a payer has the right to make use of a payment initiation service provider to obtain payment services as referred to in point (7) of Annex I. The right to make use of a payment initiation service provider shall not apply where the payment account is not accessible online.</p>
</content>
</paragraph>
<paragraph eId="article-66-2">
<num>2</num>
<content>
<p>When the payer gives its explicit consent for a payment to be executed in accordance with Article 64, the account servicing payment service provider shall perform the actions specified in paragraph 4 of this Article in order to ensure the payer’s right to use the payment initiation service.</p>
</content>
</paragraph>
<paragraph eId="article-66-3">
<num>3</num>
<intro>
<p>The payment initiation service provider shall:</p>
</intro>
<subparagraph eId="d4e1042">
<num>a</num>
<content>
<p>not hold at any time the payer’s funds in connection with the provision of the payment initiation service;</p>
</content>
</subparagraph>
<subparagraph eId="d4e1048">
<num>b</num>
<content>
<p>ensure that the personalised security credentials of the payment service user are not, with the exception of the user and the issuer of the personalised security credentials, accessible to other parties and that they are transmitted by the payment initiation service provider through safe and efficient channels;</p>
</content>
</subparagraph>
<subparagraph eId="d4e1054">
<num>c</num>
<content>
<p>ensure that any other information about the payment service user, obtained when providing payment initiation services, is only provided to the payee and only with the payment service user’s explicit consent;</p>
</content>
</subparagraph>
<subparagraph eId="d4e1060">
<num>d</num>
<content>
<p>every time a payment is initiated, identify itself towards the account servicing payment service provider of the payer and communicate with the account servicing payment service provider, the payer and the payee in a secure way, in accordance with point (d) of Article 98(1);</p>
</content>
</subparagraph>
<subparagraph eId="d4e1066">
<num>e</num>
<content>
<p>not store sensitive payment data of the payment service user;</p>
</content>
</subparagraph>
<subparagraph eId="d4e1072">
<num>f</num>
<content>
<p>not request from the payment service user any data other than those necessary to provide the payment initiation service;</p>
</content>
</subparagraph>
<subparagraph eId="d4e1078">
<num>g</num>
<content>
<p>not use, access or store any data for purposes other than for the provision of the payment initiation service as explicitly requested by the payer;</p>
</content>
</subparagraph>
<subparagraph eId="d4e1084">
<num>h</num>
<content>
<p>not modify the amount, the payee or any other feature of the transaction.</p>
</content>
</subparagraph>
</paragraph>
<paragraph eId="article-66-4">
<num>4</num>
<intro>
<p>The account servicing payment service provider shall:</p>
</intro>
<subparagraph eId="d4e1096">
<num>a</num>
<content>
<p>communicate securely with payment initiation service providers in accordance with point (d) of Article 98(1);</p>
</content>
</subparagraph>
<subparagraph eId="d4e1102">
<num>b</num>
<content>
<p>immediately after receipt of the payment order from a payment initiation service provider, provide or make available all information on the initiation of the payment transaction and all information accessible to the account servicing payment service provider regarding the execution of the payment transaction to the payment initiation service provider;</p>
</content>
</subparagraph>
<subparagraph eId="d4e1108">
<num>c</num>
<content>
<p>treat payment orders transmitted through the services of a payment initiation service provider without any discrimination other than for objective reasons, in particular in terms of timing, priority or charges vis-à-vis payment orders transmitted directly by the payer.</p>
</content>
</subparagraph>
</paragraph>
<paragraph eId="article-66-5">
<num>5</num>
<content>
<p>The provision of payment initiation services shall not be dependent on the existence of a contractual relationship between the payment initiation service providers and the account servicing payment service providers for that purpose.</p>
</content>
</paragraph>
</article>
<article eId="article-67" period="#period1">
<num>Article 67</num>
<heading>Rules on access to and use of payment account information in the case of account information services</heading>
<paragraph eId="article-67-1">
<num>1</num>
<content>
<p>Member States shall ensure that a payment service user has the right to make use of services enabling access to account information as referred to in point (8) of Annex I. That right shall not apply where the payment account is not accessible online.</p>
</content>
</paragraph>
<paragraph eId="article-67-2">
<num>2</num>
<intro>
<p>The account information service provider shall:</p>
</intro>
<subparagraph eId="d4e1139">
<num>a</num>
<content>
<p>provide services only where based on the payment service user’s explicit consent;</p>
</content>
</subparagraph>
<subparagraph eId="d4e1145">
<num>b</num>
<content>
<p>ensure that the personalised security credentials of the payment service user are not, with the exception of the user and the issuer of the personalised security credentials, accessible to other parties and that when they are transmitted by the account information service provider, this is done through safe and efficient channels;</p>
</content>
</subparagraph>
<subparagraph eId="d4e1151">
<num>c</num>
<content>
<p>for each communication session, identify itself towards the account servicing payment service provider(s) of the payment service user and securely communicate with the account servicing payment service provider(s) and the payment service user, in accordance with point (d) of Article 98(1);</p>
</content>
</subparagraph>
<subparagraph eId="d4e1157">
<num>d</num>
<content>
<p>access only the information from designated payment accounts and associated payment transactions;</p>
</content>
</subparagraph>
<subparagraph eId="d4e1163">
<num>e</num>
<content>
<p>not request sensitive payment data linked to the payment accounts;</p>
</content>
</subparagraph>
<subparagraph eId="d4e1169">
<num>f</num>
<content>
<p>not use, access or store any data for purposes other than for performing the account information service explicitly requested by the payment service user, in accordance with data protection rules.</p>
</content>
</subparagraph>
</paragraph>
<paragraph eId="article-67-3">
<num>3</num>
<intro>
<p>In relation to payment accounts, the account servicing payment service provider shall:</p>
</intro>
<subparagraph eId="d4e1181">
<num>a</num>
<content>
<p>communicate securely with the account information service providers in accordance with point (d) of Article 98(1); and</p>
</content>
</subparagraph>
<subparagraph eId="d4e1187">
<num>b</num>
<content>
<p>treat data requests transmitted through the services of an account information service provider without any discrimination for other than objective reasons.</p>
</content>
</subparagraph>
</paragraph>
<paragraph eId="article-67-4">
<num>4</num>
<content>
<p>The provision of account information services shall not be dependent on the existence of a contractual relationship between the account information service providers and the account servicing payment service providers for that purpose.</p>
</content>
</paragraph>
</article>
<article eId="article-68" period="#period1">
<num>Article 68</num>
<heading>Limits of the use of the payment instrument and of the access to payment accounts by payment service providers</heading>
<paragraph eId="article-68-1">
<num>1</num>
<content>
<p>Where a specific payment instrument is used for the purposes of giving consent, the payer and the payer’s payment service provider may agree on spending limits for payment transactions executed through that payment instrument.</p>
</content>
</paragraph>
<paragraph eId="article-68-2">
<num>2</num>
<content>
<p>If agreed in the framework contract, the payment service provider may reserve the right to block the payment instrument for objectively justified reasons relating to the security of the payment instrument, the suspicion of unauthorised or fraudulent use of the payment instrument or, in the case of a payment instrument with a credit line, a significantly increased risk that the payer may be unable to fulfil its liability to pay.</p>
</content>
</paragraph>
<paragraph eId="article-68-3">
<num>3</num>
<content>
<p>In such cases the payment service provider shall inform the payer of the blocking of the payment instrument and the reasons for it in an agreed manner, where possible, before the payment instrument is blocked and at the latest immediately thereafter, unless providing such information would compromise objectively justified security reasons or is prohibited by other relevant Union or national law.</p>
</content>
</paragraph>
<paragraph eId="article-68-4">
<num>4</num>
<content>
<p>The payment service provider shall unblock the payment instrument or replace it with a new payment instrument once the reasons for blocking no longer exist.</p>
</content>
</paragraph>
<paragraph eId="article-68-5">
<num>5</num>
<content>
<p>An account servicing payment service provider may deny an account information service provider or a payment initiation service provider access to a payment account for objectively justified and duly evidenced reasons relating to unauthorised or fraudulent access to the payment account by that account information service provider or that payment initiation service provider, including the unauthorised or fraudulent initiation of a payment transaction. In such cases the account servicing payment service provider shall inform the payer that access to the payment account is denied and the reasons therefor in the form agreed. That information shall, where possible, be given to the payer before access is denied and at the latest immediately thereafter, unless providing such information would compromise objectively justified security reasons or is prohibited by other relevant Union or national law.</p>
<p>The account servicing payment service provider shall allow access to the payment account once the reasons for denying access no longer exist.</p>
</content>
</paragraph>
<paragraph eId="article-68-6">
<num>6</num>
<content>
<p>In the cases referred to in paragraph 5, the account servicing payment service provider shall immediately report the incident relating to the account information service provider or the payment initiation service provider to the competent authority. The information shall include the relevant details of the case and the reasons for taking action. The competent authority shall assess the case and shall, if necessary, take appropriate measures.</p>
</content>
</paragraph>
</article>
<article eId="article-69" period="#period1">
<num>Article 69</num>
<heading>Obligations of the payment service user in relation to payment instruments and personalised security credentials</heading>
<paragraph eId="article-69-1">
<num>1</num>
<intro>
<p>The payment service user entitled to use a payment instrument shall:</p>
</intro>
<subparagraph eId="d4e1258">
<num>a</num>
<content>
<p>use the payment instrument in accordance with the terms governing the issue and use of the payment instrument, which must be objective, non-discriminatory and proportionate;</p>
</content>
</subparagraph>
<subparagraph eId="d4e1264">
<num>b</num>
<content>
<p>notify the payment service provider, or the entity specified by the latter, without undue delay on becoming aware of the loss, theft, misappropriation or unauthorised use of the payment instrument.</p>
</content>
</subparagraph>
</paragraph>
<paragraph eId="article-69-2">
<num>2</num>
<content>
<p>For the purposes of point (a) of paragraph 1, the payment service user shall, in particular, as soon as in receipt of a payment instrument, take all reasonable steps to keep its personalised security credentials safe.</p>
</content>
</paragraph>
</article>
<article eId="article-70" period="#period1">
<num>Article 70</num>
<heading>Obligations of the payment service provider in relation to payment instruments</heading>
<paragraph eId="article-70-1">
<num>1</num>
<intro>
<p>The payment service provider issuing a payment instrument shall:</p>
</intro>
<subparagraph eId="d4e1289">
<num>a</num>
<content>
<p>make sure that the personalised security credentials are not accessible to parties other than the payment service user that is entitled to use the payment instrument, without prejudice to the obligations on the payment service user set out in Article 69;</p>
</content>
</subparagraph>
<subparagraph eId="d4e1295">
<num>b</num>
<content>
<p>refrain from sending an unsolicited payment instrument, except where a payment instrument already given to the payment service user is to be replaced;</p>
</content>
</subparagraph>
<subparagraph eId="d4e1301">
<num>c</num>
<content>
<p>ensure that appropriate means are available at all times to enable the payment service user to make a notification pursuant to point (b) of Article 69(1) or to request unblocking of the payment instrument pursuant to Article 68(4); on request, the payment service provider shall provide the payment service user with the means to prove, for 18 months after notification, that the payment service user made such a notification;</p>
</content>
</subparagraph>
<subparagraph eId="d4e1307">
<num>d</num>
<content>
<p>provide the payment service user with an option to make a notification pursuant to point (b) of Article 69(1) free of charge and to charge, if at all, only replacement costs directly attributed to the payment instrument;</p>
</content>
</subparagraph>
<subparagraph eId="d4e1313">
<num>e</num>
<content>
<p>prevent all use of the payment instrument once notification pursuant to point (b) of Article 69(1) has been made.</p>
</content>
</subparagraph>
</paragraph>
<paragraph eId="article-70-2">
<num>2</num>
<content>
<p>The payment service provider shall bear the risk of sending a payment instrument or any personalised security credentials relating to it to the payment service user.</p>
</content>
</paragraph>
</article>
<article eId="article-71" period="#period1">
<num>Article 71</num>
<heading>Notification and rectification of unauthorised or incorrectly executed payment transactions</heading>
<paragraph eId="article-71-1">
<num>1</num>
<content>
<p>The payment service user shall obtain rectification of an unauthorised or incorrectly executed payment transaction from the payment service provider only if the payment service user notifies the payment service provider without undue delay on becoming aware of any such transaction giving rise to a claim, including that under Article 89, and no later than 13 months after the debit date.</p>
<p>The time limits for notification laid down in the first subparagraph do not apply where the payment service provider has failed to provide or make available the information on the payment transaction in accordance with Title III.</p>
</content>
</paragraph>
<paragraph eId="article-71-2">
<num>2</num>
<content>
<p>Where a payment initiation service provider is involved, the payment service user shall obtain rectification from the account servicing payment service provider pursuant to paragraph 1 of this Article, without prejudice to Article 73(2) and Article 89(1).</p>
</content>
</paragraph>
</article>
<article eId="article-72" period="#period1">
<num>Article 72</num>
<heading>Evidence on authentication and execution of payment transactions</heading>
<paragraph eId="article-72-1">
<num>1</num>
<content>
<p>Member States shall require that, where a payment service user denies having authorised an executed payment transaction or claims that the payment transaction was not correctly executed, it is for the payment service provider to prove that the payment transaction was authenticated, accurately recorded, entered in the accounts and not affected by a technical breakdown or some other deficiency of the service provided by the payment service provider.</p>
<p>If the payment transaction is initiated through a payment initiation service provider, the burden shall be on the payment initiation service provider to prove that within its sphere of competence, the payment transaction was authenticated, accurately recorded and not affected by a technical breakdown or other deficiency linked to the payment service of which it is in charge.</p>
</content>
</paragraph>
<paragraph eId="article-72-2">
<num>2</num>
<content>
<p>Where a payment service user denies having authorised an executed payment transaction, the use of a payment instrument recorded by the payment service provider, including the payment initiation service provider as appropriate, shall in itself not necessarily be sufficient to prove either that the payment transaction was authorised by the payer or that the payer acted fraudulently or failed with intent or gross negligence to fulfil one or more of the obligations under Article 69. The payment service provider, including, where appropriate, the payment initiation service provider, shall provide supporting evidence to prove fraud or gross negligence on part of the payment service user.</p>
</content>
</paragraph>
</article>
<article eId="article-73" period="#period1">
<num>Article 73</num>
<heading>Payment service provider’s liability for unauthorised payment transactions</heading>
<paragraph eId="article-73-1">
<num>1</num>
<content>
<p>Member States shall ensure that, without prejudice to Article 71, in the case of an unauthorised payment transaction, the payer’s payment service provider refunds the payer the amount of the unauthorised payment transaction immediately, and in any event no later than by the end of the following business day, after noting or being notified of the transaction, except where the payer’s payment service provider has reasonable grounds for suspecting fraud and communicates those grounds to the relevant national authority in writing. Where applicable, the payer’s payment service provider shall restore the debited payment account to the state in which it would have been had the unauthorised payment transaction not taken place. This shall also ensure that the credit value date for the payer’s payment account shall be no later than the date the amount had been debited.</p>
</content>
</paragraph>
<paragraph eId="article-73-2">
<num>2</num>
<content>
<p>Where the payment transaction is initiated through a payment initiation service provider, the account servicing payment service provider shall refund immediately, and in any event no later than by the end of the following business day the amount of the unauthorised payment transaction and, where applicable, restore the debited payment account to the state in which it would have been had the unauthorised payment transaction not taken place.</p>
<p>If the payment initiation service provider is liable for the unauthorised payment transaction, it shall immediately compensate the account servicing payment service provider at its request for the losses incurred or sums paid as a result of the refund to the payer, including the amount of the unauthorised payment transaction. In accordance with Article 72(1), the burden shall be on the payment initiation service provider to prove that, within its sphere of competence, the payment transaction was authenticated, accurately recorded and not affected by a technical breakdown or other deficiency linked to the payment service of which it is in charge.</p>
</content>
</paragraph>
<paragraph eId="article-73-3">
<num>3</num>
<content>
<p>Further financial compensation may be determined in accordance with the law applicable to the contract concluded between the payer and the payment service provider or the contract concluded between the payer and the payment initiation service provider if applicable.</p>
</content>
</paragraph>
</article>
<article eId="article-74" period="#period1">
<num>Article 74</num>
<heading>Payer’s liability for unauthorised payment transactions</heading>
<paragraph eId="article-74-1">
<num>1</num>
<intro>
<p>By way of derogation from Article 73, the payer may be obliged to bear the losses relating to any unauthorised payment transactions, up to a maximum of EUR 50, resulting from the use of a lost or stolen payment instrument or from the misappropriation of a payment instrument.</p>
<p>The first subparagraph shall not apply if:</p>
</intro>
<subparagraph eId="d4e1414">
<num>a</num>
<content>
<p>the loss, theft or misappropriation of a payment instrument was not detectable to the payer prior to a payment, except where the payer has acted fraudulently; or</p>
</content>
</subparagraph>
<subparagraph eId="d4e1420">
<num>b</num>
<content>
<p>the loss was caused by acts or lack of action of an employee, agent or branch of a payment service provider or of an entity to which its activities were outsourced.</p>
</content>
</subparagraph>
<wrapUp>
<p>The payer shall bear all of the losses relating to any unauthorised payment transactions if they were incurred by the payer acting fraudulently or failing to fulfil one or more of the obligations set out in Article 69 with intent or gross negligence. In such cases, the maximum amount referred to in the first subparagraph shall not apply.</p>
<p>Where the payer has neither acted fraudulently nor intentionally failed to fulfil its obligations under Article 69, Member States may reduce the liability referred to in this paragraph, taking into account, in particular, the nature of the personalised security credentials and the specific circumstances under which the payment instrument was lost, stolen or misappropriated.</p>
</wrapUp>
</paragraph>
<paragraph eId="article-74-2">
<num>2</num>
<content>
<p>Where the payer’s payment service provider does not require strong customer authentication, the payer shall not bear any financial losses unless the payer has acted fraudulently. Where the payee or the payment service provider of the payee fails to accept strong customer authentication, it shall refund the financial damage caused to the payer’s payment service provider.</p>
</content>
</paragraph>
<paragraph eId="article-74-3">
<num>3</num>
<content>
<p>The payer shall not bear any financial consequences resulting from use of the lost, stolen or misappropriated payment instrument after notification in accordance with point (b) of Article 69(1), except where the payer has acted fraudulently.</p>
<p>If the payment service provider does not provide appropriate means for the notification at all times of a lost, stolen or misappropriated payment instrument, as required under point (c) of Article 70(1), the payer shall not be liable for the financial consequences resulting from use of that payment instrument, except where the payer has acted fraudulently.</p>
</content>
</paragraph>
</article>
<article eId="article-75" period="#period1">
<num>Article 75</num>
<heading>Payment transactions where the transaction amount is not known in advance</heading>
<paragraph eId="article-75-1">
<num>1</num>
<content>
<p>Where a payment transaction is initiated by or through the payee in the context of a card-based payment transaction and the exact amount is not known at the moment when the payer gives consent to execute the payment transaction, the payer’s payment service provider may block funds on the payer’s payment account only if the payer has given consent to the exact amount of the funds to be blocked.</p>
</content>
</paragraph>
<paragraph eId="article-75-2">
<num>2</num>
<content>
<p>The payer’s payment service provider shall release the funds blocked on the payer’s payment account under paragraph 1 without undue delay after receipt of the information about the exact amount of the payment transaction and at the latest immediately after receipt of the payment order.</p>
</content>
</paragraph>
</article>
<article eId="article-76" period="#period2">
<num>Article 76</num>
<heading>Refunds for payment transactions initiated by or through a payee</heading>
<paragraph eId="article-76-1">
<num>1</num>
<intro>
<p>Member States shall ensure that a payer is entitled to a refund from the payment service provider of an authorised payment transaction which was initiated by or through a payee and which has already been executed, if both of the following conditions are met:</p>
</intro>
<subparagraph eId="d4e1479">
<num>a</num>
<content>
<p>the authorisation did not specify the exact amount of the payment transaction when the authorisation was made;</p>
</content>
</subparagraph>
<subparagraph eId="d4e1485">
<num>b</num>
<content>
<p>the amount of the payment transaction exceeded the amount the payer could reasonably have expected taking into account the previous spending pattern, the conditions in the framework contract and relevant circumstances of the case.</p>
</content>
</subparagraph>
<wrapUp>
<p>At the payment service provider’s request, the payer shall bear the burden of proving such conditions are met.</p>
<p>The refund shall consist of the full amount of the executed payment transaction. The credit value date for the payer’s payment account shall be no later than the date the amount was debited.</p>
<p>
<ins class="substitution O000005M005 first last">
<noteRef href="#c000001" marker="X1" class="commentary attribute X"/>
Without prejudice to paragraph 3 of this Article, Member States shall ensure that, in addition to the right referred to in the first subparagraph of this paragraph, for direct debits as referred to in Article 1 of Regulation (EU) No 260/2012, the payer has an unconditional right to a refund within the time limits laid down in Article 77 of this Directive.
</ins>
</p>
</wrapUp>
</paragraph>
<paragraph eId="article-76-2">
<num>2</num>
<content>
<p>However, for the purposes of point (b) of the first subparagraph of paragraph 1, the payer shall not rely on currency exchange reasons if the reference exchange rate agreed with its payment service provider in accordance with point (d) of Article 45(1) and point (3)(b) of Article 52 was applied.</p>
</content>
</paragraph>
<paragraph eId="article-76-3">
<num>3</num>
<intro>
<p>It may be agreed in a framework contract between the payer and the payment service provider that the payer has no right to a refund where:</p>
</intro>
<subparagraph eId="d4e1513">
<num>a</num>
<content>
<p>the payer has given consent to execute the payment transaction directly to the payment service provider; and</p>
</content>
</subparagraph>
<subparagraph eId="d4e1519">
<num>b</num>
<content>
<p>where applicable, information on the future payment transaction was provided or made available in an agreed manner to the payer for at least 4 weeks before the due date by the payment service provider or by the payee.</p>
</content>
</subparagraph>
</paragraph>
<paragraph eId="article-76-4">
<num>4</num>
<content>
<p>For direct debits in currencies other than euro, Member States may require their payment service providers to offer more favourable refund rights in accordance with their direct debit schemes provided that they are more advantageous to the payer.</p>
</content>
</paragraph>
</article>
<article eId="article-77" period="#period1">
<num>Article 77</num>
<heading>Requests for refunds for payment transactions initiated by or through a payee</heading>
<paragraph eId="article-77-1">
<num>1</num>
<content>
<p>Member States shall ensure that the payer can request the refund referred to in Article 76 of an authorised payment transaction initiated by or through a payee for a period of 8 weeks from the date on which the funds were debited.</p>
</content>
</paragraph>
<paragraph eId="article-77-2">
<num>2</num>
<content>
<p>Within 10 business days of receiving a request for a refund, the payment service provider shall either refund the full amount of the payment transaction or provide a justification for refusing the refund and indicate the bodies to which the payer may refer the matter in accordance with Articles 99 to 102 if the payer does not accept the reasons provided.</p>
<p>The payment service provider’s right under the first subparagraph of this paragraph to refuse the refund shall not apply in the case set out in the fourth subparagraph of Article 76(1).</p>
</content>
</paragraph>
</article>
</chapter>
<chapter eId="title-IV-chapter-3" period="#period2">
<num>
<em>CHAPTER 3</em>
</num>
<heading>
<strong>
<em>Execution of payment transactions</em>
</strong>
</heading>
<section eId="title-IV-chapter-3-section-1" period="#period1">
<num>
<inline name="expanded">Section 1</inline>
</num>
<heading>
<strong>
<inline name="expanded">Payment orders and amounts transferred</inline>
</strong>
</heading>
<article eId="article-78" period="#period1">
<num>Article 78</num>
<heading>Receipt of payment orders</heading>
<paragraph eId="article-78-1">
<num>1</num>
<content>
<p>Member States shall ensure that the time of receipt is when the payment order is received by the payer’s payment service provider.</p>
<p>The payer’s account shall not be debited before receipt of the payment order. If the time of receipt is not on a business day for the payer’s payment service provider, the payment order shall be deemed to have been received on the following business day. The payment service provider may establish a cut-off time near the end of a business day beyond which any payment order received shall be deemed to have been received on the following business day.</p>
</content>
</paragraph>
<paragraph eId="article-78-2">
<num>2</num>
<content>
<p>If the payment service user initiating a payment order and the payment service provider agree that execution of the payment order shall start on a specific day or at the end of a certain period or on the day on which the payer has put funds at the payment service provider’s disposal, the time of receipt for the purposes of Article 83 is deemed to be the agreed day. If the agreed day is not a business day for the payment service provider, the payment order received shall be deemed to have been received on the following business day.</p>
</content>
</paragraph>
</article>
<article eId="article-79" period="#period1">
<num>Article 79</num>
<heading>Refusal of payment orders</heading>
<paragraph eId="article-79-1">
<num>1</num>
<content>
<p>Where the payment service provider refuses to execute a payment order or to initiate a payment transaction, the refusal and, if possible, the reasons for it and the procedure for correcting any factual mistakes that led to the refusal shall be notified to the payment service user, unless prohibited by other relevant Union or national law.</p>
<p>The payment service provider shall provide or make available the notification in an agreed manner at the earliest opportunity, and in any case, within the periods specified in Article 83.</p>
<p>The framework contract may include a condition that the payment service provider may charge a reasonable fee for such a refusal if the refusal is objectively justified.</p>
</content>
</paragraph>
<paragraph eId="article-79-2">
<num>2</num>
<content>
<p>Where all of the conditions set out in the payer’s framework contract are met, the payer’s account servicing payment service provider shall not refuse to execute an authorised payment order irrespective of whether the payment order is initiated by a payer, including through a payment initiation service provider, or by or through a payee, unless prohibited by other relevant Union or national law.</p>
</content>
</paragraph>
<paragraph eId="article-79-3">
<num>3</num>
<content>
<p>For the purposes of Articles 83 and 89 a payment order for which execution has been refused shall be deemed not to have been received.</p>
</content>
</paragraph>
</article>
<article eId="article-80" period="#period1">
<num>Article 80</num>
<heading>Irrevocability of a payment order</heading>
<paragraph eId="article-80-1">
<num>1</num>
<content>
<p>Member States shall ensure that the payment service user shall not revoke a payment order once it has been received by the payer’s payment service provider, unless otherwise specified in this Article.</p>
</content>
</paragraph>
<paragraph eId="article-80-2">
<num>2</num>
<content>
<p>Where the payment transaction is initiated by a payment initiation service provider or by or through the payee, the payer shall not revoke the payment order after giving consent to the payment initiation service provider to initiate the payment transaction or after giving consent to execute the payment transaction to the payee.</p>
</content>
</paragraph>
<paragraph eId="article-80-3">
<num>3</num>
<content>
<p>However, in the case of a direct debit and without prejudice to refund rights the payer may revoke the payment order at the latest by the end of the business day preceding the day agreed for debiting the funds.</p>
</content>
</paragraph>
<paragraph eId="article-80-4">
<num>4</num>
<content>
<p>In the case referred to in Article 78(2) the payment service user may revoke a payment order at the latest by the end of the business day preceding the agreed day.</p>
</content>
</paragraph>
<paragraph eId="article-80-5">
<num>5</num>
<content>
<p>After the time limits laid down in paragraphs 1 to 4, the payment order may be revoked only if agreed between the payment service user and the relevant payment service providers. In the case referred to in paragraphs 2 and 3, the payee’s agreement shall also be required. If agreed in the framework contract, the relevant payment service provider may charge for revocation.</p>
</content>
</paragraph>
</article>
<article eId="article-81" period="#period1">
<num>Article 81</num>
<heading>Amounts transferred and amounts received</heading>
<paragraph eId="article-81-1">
<num>1</num>
<content>
<p>Member States shall require the payment service provider(s) of the payer, the payment service provider(s) of the payee and any intermediaries of the payment service providers to transfer the full amount of the payment transaction and refrain from deducting charges from the amount transferred.</p>
</content>
</paragraph>
<paragraph eId="article-81-2">
<num>2</num>
<content>
<p>However, the payee and the payment service provider may agree that the relevant payment service provider deduct its charges from the amount transferred before crediting it to the payee. In such a case, the full amount of the payment transaction and charges shall be separated in the information given to the payee.</p>
</content>
</paragraph>
<paragraph eId="article-81-3">
<num>3</num>
<content>
<p>If any charges other than those referred to in paragraph 2 are deducted from the amount transferred, the payment service provider of the payer shall ensure that the payee receives the full amount of the payment transaction initiated by the payer. Where the payment transaction is initiated by or through the payee, the payment service provider of the payee shall ensure that the full amount of the payment transaction is received by the payee.</p>
</content>
</paragraph>
</article>
</section>
<section eId="title-IV-chapter-3-section-2" period="#period1">
<num>
<inline name="expanded">Section 2</inline>
</num>
<heading>
<strong>
<inline name="expanded">Execution time and value date</inline>
</strong>
</heading>
<article eId="article-82" period="#period1">
<num>Article 82</num>
<heading>Scope</heading>
<paragraph eId="article-82-1">
<num>1</num>
<intro>
<p>This Section applies to:</p>
</intro>
<subparagraph eId="d4e1705">
<num>a</num>
<content>
<p>payment transactions in euro;</p>
</content>
</subparagraph>
<subparagraph eId="d4e1711">
<num>b</num>
<content>
<p>national payment transactions in the currency of the Member State outside the euro area;</p>
</content>
</subparagraph>
<subparagraph eId="d4e1717">
<num>c</num>
<content>
<p>payment transactions involving only one currency conversion between the euro and the currency of a Member State outside the euro area, provided that the required currency conversion is carried out in the Member State outside the euro area concerned and, in the case of cross-border payment transactions, the cross-border transfer takes place in euro.</p>
</content>
</subparagraph>
</paragraph>
<paragraph eId="article-82-2">
<num>2</num>
<content>
<p>This Section applies to payment transactions not referred to in the paragraph 1, unless otherwise agreed between the payment service user and the payment service provider, with the exception of Article 87, which is not at the disposal of the parties. However, if the payment service user and the payment service provider agree on a longer period than that set in Article 83, for intra-Union payment transactions, that longer period shall not exceed 4 business days following the time of receipt as referred to in Article 78.</p>
</content>
</paragraph>
</article>
<article eId="article-83" period="#period1">
<num>Article 83</num>
<heading>Payment transactions to a payment account</heading>
<paragraph eId="article-83-1">
<num>1</num>
<content>
<p>Member States shall require the payer’s payment service provider to ensure that after the time of receipt as referred to in Article 78, the amount of the payment transaction will be credited to the payee’s payment service provider’s account by the end of the following business day. That time limit may be extended by a further business day for paper-initiated payment transactions.</p>
</content>
</paragraph>
<paragraph eId="article-83-2">
<num>2</num>
<content>
<p>Member States shall require the payment service provider of the payee to value date and make available the amount of the payment transaction to the payee’s payment account after the payment service provider has received the funds in accordance with Article 87.</p>
</content>
</paragraph>
<paragraph eId="article-83-3">
<num>3</num>
<content>
<p>Member States shall require the payee’s payment service provider to transmit a payment order initiated by or through the payee to the payer’s payment service provider within the time limits agreed between the payee and the payment service provider, enabling settlement, as far as direct debit is concerned, on the agreed due date.</p>
</content>
</paragraph>
</article>
<article eId="article-84" period="#period1">
<num>Article 84</num>
<heading>Absence of payee’s payment account with the payment service provider</heading>
<content>
<p>Where the payee does not have a payment account with the payment service provider, the funds shall be made available to the payee by the payment service provider who receives the funds for the payee within the time limit laid down in Article 83.</p>
</content>
</article>
<article eId="article-85" period="#period1">
<num>Article 85</num>
<heading>Cash placed on a payment account</heading>
<content>
<p>Where a consumer places cash on a payment account with that payment service provider in the currency of that payment account, the payment service provider shall ensure that the amount is made available and value dated immediately after receipt of the funds. Where the payment service user is not a consumer, the amount shall be made available and value dated at the latest on the following business day after receipt of the funds.</p>
</content>
</article>
<article eId="article-86" period="#period1">
<num>Article 86</num>
<heading>National payment transactions</heading>
<content>
<p>For national payment transactions, Member States may provide for shorter maximum execution times than those provided for in this Section.</p>
</content>
</article>
<article eId="article-87" period="#period1">
<num>Article 87</num>
<heading>Value date and availability of funds</heading>
<paragraph eId="article-87-1">
<num>1</num>
<content>
<p>Member States shall ensure that the credit value date for the payee’s payment account is no later than the business day on which the amount of the payment transaction is credited to the payee’s payment service provider’s account.</p>
</content>
</paragraph>
<paragraph eId="article-87-2">
<num>2</num>
<intro>
<p>The payment service provider of the payee shall ensure that the amount of the payment transaction is at the payee’s disposal immediately after that amount is credited to the payee’s payment service provider’s account where, on the part of the payee’s payment service provider, there is:</p>
</intro>
<subparagraph eId="d4e1800">
<num>a</num>
<content>
<p>no currency conversion; or</p>
</content>
</subparagraph>
<subparagraph eId="d4e1806">
<num>b</num>
<content>
<p>a currency conversion between the euro and a Member State currency or between two Member State currencies.</p>
</content>
</subparagraph>
<wrapUp>
<p>The obligation laid down in this paragraph shall also apply to payments within one payment service provider.</p>
</wrapUp>
</paragraph>
<paragraph eId="article-87-3">
<num>3</num>
<content>
<p>Member States shall ensure that the debit value date for the payer’s payment account is no earlier than the time at which the amount of the payment transaction is debited to that payment account.</p>
</content>
</paragraph>
</article>
</section>
<section eId="title-IV-chapter-3-section-3" period="#period2">
<num>
<inline name="expanded">Section 3</inline>
</num>
<heading>
<strong>
<inline name="expanded">Liability</inline>
</strong>
</heading>
<article eId="article-88" period="#period1">
<num>Article 88</num>
<heading>Incorrect unique identifiers</heading>
<paragraph eId="article-88-1">
<num>1</num>
<content>
<p>If a payment order is executed in accordance with the unique identifier, the payment order shall be deemed to have been executed correctly with regard to the payee specified by the unique identifier.</p>
</content>
</paragraph>
<paragraph eId="article-88-2">
<num>2</num>
<content>
<p>If the unique identifier provided by the payment service user is incorrect, the payment service provider shall not be liable under Article 89 for non-execution or defective execution of the payment transaction.</p>
</content>
</paragraph>
<paragraph eId="article-88-3">
<num>3</num>
<content>
<p>However, the payer’s payment service provider shall make reasonable efforts to recover the funds involved in the payment transaction. The payee’s payment service provider shall cooperate in those efforts also by communicating to the payer’s payment service provider all relevant information for the collection of funds.</p>
<p>In the event that the collection of funds under the first subparagraph is not possible, the payer’s payment service provider shall provide to the payer, upon written request, all information available to the payer’s payment service provider and relevant to the payer in order for the payer to file a legal claim to recover the funds.</p>
</content>
</paragraph>
<paragraph eId="article-88-4">
<num>4</num>
<content>
<p>If agreed in the framework contract, the payment service provider may charge the payment service user for recovery.</p>
</content>
</paragraph>
<paragraph eId="article-88-5">
<num>5</num>
<content>
<p>If the payment service user provides information in addition to that specified in point (a) of Article 45(1) or point (2)(b) of Article 52, the payment service provider shall be liable only for the execution of payment transactions in accordance with the unique identifier provided by the payment service user.</p>
</content>
</paragraph>
</article>
<article eId="article-89" period="#period2">
<num>Article 89</num>
<heading>Payment service providers’ liability for non-execution, defective or late execution of payment transactions</heading>
<paragraph eId="article-89-1">
<num>1</num>
<content>
<p>Where a payment order is initiated directly by the payer, the payer’s payment service provider shall, without prejudice to Article 71, Article 88(2) and (3), and Article 93, be liable to the payer for correct execution of the payment transaction, unless it can prove to the payer and, where relevant, to the payee’s payment service provider that the payee’s payment service provider received the amount of the payment transaction in accordance with Article 83(1). In that case, the payee’s payment service provider shall be liable to the payee for the correct execution of the payment transaction.</p>
<p>Where the payer’s payment service provider is liable under the first subparagraph, it shall, without undue delay, refund to the payer the amount of the non-executed or defective payment transaction, and, where applicable, restore the debited payment account to the state in which it would have been had the defective payment transaction not taken place.</p>
<p>The credit value date for the payer’s payment account shall be no later than the date on which the amount was debited.</p>
<p>Where the payee’s payment service provider is liable under the first subparagraph, it shall immediately place the amount of the payment transaction at the payee’s disposal and, where applicable, credit the corresponding amount to the payee’s payment account.</p>
<p>The credit value date for the payee’s payment account shall be no later than the date on which the amount would have been value dated, had the transaction been correctly executed in accordance with Article 87.</p>
<p>Where a payment transaction is executed late, the payee’s payment service provider shall ensure, upon the request of the payer’s payment service provider acting on behalf of the payer, that the credit value date for the payee’s payment account is no later than the date the amount would have been value dated had the transaction been correctly executed.</p>
<p>In the case of a non-executed or defectively executed payment transaction where the payment order is initiated by the payer, the payer’s payment service provider shall, regardless of liability under this paragraph, on request, make immediate efforts to trace the payment transaction and notify the payer of the outcome. This shall be free of charge for the payer.</p>
</content>
</paragraph>
<paragraph eId="article-89-2">
<num>2</num>
<content>
<p>Where a payment order is initiated by or through the payee, the payee’s payment service provider shall, without prejudice to Article 71, Article 88(2) and (3), and Article 93, be liable to the payee for correct transmission of the payment order to the payment service provider of the payer in accordance with Article 83(3). Where the payee’s payment service provider is liable under this subparagraph, it shall immediately re-transmit the payment order in question to the payment service provider of the payer.</p>
<p>In the case of a late transmission of the payment order, the amount shall be value dated on the payee’s payment account no later than the date the amount would have been value dated had the transaction been correctly executed.</p>
<p>In addition, the payment service provider of the payee shall, without prejudice to Article 71, Article 88(2) and (3), and Article 93, be liable to the payee for handling the payment transaction in accordance with its obligations under Article 87. Where the payee’s payment service provider is liable under this subparagraph, it shall ensure that the amount of the payment transaction is at the payee’s disposal immediately after that amount is credited to the payee’s payment service provider’s account. The amount shall be value dated on the payee’s payment account no later than the date the amount would have been value dated had the transaction been correctly executed.</p>
<p>
<ins class="substitution O000005M006 first last">
<noteRef href="#c000001" marker="X1" class="commentary attribute X"/>
In the case of a non-executed or defectively executed payment transaction for which the payee's payment service provider is not liable under the first and third subparagraphs, the payer's payment service provider shall be liable to the payer.
</ins>
Where the payer’s payment service provider is so liable he shall, as appropriate and without undue delay, refund to the payer the amount of the non-executed or defective payment transaction and restore the debited payment account to the state in which it would have been had the defective payment transaction not taken place. The credit value date for the payer’s payment account shall be no later than the date the amount was debited.
</p>
<p>The obligation under the fourth subparagraph shall not apply to the payer’s payment service provider where the payer’s payment service provider proves that the payee’s payment service provider has received the amount of the payment transaction, even if execution of payment transaction is merely delayed. If so, the payee’s payment service provider shall value date the amount on the payee’s payment account no later than the date the amount would have been value dated had it been executed correctly.</p>
<p>In the case of a non-executed or defectively executed payment transaction where the payment order is initiated by or through the payee, the payee’s payment service provider shall, regardless of liability under this paragraph, on request, make immediate efforts to trace the payment transaction and notify the payee of the outcome. This shall be free of charge for the payee.</p>
</content>
</paragraph>
<paragraph eId="article-89-3">
<num>3</num>
<content>
<p>In addition, payment service providers shall be liable to their respective payment service users for any charges for which they are responsible, and for any interest to which the payment service user is subject as a consequence of non-execution or defective, including late, execution of the payment transaction.</p>
</content>
</paragraph>
</article>
<article eId="article-90" period="#period1">
<num>Article 90</num>
<heading>Liability in the case of payment initiation services for non-execution, defective or late execution of payment transactions</heading>
<paragraph eId="article-90-1">
<num>1</num>
<content>
<p>Where a payment order is initiated by the payer through a payment initiation service provider, the account servicing payment service provider shall, without prejudice to Article 71 and Article 88(2) and (3), refund to the payer the amount of the non- executed or defective payment transaction and, where applicable, restore the debited payment account to the state in which it would have been had the defective payment transaction not taken place.</p>
<p>The burden shall be on the payment initiation service provider to prove that the payment order was received by the payer’s account servicing payment service provider in accordance with Article 78 and that within its sphere of competence the payment transaction was authenticated, accurately recorded and not affected by a technical breakdown or other deficiency linked to the non-execution, defective or late execution of the transaction.</p>
</content>
</paragraph>
<paragraph eId="article-90-2">
<num>2</num>
<content>
<p>If the payment initiation service provider is liable for the non-execution, defective or late execution of the payment transaction, it shall immediately compensate the account servicing payment service provider at its request for the losses incurred or sums paid as a result of the refund to the payer.</p>
</content>
</paragraph>
</article>
<article eId="article-91" period="#period1">
<num>Article 91</num>
<heading>Additional financial compensation</heading>
<content>
<p>Any financial compensation additional to that provided for under this Section may be determined in accordance with the law applicable to the contract concluded between the payment service user and the payment service provider.</p>
</content>
</article>
<article eId="article-92" period="#period2">
<num>Article 92</num>
<heading>Right of recourse</heading>
<paragraph eId="article-92-1">
<num>
<ins class="substitution O000005M007 first">
<noteRef href="#c000001" marker="X1" class="commentary attribute X"/>
1
</ins>
</num>
<content>
<p>
<ins class="substitution O000005M007 last">Where the liability of a payment service provider under Articles 73, 89 and 90 is attributable to another payment service provider or to an intermediary, that payment service provider or intermediary shall compensate the first payment service provider for any losses incurred or sums paid under Articles 73, 89 and 90. That shall include compensation where any of the payment service providers fail to use strong customer authentication.</ins>
</p>
</content>
</paragraph>
<paragraph eId="article-92-2">
<num>2</num>
<content>
<p>Further financial compensation may be determined in accordance with agreements between payment service providers and/or intermediaries and the law applicable to the agreement concluded between them.</p>
</content>
</paragraph>
</article>
<article eId="article-93" period="#period1">
<num>Article 93</num>
<heading>Abnormal and unforeseeable circumstances</heading>
<content>
<p>No liability shall arise under Chapter 2 or 3 in cases of abnormal and unforeseeable circumstances beyond the control of the party pleading for the application of those circumstances, the consequences of which would have been unavoidable despite all efforts to the contrary, or where a payment service provider is bound by other legal obligations covered by Union or national law.</p>
</content>
</article>
</section>
</chapter>
<chapter eId="title-IV-chapter-4" period="#period1">
<num>
<em>CHAPTER 4</em>
</num>
<heading>
<strong>
<em>Data protection</em>
</strong>
</heading>
<article eId="article-94" period="#period1">
<num>Article 94</num>
<heading>Data protection</heading>
<paragraph eId="article-94-1">
<num>1</num>
<content>
<p>Member States shall permit processing of personal data by payment systems and payment service providers when necessary to safeguard the prevention, investigation and detection of payment fraud. The provision of information to individuals about the processing of personal data and the processing of such personal data and any other processing of personal data for the purposes of this Directive shall be carried out in accordance with Directive 95/46/EC, the national rules which transpose Directive 95/46/EC and with Regulation (EC) No 45/2001.</p>
</content>
</paragraph>
<paragraph eId="article-94-2">
<num>2</num>
<content>
<p>Payment service providers shall only access, process and retain personal data necessary for the provision of their payment services, with the explicit consent of the payment service user.</p>
</content>
</paragraph>
</article>
</chapter>
<chapter eId="title-IV-chapter-5" period="#period1">
<num>
<em>CHAPTER 5</em>
</num>
<heading>
<strong>
<em>Operational and security risks and authentication</em>
</strong>
</heading>
<article eId="article-95" period="#period1">
<num>Article 95</num>
<heading>Management of operational and security risks</heading>
<paragraph eId="article-95-1">
<num>1</num>
<content>
<p>Member States shall ensure that payment service providers establish a framework with appropriate mitigation measures and control mechanisms to manage the operational and security risks, relating to the payment services they provide. As part of that framework, payment service providers shall establish and maintain effective incident management procedures, including for the detection and classification of major operational and security incidents.</p>
</content>
</paragraph>
<paragraph eId="article-95-2">
<num>2</num>
<content>
<p>Member States shall ensure that payment service providers provide to the competent authority on an annual basis, or at shorter intervals as determined by the competent authority, an updated and comprehensive assessment of the operational and security risks relating to the payment services they provide and on the adequacy of the mitigation measures and control mechanisms implemented in response to those risks.</p>
</content>
</paragraph>
<paragraph eId="article-95-3">
<num>3</num>
<content>
<p>By 13 July 2017, EBA shall, in close cooperation with the ECB and after consulting all relevant stakeholders, including those in the payment services market, reflecting all interests involved, issue guidelines in accordance with Article 16 of Regulation (EU) No 1093/2010 with regard to the establishment, implementation and monitoring of the security measures, including certification processes where relevant.</p>
<p>EBA shall, in close cooperation with the ECB, review the guidelines referred to in the first subparagraph on a regular basis and in any event at least every 2 years.</p>
</content>
</paragraph>
<paragraph eId="article-95-4">
<num>4</num>
<content>
<p>Taking into account experience acquired in the application of the guidelines referred to in paragraph 3, EBA shall, where requested to do so by the Commission as appropriate, develop draft regulatory technical standards on the criteria and on the conditions for establishment, and monitoring, of security measures.</p>
<p>Power is delegated to the Commission to adopt the regulatory technical standards referred to in the first subparagraph in accordance with Articles 10 to 14 of Regulation (EU) No 1093/2010.</p>
</content>
</paragraph>
<paragraph eId="article-95-5">
<num>5</num>
<content>
<p>EBA shall promote cooperation, including the sharing of information, in the area of operational and security risks associated with payment services among the competent authorities, and between the competent authorities and the ECB and, where relevant, the European Union Agency for Network and Information Security.</p>
</content>
</paragraph>
</article>
<article eId="article-96" period="#period1">
<num>Article 96</num>
<heading>Incident reporting</heading>
<paragraph eId="article-96-1">
<num>1</num>
<content>
<p>In the case of a major operational or security incident, payment service providers shall, without undue delay, notify the competent authority in the home Member State of the payment service provider.</p>
<p>Where the incident has or may have an impact on the financial interests of its payment service users, the payment service provider shall, without undue delay, inform its payment service users of the incident and of all measures that they can take to mitigate the adverse effects of the incident.</p>
</content>
</paragraph>
<paragraph eId="article-96-2">
<num>2</num>
<content>
<p>Upon receipt of the notification referred to in paragraph 1, the competent authority of the home Member State shall, without undue delay, provide the relevant details of the incident to EBA and to the ECB. That competent authority shall, after assessing the relevance of the incident to relevant authorities of that Member State, notify them accordingly.</p>
<p>EBA and the ECB shall, in cooperation with the competent authority of the home Member State, assess the relevance of the incident to other relevant Union and national authorities and shall notify them accordingly. The ECB shall notify the members of the European System of Central Banks on issues relevant to the payment system.</p>
<p>On the basis of that notification, the competent authorities shall, where appropriate, take all of the necessary measures to protect the immediate safety of the financial system.</p>
</content>
</paragraph>
<paragraph eId="article-96-3">
<num>3</num>
<intro>
<p>By 13 January 2018, EBA shall, in close cooperation with the ECB and after consulting all relevant stakeholders, including those in the payment services market, reflecting all interests involved, issue guidelines in accordance with Article 16 of Regulation (EU) No 1093/2010 addressed to each of the following:</p>
</intro>
<subparagraph eId="d4e2102">
<num>a</num>
<content>
<p>payment service providers, on the classification of major incidents referred to in paragraph 1, and on the content, the format, including standard notification templates, and the procedures for notifying such incidents;</p>
</content>
</subparagraph>
<subparagraph eId="d4e2108">
<num>b</num>
<content>
<p>competent authorities, on the criteria on how to assess the relevance of the incident and the details of the incident reports to be shared with other domestic authorities.</p>
</content>
</subparagraph>
</paragraph>
<paragraph eId="article-96-4">
<num>4</num>
<content>
<p>EBA shall, in close cooperation with the ECB, review the guidelines referred to in paragraph 3 on a regular basis and in any event at least every 2 years.</p>
</content>
</paragraph>
<paragraph eId="article-96-5">
<num>5</num>
<content>
<p>While issuing and reviewing the guidelines referred to in paragraph 3, EBA shall take into account standards and/or specifications developed and published by the European Union Agency for Network and Information Security for sectors pursuing activities other than payment service provision.</p>
</content>
</paragraph>
<paragraph eId="article-96-6">
<num>6</num>
<content>
<p>Member States shall ensure that payment service providers provide, at least on an annual basis, statistical data on fraud relating to different means of payment to their competent authorities. Those competent authorities shall provide EBA and the ECB with such data in an aggregated form.</p>
</content>
</paragraph>
</article>
<article eId="article-97" period="#period1">
<num>Article 97</num>
<heading>Authentication</heading>
<paragraph eId="article-97-1">
<num>1</num>
<intro>
<p>Member States shall ensure that a payment service provider applies strong customer authentication where the payer:</p>
</intro>
<subparagraph eId="d4e2145">
<num>a</num>
<content>
<p>accesses its payment account online;</p>
</content>
</subparagraph>
<subparagraph eId="d4e2151">
<num>b</num>
<content>
<p>initiates an electronic payment transaction;</p>
</content>
</subparagraph>
<subparagraph eId="d4e2157">
<num>c</num>
<content>
<p>carries out any action through a remote channel which may imply a risk of payment fraud or other abuses.</p>
</content>
</subparagraph>
</paragraph>
<paragraph eId="article-97-2">
<num>2</num>
<content>
<p>With regard to the initiation of electronic payment transactions as referred to in point (b) of paragraph 1, Member States shall ensure that, for electronic remote payment transactions, payment service providers apply strong customer authentication that includes elements which dynamically link the transaction to a specific amount and a specific payee.</p>
</content>
</paragraph>
<paragraph eId="article-97-3">
<num>3</num>
<content>
<p>With regard to paragraph 1, Member States shall ensure that payment service providers have in place adequate security measures to protect the confidentiality and integrity of payment service users’ personalised security credentials.</p>
</content>
</paragraph>
<paragraph eId="article-97-4">
<num>4</num>
<content>
<p>Paragraphs 2 and 3 shall also apply where payments are initiated through a payment initiation service provider. Paragraphs 1 and 3 shall also apply when the information is requested through an account information service provider.</p>
</content>
</paragraph>
<paragraph eId="article-97-5">
<num>5</num>
<content>
<p>Member States shall ensure that the account servicing payment service provider allows the payment initiation service provider and the account information service provider to rely on the authentication procedures provided by the account servicing payment service provider to the payment service user in accordance with paragraphs 1 and 3 and, where the payment initiation service provider is involved, in accordance with paragraphs 1, 2 and 3.</p>
</content>
</paragraph>
</article>
<article eId="article-98" period="#period1">
<num>Article 98</num>
<heading>Regulatory technical standards on authentication and communication</heading>
<paragraph eId="article-98-1">
<num>1</num>
<intro>
<p>EBA shall, in close cooperation with the ECB and after consulting all relevant stakeholders, including those in the payment services market, reflecting all interests involved, develop draft regulatory technical standards addressed to payment service providers as set out in Article 1(1) of this Directive in accordance with Article 10 of Regulation (EU) No 1093/2010 specifying:</p>
</intro>
<subparagraph eId="d4e2200">
<num>a</num>
<content>
<p>the requirements of the strong customer authentication referred to in Article 97(1) and (2);</p>
</content>
</subparagraph>
<subparagraph eId="d4e2206">
<num>b</num>
<content>
<p>the exemptions from the application of Article 97(1), (2) and (3), based on the criteria established in paragraph 3 of this Article;</p>
</content>
</subparagraph>
<subparagraph eId="d4e2212">
<num>c</num>
<content>
<p>the requirements with which security measures have to comply, in accordance with Article 97(3) in order to protect the confidentiality and the integrity of the payment service users’ personalised security credentials; and</p>
</content>
</subparagraph>
<subparagraph eId="d4e2218">
<num>d</num>
<content>
<p>the requirements for common and secure open standards of communication for the purpose of identification, authentication, notification, and information, as well as for the implementation of security measures, between account servicing payment service providers, payment initiation service providers, account information service providers, payers, payees and other payment service providers.</p>
</content>
</subparagraph>
</paragraph>
<paragraph eId="article-98-2">
<num>2</num>
<intro>
<p>The draft regulatory technical standards referred to in paragraph 1 shall be developed by EBA in order to:</p>
</intro>
<subparagraph eId="d4e2230">
<num>a</num>
<content>
<p>ensure an appropriate level of security for payment service users and payment service providers, through the adoption of effective and risk-based requirements;</p>
</content>
</subparagraph>
<subparagraph eId="d4e2236">
<num>b</num>
<content>
<p>ensure the safety of payment service users’ funds and personal data;</p>
</content>
</subparagraph>
<subparagraph eId="d4e2242">
<num>c</num>
<content>
<p>secure and maintain fair competition among all payment service providers;</p>
</content>
</subparagraph>
<subparagraph eId="d4e2248">
<num>d</num>
<content>
<p>ensure technology and business-model neutrality;</p>
</content>
</subparagraph>
<subparagraph eId="d4e2254">
<num>e</num>
<content>
<p>allow for the development of user-friendly, accessible and innovative means of payment.</p>
</content>
</subparagraph>
</paragraph>
<paragraph eId="article-98-3">
<num>3</num>
<intro>
<p>The exemptions referred to in point (b) of paragraph 1 shall be based on the following criteria:</p>
</intro>
<subparagraph eId="d4e2266">
<num>a</num>
<content>
<p>the level of risk involved in the service provided;</p>
</content>
</subparagraph>
<subparagraph eId="d4e2272">
<num>b</num>
<content>
<p>the amount, the recurrence of the transaction, or both;</p>
</content>
</subparagraph>
<subparagraph eId="d4e2278">
<num>c</num>
<content>
<p>the payment channel used for the execution of the transaction.</p>
</content>
</subparagraph>
</paragraph>
<paragraph eId="article-98-4">
<num>4</num>
<content>
<p>EBA shall submit the draft regulatory technical standards referred to in paragraph 1 to the Commission by 13 January 2017.</p>
<p>Power is delegated to the Commission to adopt those regulatory technical standards in accordance with Articles 10 to 14 of Regulation (EU) No 1093/2010.</p>
</content>
</paragraph>
<paragraph eId="article-98-5">
<num>5</num>
<content>
<p>In accordance with Article 10 of Regulation (EU) No 1093/2010, EBA shall review and, if appropriate, update the regulatory technical standards on a regular basis in order, inter alia, to take account of innovation and technological developments.</p>
</content>
</paragraph>
</article>
</chapter>
<chapter eId="title-IV-chapter-6" period="#period2">
<num>
<em>CHAPTER 6</em>
</num>
<heading>
<strong>
<em>ADR procedures for the settlement of disputes</em>
</strong>
</heading>
<section eId="title-IV-chapter-6-section-1" period="#period2">
<num>
<inline name="expanded">Section 1</inline>
</num>
<heading>
<strong>
<inline name="expanded">Complaint procedures</inline>
</strong>
</heading>
<article eId="article-99" period="#period2">
<num>Article 99</num>
<heading>Complaints</heading>
<paragraph eId="article-99-1">
<num>
<ins class="substitution O000005M008 first">
<noteRef href="#c000001" marker="X1" class="commentary attribute X"/>
1
</ins>
</num>
<content>
<p>
<ins class="substitution O000005M008 last">Member States shall ensure that procedures are set up which allow payment service users and other interested parties including consumer associations, to submit complaints to the competent authorities with regard to payment service providers' alleged infringements of the provisions of national law implementing the provisions of this Directive.</ins>
</p>
</content>
</paragraph>
<paragraph eId="article-99-2">
<num>2</num>
<content>
<p>Where appropriate and without prejudice to the right to bring proceedings before a court in accordance with national procedural law, the reply from the competent authorities shall inform the complainant of the existence of the ADR procedures set up in accordance with Article 102.</p>
</content>
</paragraph>
</article>
<article eId="article-100" period="#period1">
<num>Article 100</num>
<heading>Competent authorities</heading>
<paragraph eId="article-100-1">
<num>1</num>
<intro>
<p>Member States shall designate competent authorities to ensure and monitor effective compliance with this Directive. Those competent authorities shall take all appropriate measures to ensure such compliance.</p>
<p>They shall be either:</p>
</intro>
<subparagraph eId="d4e2352">
<num>a</num>
<content>
<p>competent authorities within the meaning of Article 4(2) of Regulation (EU) No 1093/2010; or</p>
</content>
</subparagraph>
<subparagraph eId="d4e2358">
<num>b</num>
<content>
<p>bodies recognised by national law or by public authorities expressly empowered for that purpose by national law.</p>
</content>
</subparagraph>
<wrapUp>
<p>They shall not be payment service providers, with the exception of national central banks.</p>
</wrapUp>
</paragraph>
<paragraph eId="article-100-2">
<num>2</num>
<content>
<p>The authorities referred to in paragraph 1 shall possess all powers and adequate resources necessary for the performance of their duties. Where more than one competent authority is empowered to ensure and monitor effective compliance with this Directive, Member States shall ensure that those authorities collaborate closely so that they can discharge their respective duties effectively.</p>
</content>
</paragraph>
<paragraph eId="article-100-3">
<num>3</num>
<intro>
<p>The competent authorities shall exercise their powers in accordance with national law either:</p>
</intro>
<subparagraph eId="d4e2379">
<num>a</num>
<content>
<p>directly under their own authority or under the supervision of the judicial authorities; or</p>
</content>
</subparagraph>
<subparagraph eId="d4e2385">
<num>b</num>
<content>
<p>by application to courts which are competent to grant the necessary decision, including, where appropriate, by appeal, if the application to grant the necessary decision is not successful.</p>
</content>
</subparagraph>
</paragraph>
<paragraph eId="article-100-4">
<num>4</num>
<content>
<p>In the event of infringement or suspected infringement of the provisions of national law transposing Titles III and IV, the competent authorities referred to in paragraph 1 of this Article shall be those of the home Member State of the payment service provider, except for agents and branches conducted under the right of establishment where the competent authorities shall be those of the host Member State.</p>
</content>
</paragraph>
<paragraph eId="article-100-5">
<num>5</num>
<content>
<p>Member States shall notify the Commission of the designated competent authorities referred to in paragraph 1 as soon as possible and in any event by 13 January 2018. They shall inform the Commission of any division of duties of those authorities. They shall immediately notify the Commission of any subsequent change concerning the designation and respective competences of those authorities.</p>
</content>
</paragraph>
<paragraph eId="article-100-6">
<num>6</num>
<content>
<p>EBA shall, after consulting the ECB, issue guidelines, addressed to the competent authorities, in accordance with Article 16 of Regulation (EU) No 1093/2010 on the complaints procedures to be taken into consideration to ensure compliance with paragraph 1 of this Article. Those guidelines shall be issued by 13 January 2018 and shall be updated on a regular basis, as appropriate.</p>
</content>
</paragraph>
</article>
</section>
<section eId="title-IV-chapter-6-section-2" period="#period2">
<num>
<inline name="expanded">Section 2</inline>
</num>
<heading>
<strong>
<inline name="expanded">ADR procedures and penalties</inline>
</strong>
</heading>
<article eId="article-101" period="#period1">
<num>Article 101</num>
<heading>Dispute resolution</heading>
<paragraph eId="article-101-1">
<num>1</num>
<content>
<p>Member States shall ensure that payment service providers put in place and apply adequate and effective complaint resolution procedures for the settlement of complaints of payment service users concerning the rights and obligations arising under Titles III and IV of this Directive and shall monitor their performance in that regard.</p>
<p>Those procedures shall be applied in every Member State where the payment service provider offers the payment services and shall be available in an official language of the relevant Member State or in another language if agreed between the payment service provider and the payment service user.</p>
</content>
</paragraph>
<paragraph eId="article-101-2">
<num>2</num>
<content>
<p>Member States shall require that payment service providers make every possible effort to reply, on paper or, if agreed between payment service provider and payment service user, on another durable medium, to the payment service users’ complaints. Such a reply shall address all points raised, within an adequate timeframe and at the latest within 15 business days of receipt of the complaint. In exceptional situations, if the answer cannot be given within 15 business days for reasons beyond the control of the payment service provider, it shall be required to send a holding reply, clearly indicating the reasons for a delay in answering to the complaint and specifying the deadline by which the payment service user will receive the final reply. In any event, the deadline for receiving the final reply shall not exceed 35 business days.</p>
<p>Member States may introduce or maintain rules on dispute resolution procedures that are more advantageous to the payment service user than that referred to in the first subparagraph. Where they do so, those rules shall apply.</p>
</content>
</paragraph>
<paragraph eId="article-101-3">
<num>3</num>
<content>
<p>The payment service provider shall inform the payment service user about at least one ADR entity which is competent to deal with disputes concerning the rights and obligations arising under Titles III and IV.</p>
</content>
</paragraph>
<paragraph eId="article-101-4">
<num>4</num>
<content>
<p>The information referred to in paragraph 3 shall be mentioned in a clear, comprehensive and easily accessible way on the website of the payment service provider, where one exists, at the branch, and in the general terms and conditions of the contract between the payment service provider and the payment service user. It shall specify how further information on the ADR entity concerned and on the conditions for using it can be accessed.</p>
</content>
</paragraph>
</article>
<article eId="article-102" period="#period2">
<num>Article 102</num>
<heading>ADR procedures</heading>
<paragraph eId="article-102-1">
<num>1</num>
<content>
<p>
Member States shall ensure that adequate, independent, impartial, transparent and effective ADR procedures for the settlement of disputes between payment service users and payment service providers concerning the rights and obligations arising under Titles III and IV of this Directive are established according to the relevant national and Union law in accordance with Directive 2013/11/EU of the European Parliament and the Council
<noteRef href="#f00035" class="footnote" marker="35"/>
, using existing competent bodies where appropriate.
<ins class="substitution O000005M009 first last">
<noteRef href="#c000001" marker="X1" class="commentary attribute X"/>
Member States shall ensure that ADR procedures are applicable to payment service providers.
</ins>
</p>
</content>
</paragraph>
<paragraph eId="article-102-2">
<num>2</num>
<content>
<p>Member States shall require the bodies referred to in paragraph 1 of this Article to cooperate effectively for the resolution of cross-border disputes concerning the rights and obligations arising under Titles III and IV.</p>
</content>
</paragraph>
</article>
<article eId="article-103" period="#period1">
<num>Article 103</num>
<heading>Penalties</heading>
<paragraph eId="article-103-1">
<num>1</num>
<content>
<p>Member States shall lay down rules on penalties applicable to infringements of the national law transposing this Directive and shall take all necessary measures to ensure that they are implemented. Such penalties shall be effective, proportionate and dissuasive.</p>
</content>
</paragraph>
<paragraph eId="article-103-2">
<num>2</num>
<content>
<p>Member States shall allow their competent authorities to disclose to the public any administrative penalty that is imposed for infringement of the measures adopted in the transposition of this Directive, unless such disclosure would seriously jeopardise the financial markets or cause disproportionate damage to the parties involved.</p>
</content>
</paragraph>
</article>
</section>
</chapter>
</title>
</portionBody>
</portion>
</akomaNtoso>