Changes to Global Payments Regulations: What Businesses Need to Prepare For in H2 2025

The global payments sector is subject to frequent regulatory changes and this year is no different. Regulations that have been in development for years are now reaching the implementation time, creating a watershed moment for businesses operating cross-border. The second half of 2025 will bring a series of new rules that will reshape the execution of payment transactions, compliance and customer service but are also likely to impact businesses beyond administrative adjustments. Organisations will need to adapt their tech, processes and in some cases, strategy.

This guide provides a practical breakdown of what's coming, what it means, and how global businesses should prepare. With the global regulatory tech market predicted to grow to $42.7 billion by 2031, as the companies try to stay compliant , understanding these changes is crucial for maintaining competitive advantage and avoiding significant penalties.

ISO 20022 (Deadline: November 2025)

November 2025 marks the deadline for the final, global migration to ISO 20022, a new cross-border messaging system. ISO 20022 represents a new standard that brings richer data, that may improve fraud detection, automated compliance and connectivity across payment systems however in order to achieve this - the implementation requires significant technical overhaul. Unfortunately, still a large fraction of businesses relies on legacy systems that lack interoperability and might struggle to receive and process these enhanced message formats, forcing organisations to invest in significant tech upgrades. For seamless and ISO 20022-compliant global vendor payments businesses will need to ensure that their payment infrastructure can generate and process these new message formats to avoid transaction failures.

PSD3 and EU Payment Services Regulation (Applicable from April 2025)

The revised Payment Services Directive 3 (PSD3) and accompanying EU Payment Services Regulation have fundamentally changed the European payments framework in April 2025 after the long standing PSD2. While implementation has started a while ago, the full compliance obligations continue throughout H2 2025.

PSD3 has introduced more thorough fraud prevention requirements with advanced transaction monitoring and enhanced customer authentication methods. It also changes licensing requirements for payment service providers and strengthens customer protection mechanisms, particularly for disputed transactions. The regulation touches everything from automated vendor payments to consumer refund processes, requiring a comprehensive review of payment operations.

UK Stablecoin Regulation (Final Rules Expected Late 2025)

The UK's financial regulatory authorities are in the process of finalising a comprehensive framework for payments involving stablecoins and this is expected to be delivered in late 2025. This will be the first major jurisdiction that adapts banking-style rules tailored for digital assets used in payments.

Under the framework, businesses planning to accept or process stablecoin payments will need to ensure their partners hold appropriate authorisation and meet regulatory standards. Companies exploring central bank digital currencies and stablecoins, can use the regulation as a handbook to ensure compliance and gain necessary guidance, however this will not come without extra complexity to the payment and operational infrastructure.

UK Cross-Border Interchange Fee Reform (Final Rules Expected Late 2025)

Following Brexit, the UK government is implementing reforms to cross-border payment card interchange fees between the UK and EU with an aim to cap transaction fees increase transparency in how costs are allocated between issuers and acquirers. The final rules are expected in late 2025.

E-commerce businesses might see significant impact of these changes on their cash flow and transaction economics, especially if operating across the UK-EU borders. This might mean evaluating how the interchange reforms affect profit margins and consequently evaluating pricing strategies. Similarly, payment acceptance methods may need to be adjusted to optimise costs under the new framework.

Digital Operational Resilience Act (DORA)

While DORA technically has entered into force in January of this year, compliance requirements continue ramping up throughout the year. This regulation applies to any business offering financial services in the EU using digital infrastructure, including payment service providers, payment institutions, and many of their business customers.

DORA mandates stringent ICT (Information and Communication Technology) risk management frameworks, ICT Third‑Party Risk Management, regular resilience testing, and regular incident reporting protocols. DORA compliance ensures that payment systems can withstand disruptions and recover quickly from incidents to continue providing services to their businesses. Any business relying on payment providers needs to now verify their resilience.

Increased Complexity in Global Payments

Despite some of them being announced in 2024 or implemented at the start of 2025, the regulatory changes of the H2 2025 continue to increase the landscape of global payment operations. Businesses must now be aware of and comply with different rules across the UK, EU, and other jurisdictions, accounting also for diverse implementation timelines and technical requirements.

International payment infrastructure is not as smooth as it used to be and will need to adapt to new technical standards, risk frameworks, and data requirements at relatively short timelines, and without disrupting business operation or delivery of service to customers. Companies managing multiple-entities face particular challenges ensuring consistent compliance across subsidiaries operating under different regulatory regimes.

Key operational impacts include:

Need for jurisdiction-specific compliance documentation

Potentially different technical requirements for similar types of payment across markets

Increased reporting obligations to multiple regulators

Customer Expectations and Service Design

The new regulations fundamentally change customers' baseline expectations for payment services. Especially fraud protection and security are no longer a differentiator but a legal requirement that needs to adhere to specific technical and regulatory standards.

User experience, onboarding processes, and customer communications must all reflect the new regulatory baseline. For example, the way customers authenticate access to their account and authorise payments needs to balance security with usability, while fees need to be transparently displayed under the strengthened consumer protection rules.

Costs and Resource Allocation

Compliance with H2 2025 regulations requires significant investment across several areas:

Upgrades and overhauls of systems and technology to support new message formats and security requirements

External audits and certification processes

Staff training on new compliance obligations

Ongoing monitoring and reporting capabilities

A recent study from Oxford Economics reveals that just in the UK, the finance sector collectively spends around £38.3 billion annually on compliance. and these costs are only meant to go up under the new frameworks. Non-compliance risks are substantial, including penalties from payment system regulators, service disruptions and potential reputational damage.

Cross-Border Operations

The fragmented regulatory landscape requires jurisdiction-specific strategies while maintaining centralised control in a multi-entity setting. When a one-size-fits-all approach to global payments no longer works, businesses need to seek localised payment solutions for different markets while maintaining operational scalability.

This challenge is particularly acute for companies operating across multiple regions and managing FX risks. Not only does it mean maintaining even more local banking partnership and accruing more fees, the new regulations add complexity to cross-border settlement processes, even intra-company, potentially affecting liquidity management and hedging strategies. Organisations should review their FX hedging strategies to ensure they account for these regulatory changes.

Payment Providers and Platform Dependencies

Businesses relying on third-party payment providers must ensure those providers are fully compliant with all relevant regulations, especially DORA. This necessitates a comprehensive review of:

Service contracts and compliance guarantees across all payment instruments

Data-sharing protocols and privacy controls

Service level agreements covering regulatory requirements

Contingency plans if providers fail to meet compliance deadlines

Certification or reports proving sufficient resilient stress testing has been conducted or considering third-party testing

Companies working with multiple payment providers should conduct a systematic compliance audit across their vendor ecosystem. These reviews might also help to minimise cross-border fees under the new interchange regulations.

Competitive Opportunity

While the regulatory changes create compliance challenges, they also present opportunities for forward-thinking businesses. Organisations that are fast to adapt to the changing compliance market, can use it as a differentiator and deliver exceptional service to their clients and customers while competition is still implementing technical changes.

The enhanced data capabilities required by ISO 20022, for example, considerably improve reconciliation processes and cash flow forecasting. Businesses that view these regulations as strategic opportunities rather than compliance burdens can gain a competitive edge.

Navigating the regulatory changes of 2025 isn't just about staying compliant, it's about future-proofing your payments strategy. Now is the time to evaluate your infrastructure, engage with providers, and ensure your customer experience aligns with tomorrow's regulatory landscape.

For businesses seeking to navigate these complex regulatory changes efficiently, a comprehensive unified treasury and financial operations platforms like Fyorin can offer significant advantages. By providing pre-built compliance frameworks and a single onboarding and compliance process to access local banking and payment partners in 100+ currencies and countries, Fyorin helps global businesses stay compliant and agile across borders, regardless of the regulatory landscape.

Summary

Business impact:

Future‑proof your payments strategy with the right partner that offers real-time compliant payment flows.

Centralise treasury and payments operations on a platform like Fyorin.

Unified treasury & operations platform benefits:

Pre‑built compliance frameworks shorten time‑to‑market and reduce risk

Single onboarding & KYC process for all partners

Global reach: access local banking and payment rails in 100+ currencies and jurisdictions.