PSD2 vs MiCA: The Decision Matrix Every Regulated Fintech Needs in 2026

Most regulated fintech founders we speak with in 2026 arrive with the same misconception: that PSD2 and MiCA are alternative routes to the same destination. They are not. They are non-substitutable regimes that govern different instruments, different functions, and different rails — and the wrong starting point can cost 18 months and a seven-figure legal bill.

Some business models need PSD2 only. Some need MiCA only. A growing number — particularly stablecoin issuers, hybrid wallets, and crypto-fiat on-ramps — need both, simultaneously, from the same supervisor or two different ones. A handful need neither.

This article gives you The PSD2-MiCA Decision Matrix — a six-dimension test that resolves the question for any EEA-facing fintech in under thirty minutes. The output is one of four quadrants: PSD2 only, MiCA only, dual licensure, or no licence required.

The Payment Services Directive (PSD2)¹^[1] governs the movement of fiat funds through regulated payment institutions. It defines eight regulated payment services — from money remittance to payment initiation services (PIS) and account information services (AIS).

The Markets in Crypto-Assets Regulation (MiCA)²^[2] governs the issuance and service provision of crypto-assets. It applies to asset-referenced tokens (ART), e-money tokens (EMT), other crypto-assets (the residual category), and to ten regulated crypto-asset services — custody, exchange, transfer, advice, portfolio management, placing, execution of orders, reception and transmission, operation of a trading platform, and crypto-fiat exchange.

The collision happens at the boundary. An EMT is a crypto-asset under MiCA, and simultaneously e-money under EMD2 — so its issuer is regulated under both regimes. A hybrid wallet that accepts SEPA top-ups and converts them to USDC needs a PI/EMI authorisation for the fiat leg and a CASP authorisation for the crypto leg. Neither regime collapses into the other.

The PSD2-MiCA Decision Matrix evaluates a business model along six axes. Work through them in order. Each one narrows the answer; by the sixth, the regime is determined and so is the supervisor.

1. 1

   Instrument — What is being moved? Fiat, e-money, ART, EMT, utility token, security token, or NFT?

2. 2

   Function — Are you issuing, custodying, exchanging, transferring, initiating payment, or providing account information?

3. 3

   Rail — Does the transaction run on a fiat IBAN rail, a distributed ledger, or a hybrid of both?

4. 4

   Customer Base — Retail, professional, institutional? Where are they resident? Any EEA-resident customer triggers the regime.

5. 5

   Capital Threshold — Which minimum own-funds tier does your activity attract, and do they stack when dual-licensed?

6. 6

   Supervisor — National competent authority, ECB significance designation, or split supervision? Which Member State's NCA do you want as your home regulator?

The instrument question is the first fork. Under the Electronic Money Directive (EMD2)³^[3], e-money is electronically stored monetary value, denominated in fiat, redeemable at par, issued on receipt of funds. PSD2 governs its movement; EMD2 governs its issuance.

Under MiCA, crypto-assets split into three classes. Asset-referenced tokens (ART) peg to a basket of currencies, commodities, or other assets. E-money tokens (EMT) peg to a single fiat currency — and are simultaneously e-money under EMD2. Other crypto-assets — the residual category — captures utility tokens and the bulk of payment-purpose tokens that are not EMT or ART.

Security tokens, NFTs that are unique and non-fungible, and central bank digital currencies are out of scope of MiCA. Security tokens fall under MiFID II. Genuine NFTs are out altogether. CBDCs sit with the issuing central bank.

PSD2 enumerates eight payment services in Annex I. The most common triggers are: services enabling cash to be placed on or withdrawn from a payment account; execution of payment transactions (direct debits, card payments, credit transfers); issuing of payment instruments and acquiring of payment transactions; money remittance; PIS; and AIS.

MiCA enumerates ten crypto-asset services in Article 3(1)(16). The high-frequency triggers are custody and administration of crypto-assets on behalf of clients, exchange of crypto-assets for funds or for other crypto-assets, transfer services, and operation of a trading platform.

The overlap point: when a CASP exchanges crypto for funds and credits a customer's fiat account, the fiat leg of the transaction is a PSD2 payment service unless the CASP holds the fiat strictly as a passthrough in a segregated client account at an authorised credit institution.

The rail dimension is often misread. The rule is simple: fiat IBAN movements trigger PSD2; distributed ledger movements of crypto-assets trigger MiCA. A hybrid model that touches both rails triggers both regimes.

The harder question is what happens when fiat sits inside a wallet that also holds crypto. If the customer's fiat balance is safeguarded under PSD2 / EMD2 rules and held with a credit institution, you need PI or EMI authorisation for that leg. If the fiat is converted on-the-fly to an EMT and the customer holds the EMT, the issuer is regulated under MiCA Title III plus EMD2 — and the wallet operator is a CASP.

Both regimes apply when an EEA-resident customer is served. There is no professional-client exemption for retail customers. Reverse solicitation is narrow under MiCA — narrower than under MiFID II — and is not a viable cross-border strategy for any firm actively marketing into the EEA.

Customer base also drives conduct-of-business obligations. Retail-facing CASPs face full whitepaper, marketing, and disclosure rules under MiCA Title II. Institutional-only platforms benefit from lighter disclosure but still need full authorisation.

Capital thresholds drive the cost-of-entry conversation. The EBA Guidelines on safeguarding and own-funds requirements⁴^[4] set the prudential floor for PIs and EMIs across the EEA, and MiCA Annex IV sets the equivalent for CASPs.

• EMI — initial capital €350,000. Ongoing own funds the higher of €350k or 2% of average outstanding e-money.

• PI (full) — initial capital €125,000 for the most common services. €50k for AIS, €50k for execution-only without account holding, €20k for money remittance.

• CASP Class 1 — €50,000. Advice, placing, reception and transmission, execution of orders, portfolio management.

• CASP Class 2 — €125,000. Custody and administration, exchange of crypto-assets for funds or other crypto-assets, transfer services.

• CASP Class 3 — €150,000. Operation of a trading platform.

When a firm is dual-licensed, capital does not double. The prudential rule is the higher of the applicable thresholds, subject to the K-factor and fixed-overhead requirements in the CRR/IFR overlay where they apply. An EMI that is also a CASP Class 3 holds the higher of €350k (EMI initial) and €150k (CASP Class 3) — i.e. €350k as the floor — plus ongoing own-funds tied to e-money volumes.

Supervision under both regimes is primarily delegated to national competent authorities (NCAs) — BaFin in Germany, ACPR and AMF in France, CySEC in Cyprus, MFSA in Malta, CSSF in Luxembourg, the Bank of Lithuania. The ESMA MiCA Implementation Hub⁵^[5] coordinates technical standards across NCAs.

Two escalation paths matter. For significant ART or EMT issuers — those over thresholds in MiCA Articles 43 and 56 (e.g. more than €5 billion in reserve assets, more than 10 million holders, or material cross-border use) — the EBA assumes direct supervisory powers. For credit institutions hitting ECB significance criteria, the ECB takes over prudential supervision under the SSM. Choosing your home NCA is therefore a decision about both speed and ongoing supervisory intensity.

The clearest way to see the non-overlap is to put the two regimes against each other on eight axes that matter for business design.

Run any business model through the six dimensions and the answer falls into one of four quadrants. The table below maps the quadrant to a representative business model, the licence stack, and the realistic timeline from kick-off to authorisation in a fast-track jurisdiction.

The stablecoin case is the cleanest illustration of why PSD2 and MiCA are stacked rather than substitutable. A single-currency fiat-pegged stablecoin is an EMT under MiCA Title IV and simultaneously electronic money under EMD2. The issuer must hold an EMI authorisation under EMD2 and comply with the additional MiCA Title IV rules — reserve composition, redemption rights, whitepaper, marketing.

This means: an EMT issuer is always EMI-authorised, never CASP-authorised, for the issuance leg. A CASP authorisation applies only if the issuer also provides crypto-asset services (custody, exchange, transfer) on its own tokens. Most stablecoin issuers do not. They sell to distributors who hold the CASP licence.

For ART — multi-asset-referenced tokens — the issuer needs a specific MiCA Title III authorisation or must already be a credit institution. EMD2 does not apply because the token is not denominated in a single fiat currency.

The hybrid wallet is the most common dual-regime business model we see in 2026. The customer journey involves: SEPA top-up of a fiat balance, conversion of that balance to USDC or EUR-pegged EMT, custody of crypto, peer-to-peer crypto transfer, and crypto-to-fiat off-ramp.

• SEPA top-up + fiat balance — this is e-money issuance. EMI authorisation under EMD2/PSD2.

• Fiat-to-EMT conversion — this is exchange of crypto-assets for funds. CASP Class 2 authorisation under MiCA.

• Crypto custody — custody and administration of crypto-assets. CASP Class 2.

• Peer-to-peer crypto transfer — transfer services for crypto-assets. CASP Class 2.

• Off-ramp to SEPA — exchange of crypto-assets for funds (CASP) + execution of payment transaction (PSD2). Both apply.

Net result: EMI + CASP Class 2. Most groups structure this as a single regulated entity holding both authorisations from the same NCA — typically Bank of Lithuania, MFSA, or CySEC — to consolidate compliance, governance, and reporting.

The most significant near-term shift is the PSD3 and Payment Services Regulation (PSR) package⁶^[6] proposed by the European Commission. The headline change: EMD2 is merged into PSD3. Electronic money issuance becomes a payment service. The EMI and PI categories converge into a single Payment Institution with sub-classes.

The PSR sets directly-applicable conduct and prudential rules, removing Member State transposition variance that has plagued PSD2 since 2018. Expected timeline: political agreement in 2026, entry into force 2027–2028, with transitional arrangements for existing PI and EMI authorisations.

MiCA, by contrast, is stable for the foreseeable future. The Level 2 RTS and ITS package is still being finalised by ESMA and the EBA through 2026, but the Level 1 text is locked. The next legislative review window opens in mid-2027, with any amending regulation realistic only from 2029.

Only if your business model touches both fiat payment services and crypto-asset services. A pure-play crypto custodian needs MiCA only. A pure-play SEPA remittance firm needs PSD2 only. A hybrid wallet that lets customers top up with SEPA, hold crypto, and withdraw to SEPA needs both — typically EMI + CASP Class 2. Run the six-dimension matrix to confirm.

Yes for EMT issuers — they must hold an EMI authorisation under EMD2 as well as comply with MiCA Title IV. No for ART issuers — they hold a stand-alone MiCA Title III authorisation (unless they are already a credit institution). The distinction turns on whether the token is pegged to a single fiat currency.

Yes — and this is the most misunderstood point. EMD2 was not displaced by MiCA. EMT issuers comply with both. EMD2 governs the issuance, redemption, and safeguarding mechanics. MiCA Title IV layers on whitepaper, reserve composition, marketing, and conduct rules. When PSD3 enters force in 2027–2028, EMD2 will be repealed and merged into PSD3, but the dual-compliance posture for EMT will persist under the new framework.

Yes — and increasingly common. A single legal entity can hold both a PI/EMI authorisation and a CASP authorisation from the same NCA. Capital does not double; the firm holds the higher of the applicable thresholds. Governance, risk management, ICT, and reporting must satisfy both regimes — which usually means a more demanding compliance build than either licence alone.

On current 2026 data, the Bank of Lithuania, MFSA, and CySEC process dual files in approximately 12–18 months from a clean, complete submission. BaFin and ACPR run longer — 18–24 months — but offer stronger downstream bank correspondent positioning. Choose on the full economic life of the licence, not just authorisation speed.

• MiCA Compliance Guide for CASPs: full authorisation walkthrough for EEA crypto-asset service providers, from gap analysis to in-principle approval.

• EMI vs PSP vs VASP vs CASP Licence Comparison: side-by-side decision framework for choosing between the four regulated licence types in the EEA and UK.

• Payment Institution (PI) Licence in the EU: jurisdictional comparison, capital thresholds, application timelines, and passporting mechanics under PSD2.

• CASP Transitional Period Calendar: Member State-by-Member State map of MiCA transitional regimes, grandfathering windows, and authorisation deadlines.

The 2026 landscape rewards firms that run the matrix before they pick a jurisdiction. PSD3 will consolidate the fiat side, MiCA will tighten the crypto side, and the AMLR will overlay both. The strategic question is no longer which regime — it is which combination, which supervisor, and which sequence. Run the six dimensions cleanly, and the answer to all three falls out together.

• Liechtenstein TVTG: The EEA's Hidden Crypto Passport — the third option the matrix doesn't surface: a pre-MiCA EEA framework still in force.