The European Payments Council (EPC) has released three updates for the Verification of Payee (VOP) scheme, publishing VOP scheme rulebook version 1.1, VOP scheme Application Programming Interface (API) specifications version 1.1, and the VOP API Security Framework version 2.1, all effective from 20 September 2026. The package is intended to support Single Euro Payments Area (SEPA) payment service providers (PSPs) in meeting legal obligations on verification of a payee for SEPA (Instant) credit transfers under the EU Instant Payments Regulation amending the SEPA Regulation. The VOP scheme rulebook sets inter-PSP rules, practices and standards for scheme participants and reflects urgent change requests identified by the Verification of Payee Working Group following a December 2025 public consultation. The VOP API specifications update removes the possibility of leaving API fields empty and adds clarifications on the character set, timestamp and HTTP headers. The API Security Framework sets minimum security requirements for VOP, SEPA Request-to-Pay (SRTP) and SEPA Payment Account Access (SPAA) scheme participants using APIs, with version 2.1 adding clarifications on certificate use for the VOP scheme and becoming mandatory from 20 September 2026 for VOP, SRTP and SPAA participants when using APIs.
European Payments Council 2026-03-16
European Payments Council issues updated Verification of Payee rulebook and API standards effective 20 September 2026
The European Payments Council has updated the Verification of Payee (VOP) scheme, including the VOP scheme rulebook version 1.1, VOP API specifications version 1.1, and the VOP API Security Framework version 2.1, effective 20 September 2026. These updates help Single Euro Payments Area payment service providers comply with the EU Instant Payments Regulation. Key changes include inter-PSP rules, API field requirements, and security standards for VOP, SEPA Request-to-Pay, and SEPA Payment Account Access participants.