Legislation has still to be adopted in Spain to implement the EU's second Payment Services Directive (PSD2).

PSD2 was finalised by EU law makers in late 2015, although it did not formally come into force until 13 January 2016 with a further two year implementation period for EU member states.

PSD2 is designed to open the payments market to greater competition and innovation through provisions that give fintechs, retailers, technology companies, as well as incumbent banks, qualified rights to access customer payment account data from account-holding payment service providers and provide 'account information services' (AIS) and/or 'payment initiation services' (PIS).

However, Spain is one of 15 EU countries yet to communicate any "transposition measures" to the European Commission. In addition, Malta has only partly implemented PSD2.

The Commission announced last month that infringement proceedings are "pending" against the 16 EU countries, including Spain, over the "lack or delay of the notification of national transposition measures or their incompleteness".

Idoya Arteagabeitia, a Madrid-based expert in financial services regulation at Pinsent Masons, the law firm behind Out-Law.com, said a new draft bill on payment services was published by Spain's Ministry of Finance and Public Function on 22 December 2017 and has been subject to "public hearing" in the country until16 January this year, in accordance with Spanish law.

Arteagabeitia said that the proposed new bill will replace an existing law on payment services that has been in force since 2009. However, she said "the complete transposition of PSD2" will require will require the corresponding replacement of the existing Royal Decree and Ministerial Order that relate to the first PSD.

"According to the latest information provided by the Spanish government, the definitive approval of the proposed new Spanish law on payment services will take place byl mid-2018," she said.

"Under the draft bill, a transitory regime will apply for payment institutions, AIS and PIS providers and electronic money institutions that already have authorisation – that will be regulated in a similar way to that established by PSD2," Arteagabeitia said.

Arteagabeitia said, though, that although PSD2 has not been implemented, businesses in the payment services market in Spain must take into account the fact that new regulatory technical standards on 'strong customer authentication and common and secure open standards of communication' have been set and will apply under PSD2, mostly from 14 September 2019.

Those standards set out what banks must provide for to ensure that third party AIS and PIS providers in the payments market can access their customers' payment account data when they are given permission to do so by those customers.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.