Estonian E-money Institutions Act

The e-Money Institutions Act of Estonia was revised in 2018 which included additional requirements for data protection. The changes are a part of the wider EU level data protection amendments stemming primarily from the GDPR. Therefore, it is no wonder that the e-Payment Institutions Act was amended to include these requirements. Consequently, those seeking to establish an e-money institution in Estonia ought to be aware of the added requirements.

Personal Data Processing Requirements:

Under the new Article 632 several limitations are applied to the processing of personal data. Chief among these is this obligation to not to ask or try to obtain data besides what is needed for the provision of the payment initiation service.

Furthermore, under the revised Article a similar prohibition to using or storing the client’s data for anything besides the information service explicitly requested by the client. In addition the Article sets out a total prohibition on storing sensitive data for the provision of payment initiation services. Therefore, following the GDPR definition of sensitive data, this would include political affiliations, trade union memberships or other religious beliefs among others. Moreover, the service provider must make sure that third parties do not have access to such data.

Additionally, the revised e-Money Institutions Act requires that personal data can only be stored until the expiry date of the limitations period connected with the services. Therefore, the balance between the interests of the individual who’s personal data is processed and that of the e-Money is maintained.

Managing Risks:

An entirely new obligation is the requirement to send to the Financial Supervision Authority, every year, by the 1st of March an up-to-date assessment of the operational risks related to the payment services.  This obligation was introduced to make sure that the service provider implements effective security and control measures as required by the Article.

However, should an incident happen, an immediate notification must be sent to the Financial Supervision Authority. This obligation extends to inform clients affected if the incident may or does have an impact on the financial interests of the clients. Furthermore, a payment service provider must provide to the Financial Supervision Authority regularly statistical information regarding frauds related to various payment methods.


To find more about E-Money Institutions in Estonia, please contact our lawyers at 

T: +371 67240090 

F: +371 67240091

Contact us about

Estonian E-money Institutions Act

Your message was sent. Thanks

Obtenez votre copie GRATUITE du guide des affaires dans les pays Baltes 

Your message was sent. Thanks

Gencs photo

A propos de Valters Gencs 

Sous différents aspectsb L'avocat Letton Valters Gencs est l'archétype de l'avocat modern - A étudier aux USA , Eait pret à prendre un risque commercial avec la création de sa firme qui à été prospère durant presque 16 années.

En savoir plus.

Notre Equipe

Notre équipe est constitué d'avocats, et de consultants financiers parmis les plus expérimentés et talentueux des Baltiques. Nos experts trouverons la solutions la plus adapté à votre situation.


Our knowledge

Nos connaissances

Gencs Valters Law Firm dispose de 15 ans d'experience pratiques dans les sevices légaux, la consultation fiscale, la fusion et l'aquisition, les lois fiscales, la consultation financière, les institutions, les lois fisclales, la propiété intellectuelle, ainsi que l'immigration et les litiges.