Skip to main content

Innovation, payments, and digital assets

Regulation will (re)shape markets and digital transformation strategies

In 2024, Artificial Intelligence (AI), retail payments and digital assets are set to be top priorities on the EU and UK innovation policy agenda.

Retail payments


The convergence of market dynamics and new regulations will further accelerate the transformation of the payment sector. EU and UK consumers and merchants are demanding more convenience and value amidst a challenging economic environment.1 Policymakers in both jurisdictions are introducing new regulations to bolster consumer protection, choice, and resilience. These include promoting instant, open banking payments, and Digital ID; finalising stablecoins frameworks; and enhancing anti-fraud measures.

The implementation of virtually all these regulations is set to start in 2024/2025.2 Their impact will coalesce over the next two to three years, with significant implications for Payment Service Providers (PSPs).

First, new regulations will intersect with evolving payment preferences of customers and merchants, and growing adoption of enabling technologies such as digital wallets, connected devices, biometrics, and Distributed Ledger Technology (DLT). This will expand the range of Alternative Payment Methods (APMs) and distribution channels that PSPs can, or must, offer.

Second, competition will increasingly come from multiple fronts, including traditional players, FinTechs, and non-financial entities such as digital platforms or smart product providers. For many, the priority will be owning the customer relationship and payment initiation process, leveraging policy enablers, such as open banking, Digital ID, and fairer access to payment systems to gain a competitive edge.4 This is likely to lead to a further separation of the customer payment journey from the provision of payment infrastructure and accounts.

Third, complying with this complex web of new regulatory requirements will require significant skilled staff and financial resources. This will challenge PSPs’ capacity to invest in new business and technological capabilities, particularly amidst higher interest rates, margin pressures, and declining venture capital.

With over 6,500 and 1,000 estimated PSPs in the EU and UK respectively, the payment market is highly competitive.6 The trends described earlier are likely to lead to some PSPs exiting the market, while others may become attractive targets for mergers and acquisitions. Few PSPs will be able - or want - to compete across all channels, products, or the entire value chain.

All must incorporate regulatory considerations into their strategic decisions, addressing frictions, but also identifying synergies between business and regulatory change programmes. For instance, mandated EU Digital ID wallets can aid Anti-Money Laundering (AML) compliance while offering cost-effective and user-friendly identity verification across channels, potentially opening new revenue streams beyond financial services (FS). Similarly, using AI can improve fraud detection and enhance the customer experience, meeting both supervisory and customer expectations.

However, PSPs must also consider the impact of policy interventions that are still in flux on their investment choices and timing.For example, the finalisation of EU and UK stablecoins frameworks could boost their use in retail payments. However, other outstanding policy factors will affect PSPs’ business case to invest in the infrastructure or ecosystem of a new form of private money. These include the Payment Services Directive and Regulation (PSD3/PSR), the UK payment regulations review, success in promoting account-to-account (A2A) payments, upgrades to existing infrastructure, such as the UK New Payments Architecture (NPA), and the potential launch and key features of EU/UK Central Bank Digital Currencies (CBDCs).

Industry has been calling for greater coordination among different in-flight policy initiatives.7 While hopes for enhanced coherence in the long term persist, in 2024 firms must chart a strategic course that can contend with the status quo.

Digital assets


The impact of regulation on firms’ digital asset strategies will depend on the assets and activities involved.

Tokenisation, the issuance of a digital representation of an asset on DLT, will likely dominate regulated firms’ digital assets pilots, particularly for bonds. The UK's long-awaited tokenisation regulatory sandbox, set to launch by end-Q1, marks the first step towards the emergence of secondary markets in tokenised financial instruments. The UK sandbox, which complements its EU counterpart, will be helpful for firms seeking to establish market-leading trading and settlement venues, whether they are existing Financial Market Infrastructure (FMI) providers or new entrants.8

Successful applicants can seek targeted exemptions from securities frameworks, such as the Markets in Financial Instruments Directive and Regulation (MiFID/MiFIR) and the Central Securities Depositories Regulation (CSDR), and refine their business model based on regulatory feedback.

However, 2024 will be the beginning of a journey for tokenised securities markets. Any benefits from sandbox participation, or permanent rule changes that would encourage growth are at least two-to-three years away. For now, tokenised issuance remains relatively low.

Estimated digital bond issuances in recent years are less than 1%, for example, of the $20.6 trillion issued globally in long-term fixed income instruments in 2021.

UK Finance, Unlocking the power of securities tokenisation, July 2023

Meanwhile crypto natives operating in unbacked digital assets markets (e.g., Bitcoin) face a fragmented regulatory landscape, despite the EU Markets in Crypto-assets Regulation (MiCAR) technically going live in 2024.11 MiCAR empowers individual member states (MS) to delay compliance deadlines and maintain local regimes for custodians, exchanges, and other intermediaries to July 2026. MS must declare their plans by June 2024, and some have already done so, e.g., Spain has postponed its MiCAR compliance deadline to December 2025.12 Adding to this complexity, in our experience, timings to obtain local licences vary between two weeks and two years across the EU27.13 As firms determine their location strategies, local approaches to MiCAR will be a key decision factor, along with access to talent, bank accounts, payment infrastructure, and other factors.

The combination of MiCAR compliance costs and persistent revenue pressures, with trading volumes remaining suppressed, will exacerbate profitability challenges for crypto-native firms. Therefore, firms will need to evaluate the regulatory implications for their viability. They must consider not only MiCAR, but also broader FS rules to which they will be subject as regulated firms. A key example is the Digital Operational Resilience Act (DORA), which will require enhanced operational resilience capabilities and business continuity planning. Therefore, we expect some firms may consider exiting the EU market in 2024, as we saw in the UK in 2023 after the implementation of digital asset financial promotion rules.

The UK regulatory framework for unbacked digital assets remains uncertain. Final rules are unlikely before year-end, but we know they will be based on securities rules. Also, existing AML registrations will not automatically convert to full digital asset services licences, meaning that all firms should prepare for heightened scrutiny.14

Links to wider group entities and client asset protection will be focus areas, drawing on lessons from the 2022 market disruption. Benchmarking against comprehensive MiCAR requirements may help firms prepare until more detailed UK rules emerge.

Artificial Intelligence


Regulation of AI is set to take centre stage in 2024, as firms seek to scale their AI capabilities. The EU has taken a bold step by establishing the first comprehensive AI legislative framework – the Artificial Intelligence Act (AIA) – set to enter into force by H1 2024.

The EU is eager to establish the AIA as a global standard, and its extraterritorial impact on any AI system that affects EU residents may yet lend it some clout. However, regulatory divergence is more likely. Despite agreeing high-level principles for international cooperation, major jurisdictions are pushing ahead with their own national approaches.15 The US, home to some of the largest AI companies, is a prime example, as illustrated by President Biden's recent Executive Order on AI.

The AIA has also received mixed responses, with some industry representatives and policymakers outside the EU questioning its ability to balance innovation and safety. The UK, for example, has proposed a principles-based, non-statutory framework that leverages existing regulatory structures and frameworks. This approach aims to avoid overregulation and mitigate the risk of requirements becoming outdated quickly due to the rapid pace of innovation.

Nevertheless, as the AIA’s implementation begins in 2024 firms must understand its requirements and implications, especially as they start scaling their AI solutions.

The AIA classifies and regulates AI models and systems based on their potential risk to society and individuals. FS firms using AI systems deemed high-risk – such as those of credit and life/health insurance risk assessments, staff monitoring, and recruitment - will face significant compliance demands. Similarly, use of General Purpose AI models and systems will also be subject to strict requirements. The decision to develop in-house or use off-the-shelf AI systems will be strategically important. AI providers – i.e. developers or commissioning firms – will have to comply with some of the AIA’s strictest obligations. Firms also need to manage grey areas, such as where material customisation of third-party AI systems may cause them to be considered developers.

Multinational firms operating in both the EU and other jurisdictions must decide whether to embrace AIA standards globally or adopt EU-specific AI systems. Compliance costs and limits to innovation are among the downsides, while increased trust and reduced risks are potential upsides. Some FS firms – or their Third-Party Providers (TPPs) – may choose to scale back AI development or deployment in the EU to avoid the more comprehensive AIA requirements altogether. Some uncertainty will remain. AIA technical standards, against which firms must demonstrate compliance, will not be available until later in 2024 or 2025. Nevertheless, firms will possess sufficient information to assess their overall exposure, conduct a high-level gap analysis against key requirements, and devise an initial plan of action for product strategy and governance response.

In addition, while AI-specific legislation is a critical component of AI regulation within FS, it is just one piece of a much larger puzzle. Firms will also need to grapple with the existing and technology-neutral regulatory frameworks – such as data and consumer protection, model risk management, and operational resilience – as they apply to their AI use cases.

Inthe UK, in the absence of an AIA equivalent legislation, supervisors will rely on these frameworks to scrutinise firms’ use of AI. The Financial Conduct Authority (FCA), for example, has been particularly vocal about its plans to use the Consumer Duty to oversee AI conduct risks. Similarly, in the EU, regulations such as the General Data Protection Regulation (GDPR) and DORA will intersect with the AIA, although the degree of interaction will only become clearer once AIA technical standards emerge.

Firms must balance innovation with risk mitigation and maintaining public trust. Ethical concerns will continue to be significant. This may lead to a shift away from use cases with significant impacts on privacy or financial outcomes towards back or middle office automation. Ultimately, regulatory compliance and the firm’s own risk management and AI skillset will be crucial in determining which AI pilots firms can scale in 2024.

Firms must balance innovation with risk mitigation and maintaining public trust.

In summary, the regulatory changes surrounding retail payments, digital assets, and AI have created a complex and evolving landscape for FS firms. As firms adapt to this shifting regulatory environment and new digital financial markets, they must navigate a range of strategic opportunities and challenges.

In detail


Read more about retail payment regulations, digital assets, and artificial intelligence and data.

  1. Independent Future of Payments Review by Joe Garner, November 2023, available at
  2. Dates vary in the EU and UK
  3. Worldpay from FIS, The Global Payments Report, 2023, available at
  4. Through the Instant Payments Regulation, the EU will grant access for payment and e-money institutions to payment systems, by changing the Settlement Finality Directive
  5. Payments Association/Pay360, Pay 360 infographic, 2023, available at
    (Payments Association:
  6. ECB, Payments Statistics full report, July 2022, available at; and HMT, Payment Services Regulations review and call for evidence, January 2023, available at
  7. Independent review by Joe Garner, Nov 2023, can be accessed at
  8. The EU DLT pilot was launched in 2023
  9. UK Finance, Unlocking the power of securities tokenisation, July 2023, available at
  10. CoinMarketCapt, Global Live Cryptocurrency Charts & Market Data, November 2023, available at
  11. Deloitte, Navigating the fragmented global digital assets regulatory landscape, October 2023, available at
  12. Ministry of Economy, Trade and Business of Spain, Reglamento europeo sobre el mercado de criptoactivos (MiCA), October 2023, available at
  13. Body for the management of the Lists of financial Agents and credit Brokers, OAM: The register of cryptocurrency traders to be operational by May 18, February 2022, available at
  14. HMT, Future financial services regulatory regime for crypto-assets response to the consultation and call for evidence, October 2023, available at
  15. Department for Science, Innovation and Technology, The Bletchley Declaration by Countries attending the AI Safety Summit, November 2023, available at; and European Commission, Hiroshima Process International Code of Conduct for Advanced AI Systems, October 2023, available at
  16. Gilmore Centre for Financial Technology by Warwick Business School, In the AI of the storm: how UK financial services firms are using AI, November 2023, available at

Did you find this useful?

Thanks for your feedback

If you would like to help improve further, please complete a 3-minute survey