The European Banking Authority (EBA) have published clarifications to a fifth set of issues that had been raised by participants of its Working Group (WG) on APIs under PSD2. The clarifications respond to issues raised on the measurement of response times of the dedicated interface, the machine-readability of the EBA register, reliance on eIDAS certificates and various issues related to the contingency measures, including the identification of third party providers through ‘guest books’, the data that can be accessed and documentation.
Background and next steps
In January 2019, the EBA established a Working Group (WG) on APIs under PSD2, consisting of 30 individuals representing account servicing payment service providers (ASPSPs), third party providers (TPPs), API initiatives, and others market participants. The aim of the group is to facilitate industry preparedness for the Regulatory Technical Standard (RTS) on Strong Customer Authentication and Common and Secure Communication and to support the development of high-performing and customer-focused APIs under PSD2.
The group is tasked with identifying issues and challenges that market participants face during the testing and use of API interfaces in the period leading up to the application date of the RTS on 14 September 2019. The group is also asked to propose solutions on how the identified issues could be addressed, which the EBA and national authorities will then consider when providing clarifications in response to the issues raised.
On 11 March, 1 April, 26 April, and 26 July 2019, the EBA published clarifications to the first four sets of issues that had been raised by the working group. Today’s publication is the response to the fifth set of issues. In the weeks to come, the EBA will add further clarifications.