On November 27th the final version of the RTS on strong customer authentication and secure communication under PSD2 came out, which is by far the most important of them all. There were some surprises and some new additions, and with them some interesting questions have arisen:
Now it is up to the Parliament and the Council to come to a decision during the 3 months of scrutiny period, after which the RTS can be announced in the official journal, from when the 18 (and 12) months are counted until it comes into force. For some countries, this date comes sooner, but the rules are no different across the EU.
Read more about our findings in the linked document.