Requirements relating to prevention, transparency and regulatory due diligence in the payments industry have increased significantly in recent years. As a regulated payments company, Nexi is required to continuously adapt its existing processes to new regulatory requirements and heightened supervisory expectations. This includes, in particular, enhanced checks as part of Know Your Customer (KYC) and risk management processes, which serve to protect consumers and safeguard the integrity of the payments ecosystem.
Against this backdrop, Nexi has carried out additional checks on existing customers in recent months. These apply equally to merchants and service providers and form part of a comprehensively enhanced compliance and fraud prevention approach.
In connection with the Free Software Foundation Europe (FSFE), this review process could not be fully completed. This ultimately led to the termination of the business relationship. We are aware that this has caused uncertainty for FSFE and for the users concerned.
We would like to make one point explicitly clear: contrary to FSFE’s description of the matter (https://fsfe.org/news/2026/news-20260316-01.en.html), Nexi’s request to FSFE related exclusively to test login credentials. Nexi would never, as a matter of principle, request personal login details or passwords belonging to other users. Within the KYC process, test access is necessary in order to review the relevant portal. In particular, the purpose was to verify whether users are able to cancel their access properly and whether adequate consumer protection is therefore ensured, for example in order to prevent so-called subscription traps.
It appears that this request for test access led to a misunderstanding. We regret this. Our objective has been, and remains, to implement regulatory requirements diligently while at the same time working with our customers to find practical solutions.
Nexi will reach out to FSFE to clarify the matter. Irrespective of this individual case, the following applies: we continuously review our processes to ensure that necessary regulatory requirements are communicated clearly, proportionately and transparently.
As a regulated payments provider, we bear responsibility towards customers, partners, users and the competent supervisory authorities. We fulfil this responsibility with the utmost care.