EU-regulated fintech products typically operate under PSD2/PSD3, GDPR, PCI DSS, and DORA. Crypto-asset products must also address MiCAR, and consumer lending products fall under the EU Consumer Credit Directive. A properly structured discovery phase identifies all applicable frameworks at the outset and implements them as architecture constraints throughout the build.
