PSD2 establishes a harmonised framework for payment services across the EU and EEA, but the operational reality of quarterly NCA reporting is considerably less uniform than the directive's text suggests. Each National Competent Authority has implemented Article 96 reporting obligations according to its own technical standards, submission portals, and schema requirements. For a payment institution or e-money issuer operating across multiple jurisdictions, this divergence creates a material compliance management problem: there is no single reporting approach that works for all NCAs.
This guide maps the current reporting requirements — schema formats, submission channels, and submission timing — for the six NCAs that matter most to European PSPs and EMIs operating under PSD2: FCA, BaFin, ACPR, DNB, CBI, and CSSF.
FCA — Financial Conduct Authority (United Kingdom)
Following the UK's withdrawal from the European Union, the FCA operates under the Payment Services Regulations 2017 (PSRs 2017) rather than the EU PSD2 directly. For regulatory reporting purposes, the practical obligations for authorised payment institutions and registered e-money issuers remain closely aligned with PSD2 Article 96 in structure, though the FCA has introduced its own schema requirements.
The FCA uses ISO 20022-based XML schemas for transaction reporting submissions, with PAIN.001-family message formats for credit transfer activity data. Reporting is typically required on a quarterly basis, with submission windows defined by the FCA's reporting calendar published annually. The FCA also uses XBRL taxonomy submissions for certain categories of regulatory returns through the GABRIEL reporting system, creating a dual-format environment for institutions with multiple reporting obligations.
FCA schema versions are maintained in the FCA's schema library, and version updates have historically been published with notice periods that vary in practice. Institutions preparing FCA submissions should validate against the schema version active at the time of the submission window, not the version used for the prior quarter.
BaFin — Bundesanstalt für Finanzdienstleistungsaufsicht (Germany)
BaFin operates the Meldewesen-Plattform (MVP) as the primary submission portal for German payment institutions' regulatory reporting. The MVP portal handles multiple reporting categories, with PSD2 transaction reporting constituting one submission stream among several.
German payment institution reporting under PSD2 uses PAIN.001 and PAIN.002 XML schemas in versions specified by BaFin's technical documentation, which is maintained on BaFin's website. BaFin's schema versioning has followed the ISO 20022 migration schedule with some lag, and institutions operating in Germany should expect periodic schema version updates tied to both ISO 20022 releases and BaFin's own reporting framework amendments.
Submission frequency for PSD2 transaction data under BaFin oversight is quarterly, with submission deadlines typically falling in the month following the reporting period end. The MVP portal requires specific file naming conventions for uploads, and submissions that fail naming convention validation are rejected at the portal level before XSD validation occurs. This means institutions can face a two-stage validation failure: a naming error causes immediate rejection, and the schema error underlying the file would not be surfaced until the naming issue is resolved.
ACPR — Autorité de Contrôle Prudentiel et de Résolution (France)
The ACPR regulates payment institutions and e-money issuers in France as part of the Banque de France group. Reporting under French PSD2 implementation is channelled through the OneGate reporting portal, which handles a wide range of prudential and activity reporting for financial institutions under ACPR supervision.
French PSD2 reporting requirements use ISO 20022 XML schemas, with the ACPR maintaining its own technical annexes specifying the applicable schema versions and any French-specific namespace extensions. The ACPR has been active in publishing technical documentation updates through its official circular system, and compliance teams monitoring French regulatory requirements should maintain subscriptions to ACPR circular publications in addition to schema registry monitoring.
Submission windows for ACPR quarterly reporting are defined in the ACPR's reporting calendar, typically published in the fourth quarter of the preceding year. The ACPR maintains relatively strict submission windows with limited provision for late submissions absent documented technical failure.
DNB — De Nederlandsche Bank (Netherlands)
DNB presents a distinctive environment among European NCAs because it uses XBRL taxonomy submissions alongside ISO 20022 XML for different categories of reporting. Payment institutions authorised in the Netherlands may find themselves maintaining both XML report generation capability and XBRL filing capability, depending on their product scope and reporting category.
For PSD2 transaction reporting specifically, DNB has worked within the ISO 20022 framework while incorporating XBRL for statistical and prudential reporting streams. The distinction matters for compliance teams: the tooling, validation approach, and submission channel for an ISO 20022 PAIN.001 submission are different from those required for an XBRL taxonomy submission. Conflating the two is a source of submission errors in Dutch NCA reporting.
DNB publishes its schema and taxonomy requirements through its reporting portal documentation. Schema version updates for Dutch-specific reporting requirements have historically been communicated through DNB's official publication channels, including published circulars and direct communications to supervised institutions.
CBI — Central Bank of Ireland
The Central Bank of Ireland has grown substantially in importance as a PSD2 reporting jurisdiction following a significant increase in the number of payment institutions and e-money issuers choosing Irish authorisation, in part due to post-Brexit licensing considerations. The CBI operates the Online Reporting System (ONR) as its primary reporting portal, through which PSD2 transaction reports are submitted.
CBI reporting uses ISO 20022 XML schemas, with schema requirements documented in the CBI's technical reporting specifications. The CBI has been notable for providing relatively detailed technical documentation for reporting submissions compared to some other European NCAs, though as with all NCAs, the documentation does not always reflect the current schema version at the moment of publication.
Quarterly reporting windows under CBI supervision follow a schedule published by the CBI, with specific deadlines that compliance teams at Irish-authorised institutions must track independently of their obligations to other NCAs.
CSSF — Commission de Surveillance du Secteur Financier (Luxembourg)
Luxembourg's CSSF regulates a significant concentration of payment institutions and e-money issuers, reflecting Luxembourg's role as a hub for EU-wide payment services licensing. CSSF reporting requirements for PSD2 transaction data use the eDesk portal for submission, with schema requirements aligned to the ISO 20022 framework.
CSSF's PSD2 reporting technical documentation is published in both French and English, and the CSSF has maintained a relatively consistent publication approach for schema update notifications. Compliance teams monitoring CSSF requirements should track the CSSF's circular publication system in addition to direct schema registry changes.
The Cross-NCA Coordination Challenge
We are not suggesting that these six NCAs are uncoordinated or negligent in their publication practices. Each authority is operating within its own regulatory mandate, technical infrastructure, and resource constraints. The divergence is structural, not a failure of any individual regulator.
The problem it creates for multi-jurisdictional institutions is real nonetheless. An institution authorised in Germany, France, and Ireland simultaneously maintains three distinct submission calendars, three distinct schema version states, and three distinct portal authentication requirements. A schema change at any one NCA creates a submission risk at that NCA only — but the monitoring burden is multiplied by the number of covered NCAs, not shared across them.
| NCA | Country | Primary Schema Format | Submission Portal | Reporting Frequency |
|---|---|---|---|---|
| FCA | United Kingdom | ISO 20022 XML / XBRL (GABRIEL) | GABRIEL | Quarterly |
| BaFin | Germany | ISO 20022 XML (PAIN.001/002) | MVP (Meldewesen-Plattform) | Quarterly |
| ACPR | France | ISO 20022 XML | OneGate | Quarterly |
| DNB | Netherlands | ISO 20022 XML + XBRL taxonomy | DNB Reporting Portal | Quarterly |
| CBI | Ireland | ISO 20022 XML | ONR (Online Reporting System) | Quarterly |
| CSSF | Luxembourg | ISO 20022 XML | eDesk | Quarterly |
Keeping Current Across Jurisdictions
The practical approach taken by institutions with multi-NCA obligations typically involves a designated point person for each NCA relationship, with some combination of newsletter subscriptions, portal monitoring, and periodic direct contact with NCA supervisory teams to stay current on schema changes. This works until it doesn't — and the failure mode, as discussed elsewhere in this series, is typically a missed schema version update that surfaces as a submission rejection at the worst possible time in the quarterly cycle.
What the cross-NCA environment requires is a monitoring layer that treats each NCA's schema registry as a distinct data source, maintains a version history for each, and surfaces changes as they occur — not as they are discovered during submission preparation. The compliance team's job should be to interpret and act on change notifications, not to discover that changes happened.