EMD2 — Directive 2009/110/EC — is the foundational EU regulation for e-money institutions (EMIs). It replaced EMD1 (2000/46/EC) and was transposed by Member States by April 2011. EMD2 remains in force today, but the European Commission's PSR (Payment Services Regulation) proposal envisages its repeal and integration into the PSR. This article reads EMD2 from an EMI operator's perspective: authorisation, minimum capital, safeguarding, passporting, and what changes under PSR.
What EMD2 Regulates
EMD2 covers three foundational areas:
- EMI authorisation — who may issue e-money and under what conditions.
- Minimum capital and safeguarding — how customer funds are protected.
- Passporting rights — single-licence operation across the EU.
EMD2 also offers a simplified regime for "small EMIs," but this is optional and the threshold differs by Member State.
What Is E-Money? (Article 2(2))
EMD2 defines e-money through four cumulative criteria:
- Monetary value stored electronically.
- Representing a claim against the issuer.
- Issued on receipt of funds.
- Used for payment transactions and accepted by parties other than the issuer.
This definition diverges from crypto-assets: a crypto-asset does not represent a claim against an issuer (it is decentralised). Stablecoins approach the definition — which is why MiCA regulates stablecoins separately as "E-Money Tokens (EMTs)" and requires EMT issuers to be either a credit institution or an EMI.
EMI Authorisation
Per EMD2 Article 3, EMI authorisation requires:
- Application to the national competent authority — e.g. BaFin in Germany, Lietuvos Bankas in Lithuania, MFSA in Malta.
- Minimum initial capital: €350,000 (Article 4). This threshold distinguishes EMIs from ordinary payment institutions (PIs), where the typical threshold is €50k-€125k.
- Governance: fit-and-proper assessment of directors, beneficial ownership disclosure.
- Operational and risk-management plan — IT security, internal audit, AML/KYC policy integrated with AMLD5/6.
Timelines vary by NCA — typically 3 to 9 months. Once granted, the licence carries an EU passport right.
Safeguarding: Article 7
Article 7 — the safeguarding rule — is the most operationally consequential part of EMD2. An EMI must safeguard 100% of outstanding e-money. Two methods are permitted:
- Segregation: customer funds are held in a separate account from the EMI's own operating funds. That account must sit with a "qualifying credit institution." If the EMI fails, the segregated account is outside the insolvency estate — customers recover the funds directly.
- Qualifying covered bonds / insurance: funds may be invested in low-risk, liquid qualifying covered bonds, or coverage may be obtained from an authorised insurance undertaking.
In practice: most EMIs use segregation. The standard pattern is a separate customer money account at a tier-1 EU bank + daily reconciliation + independent auditor reporting (typically quarterly).
Common pitfall: commingling of operational cash flow with customer funds. This is a safeguarding breach and a zero-tolerance issue in supervisory reviews.
Passporting
Articles 28-30 give an EMI authorised in one EU host state the right to operate in the other 26 Member States. Two types:
- Services passport — provided remotely, no physical presence.
- Branch passport — physical branch in a non-host Member State.
Notification is filed with the home NCA, which forwards it to the host NCA within one month. The host NCA has two months to object — rare in practice.
Initial Capital + Ongoing Own Funds
EMD2 applies a two-tier capital requirement:
- Initial capital: €350,000.
- Ongoing own funds: based on outstanding e-money (Article 5(3)):
- 0-€5M: 2%
- €5M-€10M: 1.5%
- €10M-€100M: 1%
- €100M-€250M: 0.5%
- above €250M: 0.25%
Example: an EMI with €50M outstanding e-money must hold €500,000 in own funds (€50M × 1%). This exceeds the €350k initial capital; the higher amount binds.
Interaction With AML/KYC
EMIs are on the list of obliged entities under AMLD5. Key obligations:
- Customer Due Diligence (CDD): at card issuance or account opening.
- Sanctions, PEP and adverse media screening — ongoing monitoring.
- Transaction monitoring: detection of anomalous flow patterns (mule accounts, structuring).
- Suspicious Transaction Reports (STRs) — filed with the national FIU.
For these the Legichain AML screening API provides EU-compliant consolidated list coverage. EMIs typically process high-volume, low-ticket transactions — so screening latency and false-positive rates are the primary drivers of operational cost.
What PSR Changes
The PSR + PSD3 package proposed on 28 June 2023 repeals EMD2 and absorbs its provisions into the PSR:
- EMI is no longer a separate category — it becomes a "payment institution issuing e-money," consolidated under PI status.
- Minimum capital: €350k preserved (for e-money-issuing PIs).
- Safeguarding: preserved, with the segregation method strongly preferred and clarified.
- Open finance: open-banking-style data access extended to e-money.
For a deeper transition analysis see our PSD2 to PSD3 transition article. As of May 2026 the proposal is still in trilogue; adoption is expected 2026-2027.
Frequently Asked Questions
What is the small EMI regime and when is it used?
Article 9 permits Member States to apply a simplified regime to EMIs below certain size thresholds. A typical threshold: no more than €5M monthly average e-money in circulation. Small EMIs are not exempt from safeguarding, but authorisation procedures and capital thresholds are lighter. They do not have passporting rights — they may only operate in the authorising Member State. In practice the small EMI status is used as a "pre-EMI" step by fintech start-ups.
What is the difference between an EMI and a payment institution (PI)?
An EMI may issue e-money; a PI may only provide payment services (transfer, card processing, account information services). An EMI automatically holds PI rights. Capital threshold: €350k for an EMI, €50k-€125k for a PI depending on service. Under PSR this distinction disappears — a single "payment institution" umbrella with e-money issuance as an ancillary service.
At which bank can I open the safeguarding account?
Article 7 requires a "qualifying credit institution" — i.e. an EU credit institution authorised under CRD IV/V. EMIs typically use a tier-1 EU bank or a large local bank in their home state. Opening the safeguarding account within the same banking group as the EMI creates concentration risk — some NCAs encourage diversification across separate institutions.
Is EMD2 equivalent to Turkey's BDDK Law No. 6493?
Structurally similar (minimum capital + safeguarding + licensing). Differences: BDDK 6493 is integrated with the local payment system, reporting in Turkish, supervised by BDDK; EMD2 grants EU passporting rights. A BDDK-licensed EMI is not authorised in the EU — a separate EMD2 (or PSR) application is required to enter the EU market.
If I want to license an EMI in the EU, which NCA is preferred?
Lithuania, Malta and Ireland have stood out in recent years as fintech-friendly NCAs. Lithuania's Lietuvos Bankas is known for fast authorisation and a sandbox regime. Malta's MFSA tends to be preferred for smaller EMIs. Ireland's CBI is well-suited to larger institutions. Decision matrix: target market (any country works under passporting), licensing throughput, tax regime, language preference.
How Legichain Helps with EMI Compliance
A significant share of an EMI's operating load is ongoing AML/KYC and safeguarding control. The Legichain AML screening API provides AMLD5/6 and forthcoming AMLR-compliant PEP, sanctions and adverse media screening, optimised for the latency profile of EMIs processing millions of card transactions per day. Our e-money solution covers EMI-specific CDD flows, transaction monitoring and safeguarding reconciliation. Our EMD2 stack is built with PSR readiness in mind — open-finance and data-portability standards are designed in.