Since 2025, the EU’s Digital Services Act (DSA) has fundamentally changed the way very large online platforms (VLOPs) and digital marketplaces must manage compliance, risk oversight, and operational governance.
The rules raised expectations around transparency and accountability, compelling technology giants to embed far stronger controls across their businesses, said Moody’s.
Now, another wave of regulatory reform is approaching, this time driven by the EU Anti-Money Laundering Regulation (AMLR), the Payment Services Directive 3 (PSD3), and the Payment Services Regulation (PSR). These frameworks, which will begin applying from 2027, are expected to tighten obligations even further and create a more harmonised payments and compliance environment across the bloc.
In many ways, these reforms represent a significant shift for VLOPs and digital marketplaces, which have steadily expanded their financial services capabilities over the last decade. As embedded finance, digital wallets, and integrated payments became core to their commercial strategies, large tech platforms increasingly found themselves competing directly with banks and regulated payment providers. PSD2 had allowed firms to scale such offerings quickly, largely through carve-outs that reduced the regulatory burden. But those carve-outs will expire in March 2026, meaning platforms wishing to maintain services such as payment initiation, account information access, or electronic money transfers will now be required to fully comply with EU regulatory expectations.
The AMLR also broadens what constitutes a “correspondent relationship”, extending the definition to include not only banks but also credit institutions, financial institutions, and crypto-asset service providers offering payments, securities, or funds transfer functionality. This could affect many of the cross-border payment and digital wallet features that VLOPs rely on to serve global users.
As payments become increasingly integrated into online ecosystems, regulatory obligations expand in parallel. With AMLR in place, platforms handling payments or high-volume transactions will need to strengthen enhanced due diligence, continuous monitoring, and data-sharing frameworks to better detect financial crime risks. These obligations sit alongside DSA requirements that demand the verification of business users, increased documentation, closer work with regulators, and a more connected approach to content safety and payments resilience.
The AMLR goes even further by raising expectations around strong customer authentication, due diligence standards, transaction monitoring, and fraud liability—particularly for digital wallets, embedded payment gateways, and crypto-related services. This creates a new governance standard that blends payments, identity, and AML responsibilities into a single, interconnected regulatory expectation.
For VLOPs and digital marketplaces, preparation now becomes essential. The first priority is assessing licensing needs, as PSD3 narrows the ability for platforms to operate as unregulated intermediaries. Many firms will require formal payment licences for the first time.
Equally, organisations will need to upgrade fraud prevention frameworks, deploying more advanced screening, behavioural analytics, and authentication controls. Strengthening KYC, KYCC, and AML processes will be critical, especially around business onboarding, beneficial ownership verification, and downstream customer checks. Platforms may also need to adapt to new open banking and data portability requirements, with API standardisation expected to gain momentum under PSD3.
Governance will also demand attention. Firms may need updated compliance documentation, more structured reporting, and readiness for direct regulator supervision—particularly where cross-border transactions are involved.
While these changes bring operational challenges, they also open strategic opportunities. VLOPs and digital marketplaces that adopt robust AML and fraud controls, invest in transparency, and adapt their risk frameworks can strengthen both trust and long-term resilience. With regulators raising expectations, those that respond early will be better positioned to scale financial services, build global credibility, and innovate confidently within a secure and regulated environment.
Copyright © 2025 FinTech Global
