The matter of payment services and, especially, the liability regime for unauthorized digital payment transaction(s) is regulated by a multi-level system of rules, comprising European legislative acts (Directive 2015/2366 (PSD2) and the national rules transposing the EU rules), European non-legislative acts (regulatory agencies: Delegated Regulations, Regulatory Technical Standards, Guidelines, Opinions, Questions and Answers), and the pre-existing general national rules on private relationships. The matter is subject to multiple potential observation points: the tension and coexistence of national rules and supranational regulations; the effect the variety of sources and the fragmentation of governance in the financial market have on the interplay of sources and the theory of interpretation; the regulatory force of soft law.
The speaker’s thesis is that, given the extent (partially exhaustive) and the degree (maximum) of harmonization pursued by PSD2; and given also the relevance of soft law in this matter and the related increase in the volume and importance of regulation done through rule-making and standardization, the allocation of responsibility in the event of unauthorized payments is fully and exclusively regulated by the Directive, which in this area can be considered as self-contained legislation, distinct from general contract law. This leads to the conclusion that all pre-existing provisions offering greater protection are not to be applied