PSD2 is created to implement enhanced privacy and digital security measures for all Payment Service Providers (PSPs), including banks. Due to the sensitivity of financial services transactions, the European Banking Authority (EBA) issued the revised PSD2 Regulatory Technical Standards (RTS) requiring—among other measures—the use of digital security certificates issued by a Qualified Trust Service Provider (TSP) in accordance with eIDAS standards. Throughout the EU, “Qualified Certificates” will provide special status in regulatory contexts.

eIDAS (EU Regulation 910/2014) is a set of European Union regulatory standards which define the requirements for PSD2 certificate compliance with digital certificates. This includes standards designed to verify their holders’ identity, as well as the operation of the Qualified Trust Service Providers (TSPs) that issue them. Certificates which are issued in accordance with eIDAS standards by Qualified TSPs are also known as “Qualified Certificates” and provide special status in certain legal and regulatory contexts across the EU.

PSD2 requirements enable digital certificates to be used to identify PSPs and banks, verify their licensed roles, encrypt communications, and in some instances to provide tamperproof seals on transactions or data. The PSD2 Regulatory Technical Standards (RTS) specify that only eIDAS certificates issued by Qualified Trust Service Providers (TSP) may be used for identification of PSPs, due to the sensitivity and privacy required for financial services transactions.