doing some reading on EBA security guidelines for PSD2 providers:
and per EU country compliance update:
By reading countries feedback on the table above is interesting to me how each country in the end makes its own guidelines by merging EBA’s into their current national guidelines. ENISA is largely ignored. No surprise there.
The directive is strange to me in the sense that the audit body is pretty generalist, it seems anyone can audit your controls…strange if you ask me. No rule works in the long term unless is enforced by professionals.