Rewriting Europe’s payments operating model

Payments enter a new phase

At the end of 2025, DORA had just come into force, instant payments were scaling, and PSD3 was on the horizon. What has shifted since then is the centre of gravity: resilience has moved from being a compliance topic to a main focus on boardroom level. Security is no longer a differentiator; it is expected. Digital wallets have become standard, and regulation is increasingly shaping market structure, not just setting guardrails. The question for 2026 is less “can financial institutions comply?” and more “can they redesign fast enough?”

Beyond the ‘which rail wins’ debate

The industry has long debated which payment rail will prevail, cards versus account-to-account, open banking versus wallets, or stablecoins versus traditional settlement; but this framing is becoming less useful. The more accurate picture is coexistence.

Cards and wallets remain deeply embedded in commerce and consumer protections. Instant account-to-account payments are becoming the baseline expectation. Open banking is maturing from API availability to API performance. Digital assets are moving from speculation to targeted utility.

Europe is investing in initiatives like Wero to drive pan-European, consumer-relevant experiences. The competitive advantage shifts to those who can orchestrate across rails, routing intelligently, managing risk and liquidity consistently, and resolving disputes predictably, without losing control.

The new regulatory baseline

European regulation is often seen as a source of friction, but it also reshapes the market by changing incentives and redefining who is responsible for what. Measures like the Instant Payments Regulation (IPR), Third Payment Services Directive (PSD3), the Payment Services Regulation (PSR), and Financial Data Access regulation (FiDA) are not separate initiatives. Together, they are pushing the industry toward a new baseline: payments that are always on, real-time, and built on trust.

Instant payments are a good example; sending and receiving money in seconds is the visible change, but the real impact is operational. Instant payments are irreversible and happen at speed, which means fraud controls must work in real time, systems must be continuously available, and liquidity and exception handling need to be managed differently. There’s no longer the safety net of batch processing or delayed decisions.

PSD3 and the PSR will increase competition and reshape accountability across the ecosystem, especially around fraud, access to accounts, and liability. The organisations that succeed won’t be the ones that simply add another tool; they will use regulation as a catalyst to simplify, standardise, and strengthen their end-to-end governance.

FIDA expands the scope beyond payments into broader financial data sharing. This matters because it raises expectations for seamless customer experiences — and requires robust consent management, strong identity governance, and full auditability. By 2026, a ‘data strategy’ is no longer separate from a ‘payments strategy’; they are part of the same operating model.

DORA makes resilience a management discipline

DORA confirms what the market has already been moving toward: in a critical payments infrastructure, resilience is no longer optional; it is the minimum standard.

Under DORA, operational resilience goes far beyond documentation. It requires an ongoing, practical approach to risk testing, oversight of third parties, readiness to respond to incidents, and continuous, measurable improvement. It also makes very clear what many organisations have learned the hard way: resilience is only as strong as the partners and systems they depend on.

That’s why this feels like a structural shift, not just another upgrading cycle. When resilience becomes a board-level KPI, it fundamentally changes how organisations invest, build, and operate. It drives alignment across technology, operations, procurement, and governance.

Digital sovereignty: the foundation of economic resilience

Geopolitical tensions are reshaping European payments faster than many people realise. Digital sovereignty isn’t just a regulatory checkbox; it’s the foundation of a strong and resilient economy. In payments, sovereignty isn’t about ideology. It’s about ensuring continuity, governance, and control over critical transaction flows and trust mechanisms while still staying connected to global commerce. In times of uncertainty, reliable systems for trust and dispute resolution become even more important, and they are not easy to replace.

This is why ‘single rail’ thinking is risky and not the best way forward. The future won’t have just one winner. Multiple payment systems will coexist, and the advantage will go to those who are already building for that complexity without compromising on security, resilience, or governance.

The practical future of money movement

There is a tendency to treat digital assets as either a revolution that replaces everything, or a distraction that replaces nothing. The practitioner view is more practical: stablecoins, tokenised money, and CBDCs can solve specific frictions, but they do not automatically replace mature rails.

Account-to-account payments, open banking, stablecoins and CBDCs can address gaps, such as settlement models, treasury workflows, and certain cross-border dynamics, without displacing the strengths of card-based ecosystems, especially around acceptance, consumer protections, and dispute handling.

The more relevant question for 2026 is therefore not ‘which rail will win?’ but ‘which rail best serves which use case and how do we govern the whole system safely?’

Beyond the Wero launch: making it work

The introduction of Wero is a timely reminder that Europe’s ambition goes beyond modernising infrastructure. It’s about creating payment experiences that both consumers and merchants will use. But interoperability isn’t just about connecting systems. It depends on aligning how things work in practice: fraud signals, dispute handling, service levels, governance, and incentives across all participants. Without that alignment, the experience becomes fragmented and adoption slows down.

This is why the next phase of European payments is so operationally demanding. Launching a new solution is relatively easy. Running it at scale, across countries, with consistent trust and resilience, is much harder.

For banks and acquirers, several concrete challenges stand out:

1. Aligning with Wero’s time-to-market, which varies by country, while managing the associated economic impact of phased rollouts.
2. Scaling infrastructure to handle potentially high transaction volumes, since each Wero payment ultimately triggers an instant SEPA Credit Transfer (SCT) from the user’s bank.
3. Ensuring 24/7 operational readiness, even as many banks still face downtime or limited availability in parts of their payments or core banking systems.

Agentic AI moves into execution

AI is already embedded across payments. What is changing is the move from tools that analyse to systems that act, with agentic AI coordinating workflows, triaging exceptions, and accelerating decision-making. Used well, this can be transformative, enabling faster investigations, lowering operational cost, improving fraud prevention, and delivering a step change in customer experience.

However, payments is a high stakes environment, so agentic AI must be designed with control. This means ensuring clear accountability for outcomes, maintaining audit trails and explainability aligned to risk, implementing robust monitoring and change control, and preserving human intervention where the impact is high. The organisations that pull ahead will embed AI at the core of risk and decision making while maintaining governance that stands up to scrutiny. Seamless experiences should not come at the cost of control.

The real opportunity in 2026: Turning higher standards into a clear advantage

Regulation is raising the bar. Vision is what turns it into an advantage.
In 2026, the most important capability is not a single rail, a single regulation programme, or a single technology; it is the ability to run a multi-rail ecosystem as critical infrastructure, securely, continuously, and transparently.

This requires a shift in how organisations operate. Instead of working in channel silos, they need to orchestrate across multiple payment rails. Risk controls must work in real time, especially for instant and irreversible transactions. Resilience has to become a continuous practice, not just a periodic compliance exercise.

It also means treating dispute management, identity, and consent governance as core capabilities, not afterthoughts. As AI becomes more embedded in operations, it must be deployed with clear accountability and strong auditability.

This is the work that separates firms that keep up from firms that lead. As 2026 unfolds, one question matters: are you redesigning our operating model for the new reality, or reacting to it?

This article has also been published on Finextra.