What is DORA compliance?

DORA compliance refers to meeting the EU’s Digital Operational Resilience Act requirements. These rules ask financial firms to manage ICT risk, report cyber incidents, test resilience and monitor technology vendors.

What is PSD3 in banking?

PSD3 is the next version of the EU’s Payment Services Directive. It focuses on payment fraud, customer protection, open banking, strong customer authentication and better supervision of payment service providers.

Why is 2026 important for BFSI regulation in Europe?

By 2026, the EU Digital Identity Wallet rollout will coincide with DORA implementation and PSD3 preparation

DORA, PSD3 and EU Digital Identity Wallet Deadline: Is the BFSI Sector Ready?

Q: What is the EU Digital Identity Wallet deadline?

EU member states must make at least one digital identity wallet available to citizens and residents by the end of 2026 under the revised eIDAS framework.

DORA, PSD3 and the EU Digital Identity Wallet are set to reshape Europe’s BFSI sector by 2026. Banks, fintechs and payment firms must prepare for new rules.

Published Jun 16, 2026 by Srajan Agarwal
Updated on Jun 16, 2026 at 05:30 PM

EU digital identity wallet, DORA and PSD3 regulations impacting banks and fintechs in Europe

Europe’s banks, fintech companies, payment firms and insurance players are heading into a year that may change how financial services are delivered across the region.

By the end of 2026, every European Union member state must make at least one EU Digital Identity Wallet available to citizens and residents. The wallet will allow people to prove who they are, share digital documents and access public and private services through a state-backed digital identity system.

For the BFSI sector, the change is not limited to customer login. It will affect onboarding, KYC, payments, fraud checks, data sharing, cyber security, vendor contracts and compliance reporting.

What is changing for the BFSI industry?

The BFSI sector is facing three connected rules.

1. DORA (Digital Operational Resilience Act)

DORA is already in force. It covers banks, payment institutions, e-money firms, insurance companies, investment firms, crypto asset service providers, trading venues and other financial entities.

Under DORA, firms must be ready with:

ICT risk management
Cyber incident reporting
Digital resilience testing
Third-party technology risk checks
Contracts and registers for ICT service providers
Oversight of cloud and technology vendors

The rule also gives EU supervisors a direct role in overseeing critical third-party ICT providers. In November 2025, European regulators designated 19 critical ICT third-party providers under DORA. These include major cloud, data, infrastructure and technology service providers used by financial firms.

This is important because many banks no longer run all systems on their own infrastructure. Core banking, customer service, fraud monitoring, data storage, analytics and even payment systems often depend on external technology providers.

Also Read: Before Taking a Loan, Know Your CIBIL Score: Why It Matters for Every Borrower?

2. EU Digital Identity Wallet

The EU Digital Identity Wallet is part of the revised eIDAS framework. Each EU member state must provide at least one wallet by the end of 2026.

The wallet can be used to store and share:

Digital ID
Driving licence
Educational credentials
Age proof
Professional certificates
Payment-related identity data
Other verified documents

For financial services, the wallet may become a new way to verify customers, approve account access and support secure authentication.

Service providers that are legally required to identify customers clearly will be expected to accept wallet-based authentication. This includes many firms in banking and financial services.

A further acceptance timeline is also important. Many private relying parties that use strong online authentication, including banks and payment service providers, are expected to support wallet acceptance by late 2027.

3. PSD3 and Payment Services Regulation

PSD3 is the next phase of Europe’s payment regulation. It builds on PSD2, which introduced open banking and strong customer authentication.

https://commission.europa.eu/index_en proposed PSD3 and the Payment Services Regulation in June 2023. The Council adopted its negotiating position in June 2025. The Parliament and Council reached a provisional agreement in November 2025. In May 2026, the Parliament’s economic affairs committee approved the agreed text.

Also Read: Technology Trends in India 2026: AI, Cloud, UPI & Future Growth

Why 2026 matters for banks and fintechs

For a bank customer, the change may look simple.

A person may open a bank account using a digital wallet. A business owner may verify credentials without scanning documents. A user may approve a payment through wallet-based authentication. A customer may share only the exact data needed by the bank, instead of uploading a full passport or ID card.

The data behind the urgency

The pressure is not only regulatory. It is also operational.

Payment fraud is rising

According to the European Central Bank and European Banking Authority, payment fraud in the European Economic Area rose to €4.2 billion in 2024, compared with €3.5 billion in 2023.

Fraudsters are no longer only stealing passwords. Many are manipulating customers into authorising payments themselves. This is harder for banks to detect because the payment may look genuine from a technical point of view.

Cyber risk is now a boardroom issue

The European Central Bank conducted a cyber resilience stress test in 2024 covering 109 banks. Of these, 28 banks went through deeper testing. The test found that banks had response and recovery frameworks, but still needed improvement in some areas.

This matters because DORA does not ask banks to only prevent attacks. It asks them to show that they can recover from disruption.

Finance is a major cyber target

ENISA, the European Union Agency for Cybersecurity, analysed 488 publicly reported cyber incidents affecting Europe’s finance sector between January 2023 and June 2024.

The report found that all EU member states faced finance-related cyber incidents during the period. Banks were among the most targeted institutions.

Why the Digital Identity Wallet changes banking

The EU Digital Identity Wallet could change one of the most common pain points in banking: proving identity.

Today, many digital onboarding journeys still depend on document uploads, selfie checks, video KYC and manual review. These processes can be slow, costly and prone to fraud.

With the wallet, a user may be able to share verified identity data directly from a trusted source. In theory, this could reduce fake documents and improve customer experience.

But it also creates new questions for banks.

Also Read: From Kids to Grandparents: The Cyber Safety Rules Every Indian Family Needs

Did you know Facts?

The EU Digital Identity Wallet must be offered by all EU member states by the end of 2026.
The wallet is expected to work across borders, which means a person from one EU country should be able to use it in another EU country.
DORA applies not only to banks, but also to insurers, payment firms, investment firms and several other financial entities.
DORA also brings critical technology vendors under direct EU-level oversight.
Payment fraud in the EEA touched €4.2 billion in 2024.
The ECB tested 109 banks in its 2024 cyber resilience stress test.
ENISA tracked 488 publicly reported cyber incidents affecting Europe’s finance sector from January 2023 to June 2024.
PSD3 and PSR are expected to give more attention to impersonation fraud, fee transparency and open banking access.

What this means for Indian IT and fintech firms

The EU deadline is also important for Indian technology firms, SaaS companies, regtech players, cybersecurity providers and IT service companies that serve European BFSI clients.

Many Indian firms work with banks, insurers and fintechs in Europe. Their clients may now ask for:

DORA-ready service contracts
Incident reporting support
Data security controls
Cloud risk documentation
Audit support
Wallet integration capability
Fraud analytics
Identity verification tools
Open banking API upgrades

For Indian firms, this is both a compliance challenge and a business opportunity.

Companies that understand DORA, PSD3 and eIDAS may find demand from European banks that need implementation support.

News4Bharat POV

The BFSI sector is entering a phase where compliance will no longer be only a legal function. It will sit inside product design, customer onboarding, cyber security, payments and vendor management.

A bank that treats the EU Digital Identity Wallet as only an identity project may miss the payment and fraud impact.

A fintech that treats DORA as only a cyber policy may miss the vendor and recovery requirements.

A payment company that treats PSD3 as only a licensing matter may miss the changes in authentication, fraud liability and customer protection.

The winners will be firms that create one common plan across regulation, technology and customer experience.

By late 2026, the question will not be whether the rules are coming. The question will be which firms are ready to operate under them.