> ## Documentation Index
> Fetch the complete documentation index at: https://docs.qonto.com/llms.txt
> Use this file to discover all available pages before exploring further.

# PSD2 License

<Accordion title="What is PSD2 & QSeal certificate (QSealC)?">
  **<u>PSD2 (Payment Services Directive II)</u>**

  * **What is it**: A European Union directive that updates the legal framework for payment services.
  * **Purpose**:
    * Liberalize the payment industry and boost competition
    * Enhance the security of payment service users
    * Foster innovation in the payments sector
    * Clearly define the rights and obligations of payment service providers and users

  **<u>QSealC (Qualified electronic Seal Certificate)</u>**

  * **What is it**: A qualified certificate defined under the EU's eIDAS Regulation for trust services.
  * **Purpose:**
    * Enables its holder (usually a legal entity) to create electronic seals on data.
    * Guarantees the integrity (data hasn’t changed) and authenticity (origin can be proven) of the sealed data.
    * Allows third parties to verify who sealed the data and that it remains unchanged.
    * Provides strong, long-term evidence that the data originated from the entity identified in the certificate.
  * **Validation**: Electronic seals can be validated by anyone, at any time, to ensure authenticity and integrity.
</Accordion>

<Accordion title="How to send, renew and update PSD2 QSealC? ">
  **Send PSD2 QSealC**

  To send PSD2 QSealC, please follow [this step by step guide](https://docs.qonto.com/get-started/business-api/authentication/qsealc#requirements).

  **Renew PSD2 QSealC**

  To renew your PSD2 QSealC, you must contact your PSD2 provider

  **Update PSD2 QSealC**

  In order to update your QSeal certificate, you need to update the `Signature` header which needs to be sent in each API request.

  <Tip>
    Check [this page](https://docs.qonto.com/get-started/business-api/authentication/qsealc#add-a-signature-header) for more details
  </Tip>
</Accordion>

<Accordion title="What are the requirements for QSealC?">
  Each request sent by the TPP has to be signed using `http-signature` mechanism which is specified by the [**following IETF draft-paper**](https://datatracker.ietf.org/doc/draft-ietf-httpbis-message-signatures/).

  To implement it, please follow [this guide](https://docs.qonto.com/get-started/business-api/authentication/qsealc).
</Accordion>

<Accordion title="Will the new certificate be accepted automatically, provided that our TPP ID and PSD2 roles remain unchanged?">
  Once you’ll get your new QSealC, you’ll need to include it in your API requests by following [<u>those guidelines</u>](https://docs.qonto.com/get-started/business-api/authentication/qsealc#requirements). You can make some tests with your new certificate in our Sandbox environment before deploying the changes in Production.
</Accordion>

<Accordion title="Will existing AIS consents remain valid after the certificate update?">
  Yes, existing OAuth consents will remain valid.
</Accordion>

<Accordion title="Will access to the status of payments that were initiated using the previous certificate be retained?">
  Yes, you will still have access to the payments initiated with the previous license.

  <Note>
    To initiate payments, your new license should be a PIS license; otherwise, your API requests will be rejected.
  </Note>
</Accordion>

<Tip>
  Need to report a bug, request a new feature, or didn’t find your answer? [Click here.](https://getqonto.atlassian.net/servicedesk/customer/portals)
</Tip>