Digital Payments & Fintech · Romania
Fintech & digital payments rules in Romania (2026)
Romania shaded by its digital payments & fintech status
Romania has a fully operative licensing regime for digital payments and e-money, anchored in Law 209/2019 (payment services, PSD2 transposition) and Law 210/2019 (electronic money, EMD2 transposition), both in force since December 2019. The National Bank of Romania (BNR) is the sole competent authority for authorising and supervising payment institutions (PIs), electronic money institutions (EMIs), and account information service providers (AISPs), maintaining a public registry of authorised entities. Open banking is live under Berlin Group NextGenPSD2 standards, and Romania's real-time rail (Plăți Instant / TRANSFOND) has been operating since April 2019.
Key points
Payment institutions and e-money institutions must be authorised by BNR under Law 209/2019 and Law 210/2019 respectively, aligned with PSD2 and EMD2. BNR Regulation No. 4/2019 sets operational requirements; BNR maintains a public register of authorised entities. Recent grants include EuPlătesc (PI licence, March 2026) and BLIK Romania (payment system authorisation, October 2024).
Romania transposed PSD2 through Law 209/2019 (in force December 2019), introducing third-party providers (PISPs, AISPs) and strong customer authentication. Major banks (Banca Transilvania, BCR, BRD, ING Romania) implement open banking APIs following the Berlin Group NextGenPSD2 standard, with BNR as the competent authority for supervision.
Romania's Plăți Instant rail, operated by TRANSFOND since April 2019, settles interbank RON transfers in under 10 seconds, 24/7, using the ISO 20022 / SEPA Instant Credit Transfer (SCT Inst) scheme. The EU Instant Payments Regulation (IPR, in force April 2024) further mandates PSP readiness for instant euro transfers, with key 2026 compliance milestones for reporting and implementation.
BNPL in Romania is regulated where it constitutes consumer credit under existing rules. The EU Second Consumer Credit Directive (CCD2) will bring most BNPL products explicitly within scope once transposed into national law (Member State deadline end-2025, full market application expected Q4 2026), requiring affordability checks and enhanced disclosure obligations on providers.
The EU Digital Operational Resilience Act (DORA) has applied directly in Romania since 17 January 2025, requiring payment institutions, e-money institutions, and credit institutions to implement ICT risk-management frameworks, conduct resilience testing, and register third-party ICT providers, all overseen by BNR.
PSD3 and the accompanying Payment Services Regulation (PSR) are at the EU legislative stage; final adoption is anticipated in 2025–2026. Once enacted they will supersede PSD2 and require further amendments to Romanian national law. BNR and Romanian fintechs are monitoring developments, with no domestic implementing legislation yet tabled.
Romania - other topics
Last verified 5/24/2026 · Orientation, not legal advice - verify against the primary sources linked above. Explore the full world map →