New consolidated version: Commission Delegated Regulation (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication (Text with EEA relevance)Text with EEA relevance

A new consolidated version of Commission Delegated Regulation (EU) 2018/389 in connection with regulatory technical standards (RTS) concerning strong customer authentication (SCA) and secure communication (SC) under the Payment Services Directive (PSD2) was published in the Official Journal (OJ) of the EU.
The consolidated version contains the modifications made by Commission Delegated Regulation (EU) 2022/2360 which relaxed some provisions to allow an exemption from these SCA and SC requirements for direct account access by customers so long as only certain data is disclosed (no sensitive data, only account balances, etc.). It also mandates such exemption for account access via account information service provider provided that certain conditions are met. Please see EventID 18440 in this context for a detailed description of the changes.