Regulatory Technical Standards (RTS) under PSD2 (EU Directive 2015/2366) define strong customer authentication (SCA) and secure communication requirements for electronic payments in Europe. The European Banking Authority’s delegated regulation specifies when SCA applies, exemptions, and how payment service providers must protect credentials.
RTS shaped 3-D Secure adoption, dynamic linking of amount and payee, and issuer challenge flows. Network tokenization interacts with RTS where tokenized transactions claim authentication benefits; ECI and cryptogram data must align with what issuers accept as SCA-equivalent or exemption-qualified.
UK and EU merchants designing pan-European checkout must map RTS obligations separately from PCI. A US-centric token integration may compile technically but fail regulatory scrutiny if authentication evidence is insufficient for EU issuers.
Veliro documents how network token cryptograms and ECI values support European authentication patterns; merchants remain responsible for legal interpretation with counsel. RTS awareness prevents architecting purely for US card-not-present norms when a material EU segment exists.
Exemption catalogs (low value, trusted beneficiaries, MIT exemptions) change with regulator guidance; revisit RTS mapping when you launch new countries or payment flows, not only at initial EU go-live.