All things regulation - Interview with TrustEUAffairs

What can you tell us about the latest EU legislative payments initiatives/developments? 

On the 24th of March 2021, the Commission published the consultation strategy on instant payments, which is a follow-up to the European Commission Retail Payments Strategy (published in September 2020). 

The consultation (which closed on 2 June 2021) is aimed at identifying the obstacles to the creation of an efficient Pan-European instant payment solution and it contains specific questions and aspects, such as the consequences of instant payments in terms of liquidity management for banks; it also raises the issue of sanction screening, and how sanctions screenings should be performed for instant payments, and whether this should be done in a specific way for instant payments. Moreover, the Commission is looking to understand whether there is a need for specific rules about refunds and fraudulent behaviour as far as instant payments are concerned.

The consultation gives an idea about what the Commission would like to do, while they are inquiring about the business model of all the entities which will be providing instant payments. They're trying to understand what the costs of these business models are, the benefits, and the investment needed.

The second part of the consultation has closed on 23 June and is addressed to a broad range of stakeholders: payment services users (consumers, corporate users and merchants), PSPs and providers of supporting technical services, clearing and settlement mechanisms, relevant public authorities, national regulators and others. The consultation was aimed at informing the Commission on remaining obstacles as well as possible enabling actions that it could take to ensure a wide availability and use of instant payments in the EU. The consultation also seeks to identify factors that would be relevant for stimulating customer demand (from consumers, corporate users and merchants alike) towards instant credit transfers.

The European Commission released recently its Artificial Intelligence (AI) Act. What are the objectives of the initiative? 

The Commission published their communication on fostering a European approach to AI on the 21st of April, 2021. This regulatory framework will work together with the Product Safety legislation and the Machinery Directive, which are old pieces of law that are now going to be digitalised to include AI technology in their scope.

The idea of this framework on AI regards liability. The regulatory framework around AI will also include the Product Safety Directive and the revision of the Machinery Directive, as the Commission would like to address the liability issues linked to AI.

The AI Act comes because of the opacity of algorithms. The use of algorithms has high risks in terms of safety, according to the Commission, and in terms of fundamental rights protection. 

What will be the impact on payments? 

The proposal focuses on a certain number of high-risk AI use cases, including systems, for instance, that are intended to evaluate the creditworthiness of individuals. So, if we talk about AI which is trying to assess the creditworthiness of individuals, we are talking about any kind of algorithm which is providing credit scoring, fraud de-risking, or anything concerning the creditworthiness of a person or company. This concerns credit and any company that is working on payments which is going to use an algorithm to assess the creditworthiness of their clients.

The AI Act is defining several issues. As far as high-risk AI systems are concerned, the proposal explains that they must be tested to identify the most appropriate risk management measures. This testing shall ensure that the high-risk AI systems perform consistently for their intended purpose and that they are not used in a way that can create discrimination or unethical consequences for the person who is the object of the AI functioning. The proposal pushed this to the point of saying that, for credit institutions (banks that are regulated under the Credit Rating directive), these aspects - the checking and the risk management measures around the AI systems - should be part of the risk management procedures that are established by these banks, under the credit rating directive. 

The Act also addresses things like human oversight, explaining that AI systems that look at creditworthiness must be designed and developed in a way that allows for them to be effectively overseen by people during the period in which the AI systems are in use. To avoid the automation bias, there would be a need for someone to supervise how the algorithm is functioning. Also, as far as these high-risk AI systems are concerned, their conformity assessment would need to be carried out by an overseer, as part of the supervisory of the revenue and evaluation process.

What is explained in this initial draft of the proposal is that not only the company producing the algorithm, but also the companies which are using, importing, or distributing the algorithms, will have some liabilities and responsibilities ensuring that this algorithm is working in an unbiased way. Given that this is just an initial draft, we’ll have to see how the Parliament and the Council will modify it during the legislative procedure and the various negotiations rounds.

For the moment, the only exemption from the scope is for services provided by small scale providers for their use.

The Data Strategy is one of the first pillars of the new digital strategy of the Commission. What are the main objectives of the European Data Strategy and next steps?

When the European Commission launched the new digital strategy in 2020, its pillars were the data strategy and the work on AI. So, what we described in the previous question is linked to the data strategy. The aim is to put people first in developing technology, to defend and promote European values and rights. The European data strategy aims to create a single market for data that would allow Europe to have data sovereignty and also be competing with other parts of the world. Also, part of the strategy is to create European data spaces that will ensure that data becomes available for use in the economy and society.

An important piece of the European data strategy is a proposal for a regulation on European data governance - Data Governance Act (DGA) - published by the Commission on the 25th of November, 2020. Now we are at the stage where the Parliament is discussing this. To understand the content of DGA is interesting to read a statement from the European Data Protection Board – Statement no. 5, 2021 – ‘Data Governance Act in light of the legislative developments. It shows how the European Data Protection Board (EDPB) is worried by this DGA because it is covering data sharing services and it will be applicable in the context of data processing (including personal data). It also creates the notion of data altruism - organisations that are processing data for free.

The EDPB is questioning whether there are enough safeguards in the DGA and if there is a risk that the digital economy will not be sustainable - what are the risks of that data use/what are the risks of sharing data and making it available. There are a certain number of provisions in which the DGA is not compatible according to the EDPB with the GDPR (General Data Protection Regulation).

I believe that the data strategy is a very ambitious initiative of the Commission. What is challenging there is to have coherence between the different parts of it and how the DGA will interplay with the GDPR is a fundamental part of the data strategy. 

The Commission has the Council's support for a comprehensive review of the payments services directive (PSD2), including an EU view on Open Banking. What is next after PSD2? 

The Retail Payments Strategy gave insights into the possibility of having a legislative initiative about instant payments. It also showed a lot of refractions about, for example, the protection of consumers (instant payments are, in principle, irrevocable) and how the refunds for instant payments will eventually work. 

The Retail Payments Strategy goes on to explain that, by the end of 2023, the European Commission will explore the feasibility of developing a label that is accompanied by a logo for eligible pan-European payment solutions, and they would also try to understand what are the ways to develop European specification for contactless card-based payments. Also, they will try and support the modernisation of European nations payments acceptance facilities, enabling, for example, cash registers or issuing of e-receipts.

The Retail Payments Strategy also welcomes the European Payment Initiative (EPI) and considers it as an encouraging development. The strategy mentions the review of PSD2 and it explains that at the end of 2021 the Commission will launch a review of the application and impact of the PSD2, and publish and present a legislative proposal for a new Open Finance framework in mid-2022.

Now, the rumours in Brussels surrounding PSD2’s revision say that this should take place before the end of 2021. We may have articles in PSD3 that will cover how the E-money Directive interplays with the GDPR and how PSD2 interplays with the GDPR. 

There may also be a new licensing regime for technology providers. Now, technology providers are out of the scope of PSD2. Rumours say that in PSD3 they may be in scope as several supervisory authorities of member states have already asked the Commission to do so, for example, BaFin, the German Supervisory Authority, and the Bulgarian Supervisory Authority. 

Again, these are only rumours and conclusions that we are drawing from the discussions taking place. We would have to wait and see how this all pans out.

About Monica Monaco

Based in Brussels for the past 18 years, Monica is the founder and managing director of TrustEUAffairs. She is a member of the Society of European Affairs Professionals (SEAP) since 2004, and served as a member of the SEAP Board from 2012 to 2015. Monica is Member of the Europol Virtual Currencies Taskforce and also Member of the European Commission Payment Systems Market Expert Group (PSMEG). Monica has been Senior Manager for EU Regulatory Affairs in the Legal Department of Visa Europe for  more than ten years, being responsible for the relations with the European Commission, Parliament, and Council, as well as with various national regulators.

About TrustEUAffairs

TrustEUAffairs is a regulatory affairs consultancy specialising in financial services legislation at the European Union level. Founded in Brussels in 2013 and drawing upon over 17 years of EU regulatory and public affairs experience we pride ourselves on being adept at working comfortably in a multilingual environment to guide you through the Brussels environment and complex EU legislative process with professionalism, tact and effectiveness, from drafting to implementation. We understand how Brussels works, how EU laws and decisions are made, and how best to give input to the EU policy making process.