PS19/26: Brexit - Regulatory Technical Standards for Strong Customer Authentication and Common and Secure Open Standards of Communication

Open consultation: CP18/44
19/12/2018
Consultation closes
19/02/2019
Policy statement: PS19/26
25/10/2019
25/10/2019

This policy statement PS19/26 confirms the regulatory technical standards for strong customer authentication and common and secure open standards of communication, which will apply in the UK, in the event of a no-deal exit by the UK from the EU.

This policy statement PS19/26 confirms the regulatory technical standards for strong customer authentication and common and secure open standards of communication, which will apply in the UK, in the event of a no-deal exit by the UK from the EU.

27 November 2020 update

Following the completion of the EU-UK exit implementation period, the instruments set out in PS19/26 will come into force on the 31 December 2020. 

In the UK-RTS, we have maintained the contactless limit in Article 11(a) for single payment transactions at £45 to reflect industry practice.

See our Handbook.

Read PS19/26 (PDF)

The UK regulatory technical standards are substantially the same as EU technical standards designed to make electronic payments safer and more secure. Making the UK regulatory technical standards in this way will provide certainty for firms and maintain consumer protections.

In December 2018, as part of our Brexit contingency plan we consulted on making regulatory technical standards for strong customer authentication and common and secure open standards of communication. These standards would apply in the UK from 14 September 2019 in the event of the UK’s withdrawal from the European Union (EU) without a ratified withdrawal agreement “a no-deal exit”.

In our consultation paper, we proposed to make these standards substantially the same as EU regulatory technical standards (EU-RTS) after a no-deal exit. This policy statement summarises the feedback we received from our consultation and publishes the UK regulatory technical standards (UK-RTS), together with Handbook changes, which we will make in the event of a no-deal exit.

Today we have confirmed our approach to this.

Who this applies to

This policy statement will primarily be of interest to all payment service providers, including:

  • banks
  • building societies
  • e-money issuers
  • payment institutions
  • registered account information service provider
  • payment initiation service providers

It will also be of interest to consumer bodies and relevant trade bodies, retailers, consumers, micro-enterprises and those involved in open banking initiatives.

Next Steps

Payment service providers must comply with the provisions of the UK-RTS in the event of a no-deal exit.

In August 2019, we wrote to trade bodies setting out the terms of a 6-month adjustment period for implementing the EU-RTS. In the event of a no-deal exit, firms should treat those terms as applying to the UK-RTS.

Page updates

: Link changed fixed broken link
: Information added 27 November 2020 update
: Information added 27 November 2020 update
: Link added CP18/44