Estonian E-money Institutions Act

The e-Money Institutions Act of Estonia was revised in 2018 which included additional requirements for data protection. The changes are a part of the wider EU level data protection amendments stemming primarily from the GDPR. Therefore, it is no wonder that the e-Payment Institutions Act was amended to include these requirements. Consequently, those seeking to establish an e-money institution in Estonia ought to be aware of the added requirements.

Personal Data Processing Requirements:

Under the new Article 632 several limitations are applied to the processing of personal data. Chief among these is this obligation to not to ask or try to obtain data besides what is needed for the provision of the payment initiation service.

Furthermore, under the revised Article a similar prohibition to using or storing the client’s data for anything besides the information service explicitly requested by the client. In addition the Article sets out a total prohibition on storing sensitive data for the provision of payment initiation services. Therefore, following the GDPR definition of sensitive data, this would include political affiliations, trade union memberships or other religious beliefs among others. Moreover, the service provider must make sure that third parties do not have access to such data.

Additionally, the revised e-Money Institutions Act requires that personal data can only be stored until the expiry date of the limitations period connected with the services. Therefore, the balance between the interests of the individual who’s personal data is processed and that of the e-Money is maintained.

Managing Risks:

An entirely new obligation is the requirement to send to the Financial Supervision Authority, every year, by the 1st of March an up-to-date assessment of the operational risks related to the payment services.  This obligation was introduced to make sure that the service provider implements effective security and control measures as required by the Article.

However, should an incident happen, an immediate notification must be sent to the Financial Supervision Authority. This obligation extends to inform clients affected if the incident may or does have an impact on the financial interests of the clients. Furthermore, a payment service provider must provide to the Financial Supervision Authority regularly statistical information regarding frauds related to various payment methods.


To find more about E-Money Institutions in Estonia, please contact our lawyers at 

T: +371 67240090 

F: +371 67240091


Estonian E-money Institutions Act

Your message was sent. Thanks

Get your FREE Copy
of Guide to do Business in the Baltics

Your message was sent. Thanks

Gencs photo

About Valters Gencs

In many regards, Latvian advocate Valters Gencs is the archetypal modern Baltic attorney – US educated, willing to take a commercial risk with his firm, which has been successfully operating for almost 16 years.  

Read more.

Our Team

Our team consists of knowledgeable and experienced advocates, lawyers and tax consultants in the Baltic States. Our professionals will find the most appropriate solution for your situation. 


Our knowledge

Our knowledge

Gencs Valters Law Firm has a 20-year practical experience in legal services, tax consulting, mergers and acquisitions, banking law, finance consulting, corporate, intellectual property, immigration and litigation.