On 17 January 2025, the European Banking Authority (EBA) issued a press release stating that it had repealed its guidelines on major incidents reporting under the revised Payment Services Directive (PSD2) due to the application of harmonised incident reporting under the Digital Operational Resilience Act (DORA) from 17 January 2025.

However, incident reporting requirements under the PSD2 still apply to certain types of payment services providers (PSPs) not covered by DORA but the EBA has opted to repeal the guidelines in their entirety because the number of such institutions is very low with no sizable market share at in the EU. Such PSPs can be subject to national incident reporting requirements, regardless of the existence of the EBA’s guidelines. Member State competent authorities willing to retain the incident reporting approach included in the EBA guidelines for those PSPs can continue to do so under their national legal framework or supervisory measures.