Stablecoins Are Becoming Part of the Payment Infrastructure

With its No Action Letter of 10 June 2025 and follow-up opinion of 12 February 2026, the European Banking Authority (EBA) settled a question the market had largely avoided: when a stablecoin is used to move value for customers, does payments law apply? The EBA’s answer is yes. Where e-money tokens are held in custodial wallets, transferred on behalf of clients, or used to settle payment-like transactions, those activities fall under both MiCA and PSD2. In practical terms, many custodial stablecoin models now look less like crypto-trading businesses and more like payment businesses. This briefing analyzes the EBA’s position and explains how it is reshaping the legal landscape across the EEA, including Norway. The key point is simple: stablecoins should increasingly be understood as part of the payment infrastructure, not merely as tradable crypto-assets.

The premise: EMTs have a dual legal nature

The EBA’s starting point is simple. MiCA deems electronic money tokens (EMTs) - such as stablecoins referencing a single official currency - to be electronic money (e-money). In turn, electronic money constitutes “funds” under PSD2. Thus, any act of placing, transferring, or withdrawing an EMT is, in principle, a payment transaction. Consequently, MiCA is not necessarily the end of the analysis. Where a CASP provides services involving EMTs - particularly custody, wallet transfers, or transfers on behalf of clients - the activity may also fall within the PSD2 payment-services perimeter.

The EBA’s June 2025 opinion matters because it rejected the easy answer – to allow CASPs to treat EMT services as crypto-asset services only, governed exclusively by MiCA. Instead, it applied MiCA’s own rule: EMTs are electronic money, and electronic money is “funds” under PSD2. Stablecoin firms must therefore design for overlap. Where the EMT service is functionally a payment service, dual authorisation - or a properly structured PSP/EMI partnership - is required.

What the EBA placed inside the payment perimeter – and what it kept out

The EBA advised national competent authorities (NCAs) to treat the following services as payment services under PSD2:

• Transfers of EMTs on behalf of clients. Moving an EMT from one distributed-ledger address or account to another at a client’s instruction is functionally a credit transfer of funds. The technology used to move EMTs is irrelevant to classification.

• Custody and administration of EMTs involve holding clients’ funds. The opinion broadly states that transferring and holding EMTs constitute payment services, even if the wallet is not a payment account.

• Where a wallet is held in the name of one or more clients and allows EMTs to be sent to and received from third parties, it is a payment account.

The EBA excluded certain activities:

• The exchange of crypto-assets for funds or other crypto-assets, when executed against the firm’s own capital, is not a payment service.

• Nor is a CASP’s intermediation of crypto purchases settled in EMTs.

The dividing line is clear: dealing as a counterparty is trading; moving or holding value for a client is a payment service. The EBA drew the line between a stablecoin’s investment and monetary functions, placing the monetary function under payments law.

The Transition Period Ended on 9 June 2026

The EBA’s June 2025 No-Action Letter established a supervisory forbearance framework for a defined subset of EMT services for an interim period of 9 months.

The EBA advised NCAs to require a PSD2 license for transfers of EMTs carried out on behalf of clients, for relevant custody-and-administration models, and for custodial wallets that function as payment accounts, but not until 2 March 2026. NCAs were also advised to process those applications through streamlined PI/EMI procedures that reuse the MiCA file.

Once a firm held a PSP license or operated through an authorized PSP, the EBA advised NCAs not to prioritize certain PSD2 requirements poorly suited to token rails, including PSD2’s safeguarding of EMTs, certain charge and execution-time disclosures, the unique-identifier regime, the Payment Accounts Directive, and open-banking rules. However, it did not relax the core user-protection layer: SCA for access to custodial wallets and the initiation of EMT transfers, fraud reporting, and cumulative own-funds requirements remained central. Even during the temporary SCA forbearance, Article 74(2) PSD2 still applied: where SCA was not required, the payer did not bear the loss unless it acted fraudulently.

Since 2 March 2026, a CASP may continue to provide EMT services that qualify as payment services if it already has PI/EMI status, operates through an authorized PSP, has submitted a complete PSD2 application, has no material MiCA, national VASP, or AML issues relevant to authorization, responds promptly to the NCA, and is expected to be authorized within a very short period. In Member States using the maximum MiCA Article 143(3) transition, that bridge cannot run beyond 1 July 2026, or an earlier MiCA or PSD2 decision. Elsewhere, pending applicants may continue only on a tighter basis and, in principle, without marketing those services or onboarding new clients. Firms outside those scenarios should have stopped the relevant EMT payment services and offboarded clients as of 2 March 2026. Thus, as of June 2026, the broad nine-month authorization window has closed, the specific SCA and fraud-reporting forbearance has expired, and only a narrow, conditional bridge remains for some pending applicants.

The endgame sits within PSD3/PSR

The EBA’s June 2025 opinion was not intended to create a permanent workaround; it was an interim supervisory response to an overlap that MiCA itself created. Looking ahead, the EBA points to two legislative routes: either MiCA is strengthened by importing or cross-referencing the relevant PSD3/PSR protections for EMT-based services, or PSD3/PSR itself defines how those services should be treated. In either case, the direction is clear. Stablecoin payment users should not receive weaker protection simply because the transfer is executed via a token rather than a conventional payment account. The open question is therefore no longer whether payment-style EMT services should be subject to payment-grade rules. It is how that result will be implemented without unnecessary double authorization or regulatory duplication.

Norway: Stablecoins in a Mature Payment System

Norway is a useful test case for the EBA’s stablecoin analysis because it already has a highly developed payment system. MiCA and DORA have been applicable in Norway since 1 July 2025, and Finanstilsynet has begun granting MiCA authorizations. The transition period for existing crypto-asset exchange and custody providers runs until 30 June 2026. However, MiCA authorization alone is not necessarily sufficient. If EMT custody, wallet functionality, or client transfers constitute payment services, the provider must also hold payment institution or e-money authorization, or operate through an appropriately authorized PSP or EMI partner.

Thus, a custodial stablecoin wallet can no longer be treated solely as a crypto account. If it allows customers to send and receive EMTs from third parties, it may need to be designed as a payment account with strong customer authentication, fraud reporting, liability rules, and DORA-level resilience.

Norway’s existing infrastructure reinforces this point. Banks already use Bits’ KAR register for account verification, and Norges Bank is building NBO INST to enable 24/7 instant NOK settlement in central bank money. Therefore, a stablecoin payment product launched in Norway will be measured against mature payment-market standards - payer protection, payee verification, fraud controls, resilience, and reliable redemption into bank money - not against crypto trading norms.

This means that the first Norwegian stablecoin payment products will enter a post-EBA environment from day one, with little legacy practice to rely on and high expectations from Finanstilsynet (the Norwegian FSA).

The bottom line

The EBA’s 2025–2026 statements mark the moment when stablecoins were legally integrated into Europe’s payment infrastructure. The deeming of EMTs as funds, the classification of custody and transfer as payment services, the treatment of the wallet as a payment account, and the insistence on SCA, fraud reporting, and cumulative capital – together, these elements convert the custodial stablecoin business model into a payments business model. Firms should design – and, where necessary, redesign – their EMT products accordingly.

We advise issuers, crypto-asset service providers, payment institutions, wallet providers, and merchants on MiCA, payment services regulation, e-money licensing, and DORA in Norway and across the EEA. If your firm is assessing the impact of the EBA’s statements on an existing or planned EMT product, the key question is how your product fits within the payment services regime. We would be glad to discuss the authorization and structuring options in light of these new requirements.