Support for PSD2 regulation

Problem statement

We need to comply with PSD2 regulation that requires us to use eIDAS certificates to secure communication between ourselves and third parties, more specifically, QWAC and QSEAL certificates. Is this supported in Auth0?

Additional information:

PSD2 is a regulatory framework that ensures payments across the EU are secure, easy, and efficient. The changes regulate entities that access or aggregate account information for electronic payments.

eIDAS (electronic IDentification, Authentication, and trust Services) is an EU regulation on electronic identification and trust services for electronic transactions in the European Single Market. eIDAS oversees electronic identification and trust services for electronic transactions in the European Union’s internal market. It regulates electronic signatures, electronic transactions, involved bodies, and their embedding processes to provide a safe way for users to conduct business online, like electronic funds transfer or transactions with public services.

Solution

We don’t hold these certifications. Supporting PSD2 is not on our roadmap yet. Per our compliance team, when you have specific certification requirements, you need to perform the assessment based on our existing certifications, such as SOC 2 and ISO 27001/27018.