2025_7608 Obstacle assessment of an ASPSP offering only web redirection to TPPs while a superior native app authentication method exists for its direct users

Question ID: 2025_7608
Legal act: Directive 2015/2366/EU (PSD2)
Topic: Strong customer authentication and common and secure communication (incl. access)
Article: Article: 98
Paragraph: Paragraph: 1
Subparagraph: Letter: d)
COM Delegated or Implementing Acts/RTS/ITS/GLs/Recommendations: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
Article/Paragraph: Article: 32; Paragraph: 3
Name of institution / submitter: ZNPay a.s.
Country of incorporation / residence: Czech Republic
Type of submitter: Other
Subject matter: Obstacle assessment of an ASPSP offering only web redirection to TPPs while a superior native app authentication method exists for its direct users
Question: Does an Account Servicing Payment Service Provider's (ASPSP) decision to offer only a web-based redirection for Third Party Provider (TPP) initiated journeys constitute an obstacle under Article 32(3) of the RTS, if that ASPSP also makes available a more convenient, direct authentication procedure in its native mobile application for its Payment Service Users (PSUs) when they access their accounts directly?
Background on the question: We acknowledge that the EBA Opinion on obstacles (EBA/OP/2020/10), specifically in paragraph 16(i), establishes a clear principle for mobile journeys: where a PSU uses a TPP's app and the ASPSP has an authentication app, the PSU should be redirected to the ASPSP's authentication app.

However, an interpretive gap arises in practice. Many ASPSPs, while possessing a fully functional native mobile authentication app which provides a seamless experience for their direct users, deliberately do not make this app-to-app redirection path available for TPP-initiated journeys. Instead, they offer only a web-based redirection path for TPPs. These ASPSPs do not technically block their app, but they fail to implement the necessary technical means (e.g., universal links, app links) for the app-to-app redirect to function for the TPP channel, effectively forcing all TPP traffic through an inferior web-based channel.

The ambiguity lies in whether an ASPSP fulfills its obligations under the RTS by simply providing any compliant channel (the web redirect), or if it must provide the best and most equivalent channel (the native app journey) that it makes available to its own users for similar actions.

This situation leads to a fragmented market and a significant competitive disadvantage for TPPs. Therefore, a clarification is needed from the EBA.
Submission date: 17/10/2025
Rejected publishing date: 11/05/2026
Rationale for rejection: This question has been rejected because EBA guidance or clarification is not needed. The question has already been adressed in paragraph 16 of the EBA Opinion on obstacles (EBA/OP/2020/10).
Status: Rejected question

Organisation and governance

Legal and policy framework

Careers

Supervisory convergence

Direct supervision and oversight

Information for consumers

Ad hoc activities

Risk analysis

Pillar 3 data hub

Reporting

Data

Publications

Media centre