Introduction

On 18 October 2023, the European Parliament and the Council of the European Union (EU) adopted Directive 2023 on credit agreements for consumers (New Consumer Credit Directive) with the goal of ensuring a high level of consumer protection and a well-functioning internal market (Recitals 12 and 13). This long-awaited directive will repeal Directive 2008 on credit agreements for consumers (2008 Consumer Credit Directive) currently in force with effect from 20 November 2026. Over the last decade, the ability of the old directive to achieve similar objectives has been increasingly questioned on two main grounds.

First, the old directive reflects the information paradigm of consumer protection and the corresponding image of the “average consumer” as a reasonably well-informed, observant, and circumspect actor (Cherednychenko, 2014). The idea behind this model is to improve the consumer decision-making process through the rules on information disclosure designed to redress information asymmetries between credit institutions and credit intermediaries, on the one hand, and consumers, on the other. In avoiding the imposition of substantive restrictions on the conclusion of credit agreements, such as strict creditworthiness assessments or price caps, the model fosters first and foremost consumer access to credit. Particularly in the aftermath of the global financial crisis of 2007–2008, however, serious concerns have been raised about the ability of the information paradigm of consumer protection to protect consumers against irresponsible lending and ensure the proper functioning of retail financial markets more generally (e.g., Atamer, 2011; Avgouleas, 2009; Domurath, 2013; Garcia Porras & Van Boom, 2012; Micklitz, 2010; Nield, 2012).

Second, the rapid technological developments accelerated by the COVID-19 pandemic have brought significant changes to the consumer credit markets. On the supply side, the existing credit products, such as payday loans, have been increasingly offered online. In addition, new credit products and services, such as Buy Now, Pay Later (BNPL) and peer-to-peer lending (P2PL), have emerged. The use of new technologies, such as artificial intelligence (AI), also enables companies to collect and share personal data based on consumer behaviour so as to create and constantly update consumer profiles, which in turn are used to shape what consumers see and how they make choices online (Helberger et al., 2021, 2022). On the demand side, the online marketplace poses new risks to consumers by facilitating quick and easy access to credit (Cherednychenko & Meindertsma, 2019, p. 512). To most consumers, moreover, the technological infrastructure that supports personalized marketing techniques, such as personalized pricing, remains a black box, which results in structural “digital asymmetry” between lenders and consumers (Helberger et al., 2021, p. 51; 2022). The evaluation of the 2008 Consumer Credit Directive launched by the European Commission in 2018–2019 (European Commission, 2020) has revealed some important limitations of this EU measure in protecting consumers in the digital marketplace and indicated a pressing need to revise it. Furthermore, my own studies for the European Parliament and the European Commission in the run up to the revision of the old directive have shown that the information paradigm of consumer protection is particularly unfit to protect consumers against irresponsible lending in the online environment and have advocated striking a different balance between access to credit and consumer protection in the new directive (Cherednychenko, 2018; Cherednychenko & Meindertsma, 2018, 2019). Irresponsible lending in the digital marketplace is not only driven by an asymmetry of information between consumers and lenders but also by the lenders’ exploitation of consumer behavioural biases, such as overoptimism, myopia, and cumulative cost neglect; in addition, remuneration structures, such as third-party commissions, have the potential to exacerbate these market failures (Cherednychenko & Meindertsma, 2019, p. 490).

Against this backdrop, the New Consumer Credit Directive acknowledges that the old directive “has been only partially effective” in realizing its goals (Recital 3), and seeks to remedy its shortcomings. In so doing, it essentially aims to ensure responsible lending in the digital consumer credit markets across the EU. The major idea behind the concept of responsible lending is that creditors and credit intermediaries should not act solely in their own interests but that they should also take into account the consumer borrowers’ interests and needs throughout the credit product life cycle in order to prevent consumer detriment (Cherednychenko & Meindertsma, 2019, p. 485; cf. Ramsay, 2012). In the context of consumer credit, that is, unsecured credit provided for personal, household, or domestic purposes, consumer detriment may be represented by the financial loss resulting from the purchase of a credit product that does not yield any substantial benefit to the consumer and/or seriously impairs the consumer’s financial situation. Financial difficulties in turn may lead to social exclusion and even serious health problems associated with over-indebtedness.

This article aims to explore the potential of the New Consumer Credit Directive to ensure responsible lending in the digital marketplace. It will critically assess the key changes to the 2008 Consumer Credit Directive introduced by the revised directive, considering the large-scale irresponsible lending practices that have troubled the EU consumer credit markets since the adoption of the old directive. Such practices include the provision of high-cost credit, notably payday loans and BNPL; cross-selling, whereby consumer credit products are sold to consumers together with other products, such as payment protection insurance; and peer-to-peer lending (P2PL) which connects consumer lenders to consumer borrowers directly through an electronic P2PL platform outside the traditional financial sector (Cherednychenko & Meindertsma, 2019, pp. 491–498). While the analysis will focus on consumer protection standards, the issue of enforcement will also be addressed. I will conclude with the summary and some final reflections on the way forward for European consumer credit law.

The New Consumer Credit Directive: Key Changes

To address the shortcomings of the 2008 Consumer Credit Directive, the New Consumer Credit Directive seeks to change it in three major respects. First, the new directive widens its scope of application to include products and services that have previously not been covered. Second, it tailors the existing rules, notably information requirements, to the consumer needs in the online environment. Third, it introduces additional, more protective rules, thus moving away from the information paradigm of consumer protection. The respective changes encompass the whole life cycle of a variety of consumer credit products from development through distribution until repayment. In addition, some changes have also been made with respect to enforcement. Like its predecessor, the revised directive seeks to achieve full harmonization of national rules that fall within its scope (Article 42 and Recital 13). Insofar as the New Consumer Credit Directive contains harmonized provisions, therefore, Member States are not allowed to maintain or introduce stricter rules than those laid down therein, unless otherwise provided for in the directive.

In the following, the key changes to the current regulatory regime will be discussed in more detail in the context of the above mentioned irresponsible lending practices across the EU. Specifically, these changes include a broader scope of the directive’s application, adapted rules to facilitate informed consumer decision-making, a ban on tying practices, stricter rules on the consumer’s creditworthiness assessment, measures to prevent usury, a general duty of care, reasonable forbearance measures, and revised provisions on enforcement. A comparison will be drawn with the 2008 Consumer Credit Directive and, where relevant, other EU harmonization measures related to consumer finance, notably Directive 2014 on credit agreements for consumers relating to residential immovable property (Mortgage Credit Directive) adopted in the aftermath of the global financial crisis. Now and then the Proposal of the European Commission (2021c) for a New Consumer Credit Directive as well as the agreed positions of the Council of the EU (2021) and the European Parliament (2021) on this proposal will also be considered.

A Broader Scope of Application

The limited scope of application has been one of the major causes of the inability of the 2008 Consumer Credit Directive to ensure adequate consumer protection against irresponsible lending in an increasingly digital environment. Ironically, the old directive does not fully apply to the most problematic consumer credit products and services available on the market, notably high-cost credit and P2PL.

First, as the 2008 Consumer Credit Directive is only applicable to loans between EUR 200 and EUR 75 000 (Article 2(2)(c)), it does not offer any protection to consumers who take out loans below EUR 200. The post-crisis era has shown, however, that small value loans may cause significant consumer detriment and that applicable national laws do not always sufficiently protect consumers against it (e.g., Aldohni, 2017; Cherednychenko & Meindertsma, 2019, pp. 492–494; Fejõs, 2015; Rott, 2023a). The widespread mis-selling of payday loans across the EU is a case in point. Even though these credit products typically involve small amounts, often below EUR 200, they pose substantial risks to consumers due to their standard features. The latter may include exorbitant interest rates, high additional costs for consumers who do not repay the initial debt on time, and endless possibilities for obtaining a new loan in order to refinance the previous one, with every new rollover new costs being added to the outstanding debt (Cherednychenko & Meindertsma, 2019, pp. 492–494). In addition, payday loans have been associated with quick and easy access to credit over the Internet or via SMS. For example, the well-known British payday lender Wonga, which went bankrupt in 2018 following a wave of customer compensation claims (Collinson & Jones, 2018), used to state on its website that it would “send the cash within five minutes of approval” (Wonga, 2018). Ferratum, a Maltese bank, is even faster, currently promising to its German customers a credit decision within 60 seconds (Ferratum, 2024). Many payday loan customers are low-income consumers who tend to prefer payday loans for these very reasons or those who do not have credit alternatives available to them.

Second, interest free credit also lies outside the old directive’s scope of application (Article 2(2)(f)). As a result, another potentially high-cost credit product — BNPL — is currently not subjected to any regulatory constraints at EU level and remains largely unregulated at Member State level. BNPL allows consumers to purchase products and services without having to commit to the full payment amount up front. This new credit product has been widely offered to European consumers online by FinTech companies, such as Klarna, Tinka and Billink, but increasingly also by banks (BEUC, 2022a). What makes BNPL particularly attractive to consumers is that it often does not involve the payment of any interest to the lender during a promotional period, typically between one and 12 months. However, if the consumer does not repay the entire amount within this period, then interest will usually be charged on the whole balance or the unpaid part of the balance from the date of purchase. Moreover, the consumer can also be confronted with high additional costs. Recent studies indicate that late payment fees provide a substantial part of the total revenues of BNPL-providers in the EU Member States and beyond (Autoriteit Financiële Markten, 2022a, p. 15; Autoriteit Financiële Markten, 2022b, pp. 19–20; BEUC, 2022a; Financial Conduct Authority, 2021a). According to the Dutch Authority for the Financial Markets (Autoriteit Financiële Markten (AFM)), for example, up to 40% of the total revenue of some BNPL-providers come from such fees (Autoriteit Financiële Markten, 2022a, p. 15). Young people between 18 and 24 years of age who use a BNPL-product are most often confronted with high additional costs and debt collection agencies (Autoriteit Financiële Markten, 2022b, pp. 19–20).What is presented as cost-free credit, therefore, essentially amounts to high-cost credit which increases the risk of over-indebtedness for consumers.

Third, the 2008 Consumer Credit Directive does not apply to direct P2PL where a credit agreement is concluded between a consumer borrower and a consumer lender and the role of the P2PL platform is limited to connecting and matching these two consumers.Footnote 1 Such services are usually provided by new market entrants known for the heavy digitalization of their processes, including technological support for credit analysis and payment settlements. Even though its market share is currently not very high (Sein, 2023, p. 224), direct P2PL typically offers access to credit for consumers who cannot obtain it from conventional lenders (European Commission, 2021a, p. 9), posing significant risks not only to consumer borrowers but also to consumer lenders (European Banking Authority, 2015a; Ferretti, 2021; Macchiavello, 2017). Consumer lenders may lose the amount lent following the consumer borrower’s default. They may also be unaware of this risk, relying on misleading advertisements or unverified information about the consumer borrower and his or her project. Consumer borrowers in turn may not be able to repay their loans (European Banking Authority, 2015a, pp. 16, 20; International Financial Consumer Protection Organisation, 2017, p. 21). While direct P2PL is presented as a form of democratic, participating, and disintermediated finance, both consumer lenders and consumer borrowers need a P2PL platform in order to reduce information asymmetries between them. But the way in which such platforms currently operate raises serious concerns about their reliability in this respect (Cherednychenko & Meindertsma, 2019, p. 498; Ferretti, 2021, p. 102; Macchiavello, 2017, p. 673). It also casts doubt on the appropriateness of the existing national legal regimes applicable to direct P2PL and their effectiveness in protecting consumers against risks associated with it.

In the light of these limitations of the 2008 Consumer Credit Directive, the EU legislator sought to expand its scope of application. Importantly, the New Consumer Credit Directive generally applies to unsecured loans of up to EUR 100 000 (Article 2(2)(c)).Footnote 2 The lower threshold of EUR 200 currently in place is thus abolished, and the upper threshold is raised to EUR 100 000. Small-value loans, including payday loans, therefore, now fall within the ambit of the harmonized regime. Furthermore, the new directive is also applicable to the interest free credit offered by a third party, i.e., a creditor or a credit intermediary who is not a party to a contract between the supplier of goods or services and the consumer.Footnote 3 Accordingly, the provision of BNPL by FinTech companies and banks is brought within the scope of the harmonized regime. This means that the key provisions of the new directive, notably the rules on the consumer’s creditworthiness assessment, will apply to payday loans, BNPL, and other current forms of high-cost credit. Where the credit is below EUR 200, free of interest and charges, or repayable within three months with “only insignificant charges”, the Member States are merely allowed to exclude the application of certain information requirements (Article 2(8)).

At the same time, the New Consumer Credit Directive is more narrow in scope than initially proposed by the European Commission. While the Commission sought to extend the application of the harmonized regime to almost all types of interest free credit, notably BNPL, all leasing agreements, including those without an obligation to purchase the object of the agreement, and all overdraft facilities, including deferred debit cards (European Commission, 2021c, Article 2; see Cherednychenko, 2023a, p. 187), the final text of the directive contains several exemptions thereto. In particular, the interest free credit products offered by the suppliers of goods or services without the involvement of a third party are exempted from the new directive’s application, provided that certain conditions are met. Where interest free credit is offered by a micro-enterprise or an SMS, the directive will not apply if the credit does not involve any charges, apart from “only limited charges” for late payment, and it is fully repaid within 50 days of delivery (Article 2(2)(h)). Where interest free credit is offered online by a large company, such as Amazon, similar conditions apply, except that the repayment must be made within 14 days (Article 2(2)(h)). In practice, therefore, the suppliers of goods and services may choose not to rely on the third party providers of BNPL but to offer such products themselves so as to avoid the application of the new directive altogether. In addition, the revised directive does not apply to hiring or leasing agreements with no obligation or option to purchase their object (Article 2(2)(g)). Member States may also exempt deferred debit cards from its application where such cards are provided by a credit or payment institution, the credit must be repaid within 40 days, and it is free of interest and with “only limited charges” for the provision of the payment service (Article 2(5)). By providing for these exemptions in the new directive, the EU legislator sought to strike the balance between access to credit and consumer protection. However, the European Consumer Organisation (BEUC) criticized the Council and the European Parliament for narrowing down the scope of the Commission’s proposal in this way (BEUC, 2022b, c, d, pp. 4–7). In particular, BEUC was not convinced that the provision of credit by the suppliers of goods and services makes it less risky for consumers than the provision of credit by firms whose principal activity is to provide financial services and feared that the exemptions noted above would open the door to abuse, especially by Big Tech and large retailers. It remains to be seen whether the safeguards against the high cost of interest free credit ultimately built into the exemptions, such as limits on the amount of additional fees and the length of the repayment period, will suffice to address these concerns.

Furthermore, while the Commission sought to bring direct consumer P2PL where a platform operator does not qualify as a creditor or a credit intermediary within the scope of the New Consumer Credit Directive,Footnote 4 the proposed rules to this effect did not make it in the final text of the directive. The Council of the EU (2021, p. 4) insisted on the exclusion of direct consumer P2PL from its scope, following the concerns raised by the Member States about the appropriateness of the new directive for regulating this form of P2PL (see Morello, 2023, p. 862; Sein, 2023, p. 22). Direct consumer P2PL currently also falls outside of the scope of Regulation (EU) (2020) on European crowdfunding service providers for business (Article 1(2)(a)). The New Consumer Credit Directive does mandate the Commission to assess the need for further measures to regulate direct P2PL in order to protect both consumers who take out a credit and those who invest through a platform operator (Article 46(2) and Recital 93). Until any such measures are introduced, however, direct consumer P2PL will remain unregulated at EU level. The level of consumer protection against irresponsible lending on the platforms that offer such services, therefore, will continue to vary across the EU, depending on the applicable national law.

Adapted Rules to Facilitate Informed Consumer Decision-Making

While information requirements feature prominently in the 2008 Consumer Credit Directive, their effectiveness in empowering consumers to make well-informed decisions, particularly in the digital marketplace, must be doubted. The European Commission’s report on the evaluation of this directive notes, for example, that consumers currently face information overload already when credit products are being advertised and that they have difficulty in reading and processing a single advertisement (European Commission, 2020, p. 117). The way in which the required information is provided in the online environment and in certain media as well as misleading and aggressive advertising strategies pose particular challenges to consumers (European Commission, 2020, p. 9). Various studies also suggest that the pre-contractual information to be provided to consumers under the directive is often far too lengthy and complex for them to understand.Footnote 5 These concerns are also echoed in the impact assessment accompanying the Proposal for a New Consumer Credit Directive (European Commission, 2021a, pp. 14–15, 157; see Van Schagen, 2023, p. 1212).

To ensure informed consumer-decision making in the digital age, the New Consumer Credit Directive brings a number of changes to the existing regime. In particular, it envisages that the standard information on the key credit product features, such as the borrowing rate (fixed, variable or both), the total amount of credit, and the annual percentage rate of charge (APRC), should be “easily legible or clearly audible, as appropriate, and adapted to the technical constraints of the medium used for advertising” (Article 8(3)). It also reduces the amount of the information to be provided to consumers where that medium does not allow this information to be visually displayed (Article 8(3)). In addition, the new directive prohibits certain advertising practices altogether. The EU-wide ban concerns advertising which incites consumers to seek credit by suggesting that it would improve their financial situation, specifies that outstanding debt or registered credit in databases have little or no influence on the assessment of a credit application, or falsely suggests that credit leads to an increase in financial resources, constitutes a substitute for savings, or can raise the consumer’s living standards (Article 8(7)). Member States are also allowed to prohibit advertising which highlights the ease or speed with which credit can be obtained, states that a discount is conditional upon taking up credit, or offers “grace periods” of more than three months for the repayment of credit (Article 8(8)).

Furthermore, the New Consumer Credit Directive introduces changes with respect to pre-contractual information requirements. In particular, it reduces the amount of the key information to be provided to consumers at the pre-contractual stage by means of the Standard European Consumer Credit Information (SECCI) form and requires that the key elements of the credit are displayed in a prominent way on the first page of that form so that consumers can see them at a glance, even on the screen of a mobile (Article 10(3), Annex I, and Recital 37). The key elements of the credit generally include the identity of the creditor; the total amount of credit; the duration of the credit agreement; the borrowing rate; the APRC and the total amount payable by the consumer; the costs in the case of late payments (i.e., the applicable interest rate and the arrangements for its adjustment as well as any default charges); the amount, number, and frequency of payments to be made by the consumer; a warning regarding the consequences of missing or late payments; the existence of a right of withdrawal; the existence of a right of early repayment; and the creditor’s contact details. Additional information about the credit agreement, including the one about whether the price was personalized on the basis of automated decision-making, should be displayed after and separated from the key elements of such an agreement mentioned above (Articles 10(5) and 13, Annex I). The new directive thus restructures the currently existing SECCI to help consumers understand and compare different offers. As the old directive, it also requires creditors and credit intermediaries to provide SECCI “in good time before the consumer is bound by any credit agreement or offer” (Article 10(1)). In case the consumer is provided with SECCI less than one day before these effects occur, the revised directive imposes on creditors and credit intermediaries a new duty which obliges them to remind the consumer of the possibility to withdraw from the credit agreement (Article 10(1)).

The New Consumer Credit Directive also clarifies the existing duty of creditors and credit intermediaries to provide adequate explanations to consumers in the pre-contractual phase by specifying which pre-contractual information should be explained and making it clear that such explanations should be provided free of charge and before concluding the credit agreement (Article 12). Adequate explanations should enable the consumer to assess whether the proposed agreement is adapted to his or her needs and financial situation. However, they do not amount to advice in the form of a personalized recommendation. In fact, creditors and credit intermediaries are also subjected to new information duties with respect to the provision of advice (Article 16(1–2)). In particular, they should inform a consumer whether advisory services are being or can be provided to him or her (Article 16(1)).

Other novelties of the New Consumer Credit Directive designed to facilitate informed consumer decision-making include the ban on pre-ticked boxes and the ban on unsolicited granting of credit. The ban on pre-ticked boxes precludes creditors and credit intermediaries from inferring the consumer’s agreement for the conclusion of a credit agreement or for the purchase of ancillary services presented through default options, including pre-ticked boxes (Article 15(1)). The ban on unsolicited granting of credit (e.g., increasing the consumer’s overdraft limit or sending him or her a credit card) implies that credit cannot be granted to consumers “without their prior request and explicit agreement” (Article 17).

Finally, while maintaining the consumer’s right to withdraw from the credit agreement within 14 days of its conclusion or receipt, the New Consumer Credit Directive restricts the withdrawal period in case the consumer has not received the contractual terms and conditions and the contractual information required by the directive. In such a case, the withdrawal period should in any event expire one year and 14 days after the conclusion of the credit agreement, except when the consumer has not been informed about his or her right of withdrawal (Article 26(2)). This new time limit was introduced in order to increase legal certainty (Recital 64), following, in particular, the decision of the Court of Justice of the EU (CJEU) in UK and others v Volkswagen Bank GmbH and others (2021). In that case, the court ruled that where a consumer has not been provided with some of the mandatory contractual information listed in the 2008 Consumer Credit Directive, the consumer may exercise his or her right of withdrawal, “even if a considerable length of time has elapsed” since the conclusion of the credit agreement (para. 126). By limiting the cooling-off period in such a case to one year and 14 days, the new directive reduces the level of consumer protection compared to the current regime. This change has attracted criticism, given that credit agreements often last longer than one year and the consequences of the creditor’s failure to provide the required contractual information may not necessarily become apparent to the consumer during the first year (BEUC, 2022d, p. 16; Rott, 2023b, p. 891).

The existing rules to facilitate informed consumer decision-making certainly need to be adapted to a digital lending environment, and overall, the changes introduced by the new directive constitute improvement in this respect. However, widespread mis-selling of consumer credit across the EU under the current information-focused regulatory regime has shown that these rules alone cannot ensure responsible lending. In order to prevent consumer detriment, they should be complemented by more intrusive regulatory standards limiting consumer access to credit or related products in certain circumstances. As will be discussed below, the New Consumer Credit Directive also contains a few rules to this effect but their potential may not be fully realized.

A Ban on Tying Practices

The practice of selling a credit product together with another financial product, such as insurance, known as cross-selling, has been widespread in the EU. Cross-selling can take the form of product tying when another financial product is made mandatory to obtain a loan from a particular creditor. Alternatively, such a product can be offered to consumers as an optional extra – a practice known as product bundling (International Financial Consumer Protection Organisation, 2017, p. 31). The cross-selling of financial products may lead consumers to purchase products that they do not necessarily want or need and that entail additional fees and charges. Perhaps unsurprisingly then, it has been identified as an irresponsible lending practice in many Member States (Cherednychenko & Meindertsma, 2019, p. 496; European Banking Authority, 2017). The examples include the provision of a loan in combination with payment protection insurance (PPI), car insurance, or life insurance, where consumers did not need the insurance or were unaware that they were taking it out when concluding the credit agreement.

The cross-selling of PPI has proven particularly problematic (Cherednychenko & Meindertsma, 2019, pp. 496–498). PPI is an insurance policy that enables consumers to insure loan repayment if the borrower dies, becomes ill or disabled, or faces other circumstances preventing him or her from meeting the obligations under a credit agreement. As with any other type of insurance, PPI may exclude or impose restrictive conditions on particular types of claimant (e.g., self-employed or contract workers) or claim (e.g., sickness related to pre-existing medical condition) and may be subject to other terms that limit the cover provided. In the former EU Member State, the UK, for example, the cross-selling of PPI—mortgage PPI, personal loan PPI, and credit card PPI (Competition Commission, 2009, p. 22)—has resulted in the largest mis-selling scandal in its financial history (see Ferran, 2012). As of December 2019, GBP 38.3 billion was set aside by financial firms for compensation payouts (Financial Conduct Authority, 2021b). The scandal has revealed two major problematic aspects of the selling process (Financial Services Authority, 2006, 2007, 2008). First of all, many consumers were provided with inadequate information about the PPI’s benefits, exclusions, limitations, and costs. In addition, while the standard features of such policies imply a suitability risk, in many cases, no adequate suitability checks were performed. As a consequence, many consumers bought products that were wholly unsuitable for them because from the very outset they did not meet eligibility requirements under the product terms to be able to make a claim. Similar problems with the cross-selling of PPI have been reported in other parts of Europe (European Parliament, 2014, p. 128). In Spain, for example, some consumers who bought PPI were deluded into thinking that they were protected in cases of unemployment or temporary incapacity (European Parliament, 2014, p. 128). In Germany, many subprime borrowers were misled to believe that they could only obtain credit if they also purchased PPI, while they were contractually not obliged to do so (Bundesanstalt für Finanzdienstleistungsaufsicht, 2017, p. 31). These problems have been exacerbated by the considerable cost of PPI. For instance, the consumer organization Stiftung Warentest, which compared the PPI premiums charged by 25 German banks at the end of 2020, reported that the most expensive insurance policy for a loan of EUR 10,000 amounted to EUR 2,280, and the cheapest one still costed EUR 764 (Stiftung Warentest, 2022).

While cross-selling has thus been one of the major causes of consumer detriment in the European consumer credit markets, the 2008 Consumer Credit Directive does not comprehensively deal with this practice. It only requires that where the consumer is obliged to purchase an insurance policy in order to obtain credit, the costs of such a policy are included in the APRC so as to help consumers compare different offers (Article 19 and Annex II, para. 3). However, the old directive does not impose any restrictions on making the provision of credit conditional on the purchase of PPI or another financial product. Although it does not preclude Member States from introducing such rules at national level,Footnote 6 it clearly does not oblige them to do so. In contrast, the Mortgage Credit Directive, for example, lays down specific rules designed to restrict some cross-selling practices. Importantly, this EU measure distinguishes between product bundling and product tying. The latter is defined in the Mortgage Credit Directive as “the offering or the selling of a credit agreement in a package with other distinct financial products or services where the credit agreement is not made available to the consumer separately” (Article 4(26)). Whereas the directive allows bundling practices, it generally prohibits tying practices (Article 12(1)).Footnote 7 The idea behind this rule is “to prevent practices such as tying of certain products which may induce consumers to enter into credit agreements which are not in their best interests, without however restricting product bundling which can be beneficial to consumers” (Recital 24).

Against this backdrop, the New Consumer Credit Directive introduces a general ban on product tying, while at the same time allowing product bundling (Article 14(1)). However, it enables Member States to derogate from the prohibition of tying practices in two cases. First, a credit product can be tied to opening or maintaining a payment or savings account where such an account serves to accumulate capital to repay the credit, to service the credit, to pool resources to obtain the credit, or to provide additional security for the creditor in the case of the borrower’s default (Article 14(2)). Second, a credit product can be tied to an insurance policy, taking into account proportionality considerations; in this case, however, the creditor is required to accept the insurance policy from a supplier different to his or her preferred one where such policy provides for an equivalent level of protection, without modifying the conditions of the credit offered to the consumer (Article 14(3)).

The new rules on cross-selling for unsecured consumer credit are more in line with those for mortgage credit. The general ban on tying practices may address some of the problems experienced by European consumers in the markets for non-mortgage consumer loans. The possibilities for the Member States to derogate therefrom, however, may undermine its effectiveness. Allowing lenders to tie their credit products to insurance policies is of particular concern, given that the revised directive does not introduce any rules designed to ensure the basic suitability of those policies for individual consumers. Yet, the above mentioned mis-selling scandals demonstrate that the unsuitability of PPI for consumer borrowers has been one of the major issues associated with them in the context of cross-selling in general. Consumer borrowers may end up with an unsuitable PPI not only when the provision of credit is conditional on such an insurance policy but also when they are not obliged to purchase it, and all the more so given widespread misleading practices in the markets for unsecured consumer loans. Obliging lenders to ensure the basic suitability of financial products offered together with credit for consumers could address this problem. Such a duty appears especially appropriate where the provision of credit is tied to the purchase of PPI, as many consumers may have no real choice but to buy such a policy in order to obtain a badly needed loan. In the absence of a suitability rule for tied products in the new directive, those Member States that choose to derogate from the EU-wide ban on tying practices could introduce such a rule at national level.

Stricter Rules on the Consumer’s Creditworthiness Assessment

Poor assessments of the consumers’ creditworthiness, notably when selling high-cost credit products, have been another major cause of consumer detriment across the EU. Payday lenders have been particularly notorious for failing to perform thorough creditworthiness checks and, even worse, advising consumers already experiencing repayment difficulties, to take out more loans (Cherednychenko & Meindertsma, 2019, p. 492). In many Member States, regulation has failed to combat these practices due to the lack of sufficiently clear and binding rules on how the consumer’s creditworthiness must be assessed and the resulting wide margin of discretion for lenders (Cherednychenko & Meindertsma, 2019, p. 494). In Bulgaria, for example, Consumer Credit Act 2010 only imposes on creditors a general obligation to assess the consumer’s creditworthiness on the basis of sufficient information prior to the conclusion of a credit agreement (Sect. 12). In the absence of more concrete standards on how such an assessment should be performed, this broadly formulated provision has not proved itself an effective tool for combating irresponsible high-cost credit lending (Cherednychenko & Meindertsma, 2019, p. 494). In the UK, until 2014, only non-mandatory guidance on what may constitute irresponsible lending practices was available for lenders (Office of Fair Trading, 2011).Footnote 8 Although the guidance was quite detailed, it failed to ensure that the majority of payday lenders made a sufficient and rigorous creditworthiness assessment (cf. Aldohni, 2017, p. 330).

The thrust of responsible lending is that, prior to the conclusion of a credit agreement, the lender should not only assess whether it will recover its money in the case of the consumer borrower’s default on a loan—that is, credit risk. In addition, the lender should determine whether the borrower is likely to be able to repay without incurring undue financial hardship (Ramsay, 2012, p. 33; Ramsay, 2016, p. 162). In this context, the UK’s Financial Conduct Authority (FCA) has drawn a distinction between a “lender-focused” test and a “borrower-focused” test which is particularly helpful in determining the scope of the consumer’s creditworthiness assessment. While a lender-focused test is limited to the assessment of credit risk, a borrower-focused test involves the assessment of credit affordability which is about how difficult it may be for the consumer to repay credit (Financial Conduct Authority, 2017, p. 4). This dichotomy addresses the problem that the lender’s interest in minimising its credit risk may not always provide a sufficient incentive for the lender to provide a loan which is in the best interests of the consumer borrower (see Comparato, 2018, pp. 117–120). Financial incentives may motivate the creditor to lend to consumers who it expects to be profitable even if these consumers are at high risk of suffering substantial detriment. The mis-selling scandals involving payday loans have shown, for example, that creditors can engage in a cycle of extending credit and generating profit from consumers who pay interest and penalty charges at a sufficient level to make the loan profitable regardless of whether it is eventually repaid (Cherednychenko & Meindertsma, 2019, p. 491). The fact that a significant part of the BNPL-providers’ total revenues comes from late payment fees, noted above, points to a similar pattern in the markets for BNPL-products. In order to ensure responsible lending, therefore, the lender’s duty to assess the consumer’s creditworthiness should by no means be limited to the assessment of credit risk and should also include the borrower-focused creditworthiness check.

Yet, the 2008 Consumer Credit Directive imposes only a modest obligation on the creditor to assess the consumer’s creditworthiness before the conclusion of the credit agreement or any significant increase in the amount of credit afterwards on the basis of sufficient information obtained from the consumer or the relevant database (Article 8). The wording of this generally formulated provision does not make it clear what kind of creditworthiness assessment—creditor-focused or borrower-focused—is envisaged by it. Neither does it address the issue of what the creditor should do in the case of a negative outcome of the creditworthiness check. Should the credit be denied to the uncreditworthy consumer borrower? Or can it still be granted, provided that the borrower is informed or warned about the risks of taking out a loan in such circumstances? In the absence of harmonized rules on these aspects, the adopted solutions vary greatly across the EU (Cherednychenko & Meindertsma, 2019, p. 501). The current rules on the creditworthiness assessment for non-mortgage consumer credit also differ substantially from those for mortgage credit. Unlike the 2008 Consumer Credit Directive, the Mortgage Credit Directive suggests a borrower-focused test. In particular, the Mortgage Credit Directive explicitly states that the creditworthiness assessment cannot rely predominantly on the fact that the value of the property exceeds the amount of the credit or the assumption that the property will increase in value, unless the purpose of the credit agreement is to construct or renovate the property (Article 18(3) and Recital 55). In addition, the Mortgage Credit Directive obliges the creditor to refuse granting credit to the consumer in the case of a negative result of the creditworthiness assessment (Article 18(5)(a)).

To ensure responsible consumer credit lending in the digital environment, the New Consumer Credit Directive brings major changes to the existing regime which increase the level of protection afforded to consumer borrowers. Importantly, the new directive makes it unequivocally clear that the creditworthiness assessment to be performed by creditors is the borrower-focused one. In particular, it specifies that this assessment should be done “in the interest of the consumer, to prevent irresponsible lending practices and over-indebtedness” (Article 18(1)). The assessment should be carried out on the basis of relevant and accurate information on the consumer’s income and expenses as well as other financial and economic circumstances which is necessary and proportionate to the nature, duration, value, and risk of the credit for the consumer, such as evidence of income, financial assets and liabilities, or information on other financial commitments (Article 18(3)). This information should be appropriately verified, where necessary by reference to independently verifiable documentation (Article 18(3)). Creditors are not allowed to use sensitive personal data, such as data concerning the consumer’s religious beliefs, health or sexual orientation as well as data collected from social networks, for the purposes of the creditworthiness assessment (Article 18(3)). It follows from the ruling of the CJEU in CA Consumer Finance SA v Ingrid Bakkaus (2014) that the burden of proof for complying with these rules lies with the creditor (paras 26–28).

The New Consumer Credit Directive also requires that lenders refuse granting credit where the outcome of the creditworthiness check is negative (Article 18(6)). In line with the Mortgage Credit Directive, the respective provision is formulated in positive terms, allowing the creditor to make the credit available to the consumer only where the result of the creditworthiness assessment indicates that the obligations under the credit agreement are likely to be met as required under that agreement. It is noteworthy that the initial proposal of the European Commission for the new directive made an exception to this rule and allowed lenders to provide credit to consumers who are not creditworthy “in specific and well justified circumstances” (European Commission, 2021c, Article 18(4)). This exception ultimately did not make it into the directive’s final text, following the suggestion of the Council of the EU (2021, p. 6) to abolish it in its entirety in order to ensure legal certainty and prevent consumer over-indebtedness.

Finally, in the face of the increasing use of profiling and other automated processing of personal data, the revised directive grants to consumers a right to request and obtain from the creditor human intervention where the creditworthiness assessment involves the use of such data (Article 18(8)). This new right includes the right to (a) request and obtain a clear and comprehensible explanation of the creditworthiness assessment, (b) express the consumer’s own point of view, and (c) request a review of the creditworthiness assessment and the decision on the granting of the credit. These entitlements are designed to protect consumer borrowers against the risks involved in AI-based credit scoring, such as the use of inaccurate data and discrimination (Montagnani & Paulesu, 2022, p. 565). But while being a welcome addition to the catalogue of EU consumer rights, the right to human intervention alone does not suffice to overcome the structural digital asymmetry between lenders and consumers. What also needs to be regulated is the use of AI by lenders. This aspect is addressed in the Proposal of the European Commission (2021b) for an AI Act, a provisional agreement on which between the European Parliament and the Council has been recently reached. The AI Act will subject AI systems to safeguards, depending on the level of risk involved, and even prohibit certain applications of AI, such as social scoring based on social behaviour or personal characteristics. The AI Act will thus complement the New Consumer Credit Directive in protecting consumers against the risks of AI-based credit scoring.Footnote 9

The introduction of the stricter EU rules on the creditworthiness assessment that require lenders to take the interests of consumers seriously when considering a credit application and refuse credit to uncreditworthy consumers will increase the level of consumer protection across the EU. In particular, the revised rules will profoundly affect the business models of the online providers of small value credit and BNPL that were exempted from the obligation to perform creditworthiness checks under the old directive. While the providers of small value loans mostly rely on algorithmic credit scoring to assess the consumers’ creditworthiness, it remains uncertain whether mere reliance on such scoring will suffice to comply with the new borrower-focused rules (Rott, 2023a, p. 214). In any case, the consumer’s right to human intervention under the revised directive implies that many such lenders will need more qualified stuff to deal with the requests of consumer borrowers, which may ultimately undermine their competitiveness.

At the same time, the new rules on the creditworthiness assessment harness open-ended concepts, such as “the interest of the consumer”, leaving considerable leeway to Member States to interpret and apply them. While the Member States need a certain margin of discretion to be able to adapt the harmonized standards to the local circumstances, EU-level guidance on such standards is necessary to ensure their consistent application. An important role in clarifying the meaning of the borrower-focused creditworthiness test could be played by the European Banking Authority (EBA). This European supervisory authority has already issued guidelines on the consumer’s creditworthiness assessment under the Mortgage Credit Directive (European Banking Authority, 2015b). It is submitted that it could play a similar role under the New Consumer Credit Directive (see European Parliament, 2021, p. 50).

Measures to Prevent Usury

Usury has been yet another area of growing concern over the last decade (Cherednychenko & Meindertsma, 2019, pp. 492–494). As noted above, excessively high interest rates have been a standard feature of payday loans. In the UK, for example, the annual interest rate on payday loans could go up to 5,853%.Footnote 10 In Finland, payday borrowers were charged an annual interest of nearly 1,000% on average (European Parliament, 2014, p. 58). Similar products with very high interest rates were also offered to consumers in many Central and Eastern European countries, in particular Estonia, Czech Republic, Slovakia, Slovenia, Poland, and Romania (Reifner et al., 2010, p. 124). Apart from the excessive interest rates associated with payday loans, those consumers who have not repaid the initial debt on time are often confronted with high additional costs (Cherednychenko & Meindertsma, 2019, p. 492).

The 2008 Consumer Credit Directive does not provide for any substantive safeguards against exorbitant interest rates or other potentially dangerous features of high-cost credit products that may cause consumer detriment. In particular, the directive does not require that Member States regulate product contract terms in the form of price caps. In the absence of EU harmonization in this sensitive area, national laws related to usury vary greatly (e.g., Cherednychenko, 2014, p. 413; Reifner et al., 2010; Rott, 2023a, p. 216). To address the persistent irresponsible lending in the payday loan markets, the UK’s FCA, for example, has introduced a price cap on high-cost short-term credit, including interest, fees, and default charges (Financial Conduct Authority, 2014a, p. 58). Following the adoption of these rules, the FCA has estimated 7% of current borrowers—some 70.000 people who are likely to have been in a worse situation if they had been granted a payday loan—may not have access to such loans (Financial Conduct Authority, 2014b). In many current EU Member States, however, the rise of similar credit products has not prompted any targeted regulatory action to date. While some countries like Germany entirely rely on open private law norms, such as good morals (German Civil Code 2002, § 138(1)), to combat usury (Rott, 2023a, p. 216), others like Poland additionally have in place interest caps that are generally applicable to all types of unsecured consumer credit.Footnote 11

Against this background, the European Commission sought to improve consumer protection against usury through the harmonization of national laws. In particular, its Proposal for a New Consumer Credit Directive required that Member States introduce caps on interest rates applicable to credit agreements, the APRC or the total cost of the credit to the consumer (European Commission, 2021c, Article 31(1)). The size of such caps and the way in which it must be determined was left entirely to the Member States. However, this already quite modest rule in terms of its harmonizing effects was tempered even further by the amendments proposed by the Council of the Eu (2021, p. 101) which made it into the final text of the directive. According to the New Consumer Credit Directive, Member States should “introduce measures to effectively prevent abuse and to ensure that consumers cannot be charged with excessively high borrowing rates, annual percentage rates of charge or total costs of credit to the consumer, such as caps” (Article 31(1)). Unlike what was initially proposed by the Commission, this provision does not impose a general obligation on the Member States to introduce price caps but merely requires them to introduce measures that can effectively prevent usury. The Member States themselves may therefore determine which measures should be put in place. This new rule thus appears to accommodate the general clauses of private law which in some Member States serve as the sole means of consumer protection against usury.

In addition, the revised directive makes it clear that Member States may prohibit or limit specific charges or fees applied by creditors (Article 31(2)). Those Member States that allow creditors to impose charges on the consumer arising from default may require that “those charges are no greater than is necessary to compensate the creditor for costs it has incurred as a result of the default” (Article 35(3)). At the same time, where Member States allow creditors to impose additional default charges on the consumer, they should place a cap on them (Article 35(4)).

Accordingly, while the New Consumer Credit Directive obliges Member States to protect consumers against usury, it stops short of specifying what usury actually means. The directive leaves it entirely to national legislators and courts to determine when the borrowing rate, APRC or total cost of credit is “excessively high”. Similarly, it does not determine the size of caps for default charges beyond what is necessary to compensate the creditor for the costs incurred. This halfway solution can be explained by the great diversity of consumer credit markets and usury laws across the EU. In each specific context, the delicate balance needs to be struck between consumer access to credit and consumer protection. Yet, the effectiveness of the new broad-brush EU rules on usury in combating irresponsible lending in the high-cost credit markets remains to be seen. The experience of the Nordic and Baltic countries, for example, shows that the general clauses that imply some kind of usury or immorality test rarely lead to court decisions, as they are not easy to apply (Makkonen, 2014, p. 110; Persson & Henrikson, 2014, p. 67; Sein & Volens, 2014, p. 131). The European Parliament (2021, p. 67) was therefore right to suggest that the EBA should monitor the implementing national law. The new directive contains a provision to this effect which obliges EBA to publish a report on the implementation of the measures to limit borrowing rates, annual percentage rates of charge or total costs of credit to the consumer by 20 November 2029 (Article 31(4)). The report should include an assessment of these measures (including methodologies to establish caps where relevant) and their effectiveness, as well as a best practice approach for establishing such measures.

Furthermore, in the absence of bright-line statutory rules on usury, national courts could develop more specific usury or immorality tests within the framework of the general private law clauses. According to the well-established case law of the German federal supreme court in private law matters (Bundesgerichtshof (BGH)), for instance, a credit agreement is immoral if there is a significant imbalance between the creditor and the borrower’s obligations and the creditor abuses the economically weaker position of the borrower; a significant imbalance is usually found to exist where the contractually agreed interest rate doubles the average interest rate in the market, in which case the court applies a rebuttable presumption that the creditor has abused the borrower’s weaker position (e.g., BGH, 12 March 1981; BGH, 11 January 1995; see Rott, 2023a, p. 216). Such a test increases legal certainty for both creditors and consumer borrowers, while giving the courts the flexibility of tailoring it to the particular circumstances of a case to ensure individual fairness.

A General Duty of Care

More or less specific regulatory standards, such as information requirements, a general ban on tying practices, the creditor’s duty to conduct a borrower-focused creditworthiness assessment or rules to combat usury, are designed to tackle particular manifestations of irresponsible lending. Such standards, however, cannot capture all aspects of irresponsible lending in the consumer credit markets today. Neither can they anticipate all the problems facing consumer borrowers in the future. To ensure the existence of a regulatory safety net, therefore, the New Consumer Credit Directive introduces a general duty of care for creditors and credit intermediaries when providing credit to consumers (Article 32(1)), which has no equivalent in the 2008 Consumer Credit Directive. In this way, the revised directive follows the example of the Mortgage Credit Directive which contains a similar obligation (Article 7(1)).

The general duty of care requires that creditors and credit intermediaries “act honestly, fairly, transparently and professionally and take account of the rights and interests of the consumers” throughout the whole life cycle of a credit product (Article 32(1)). The duty should be observed when manufacturing credit products; advertising credit products; granting, intermediating, or facilitating the granting of credit; providing advisory services; providing ancillary services to consumers; and executing a credit agreement.

This new obligation is included in the directive’s Chapter X “Conduct of business obligations and requirements for staff” and is further elaborated in this chapter in relation to remuneration policies. This is not surprising, given that remuneration structures in the consumer credit markets have been one of the key drivers of irresponsible lending, particularly when credit products have been sold together with PPI. In the UK, for example, the commissions payable to loan brokers were typically between 50 and 80% of gross written premium for policies sold in connection with a personal loan (Competition Commission, 2009, p. 2). These levels of commission were much higher than those payable for introducing the loan itself, which meant that a large proportion of the profits of loan brokers was derived from selling PPI policies. Similarly, in Germany, the commissions paid by insurance companies to credit institutions for selling PPI together with a personal loan were sometimes extremely high, in some cases amounting to 50% or more of insurance premium (Bundesanstalt für Finanzdienstleistungsaufsicht, 2017, pp. 19, 33). To prevent such malpractices in the future, the revised directive explicitly requires that the manner in which creditors remunerate their staff and credit intermediaries does not impede compliance with their general duty of care (Article 32(2)). A similar obligation also applies to credit intermediaries with respect to their staff remuneration policies (Article 32(2)).

Furthermore, the New Consumer Credit Directive lays down specific requirements for the remuneration of staff responsible for the assessment of the consumer’s creditworthiness (Article 32(3)) and the provision of advisory services (Article 32(4)). In the former case, the remuneration policy should, among others, not encourage risk-taking that exceeds the level of the creditor’s tolerated risk and not be contingent on the number or proportion of accepted credit applications. In the latter case, the remuneration structure should not prejudice the ability of creditors and credit intermediaries that provide advisory services to act in the consumer’s best interests and should not be contingent on sales targets; to achieve that goal, Member States may ban commissions paid by the creditor to the credit intermediary. These remuneration requirements for the providers of advisory services complement their duty to act in the best interests of the consumer when supplying such services contained in Chapter III of the directive alongside with more specific requirements to this effect (Article 16(3–6)), such as the duty to consider a sufficiently large number of credit agreements in their product range and recommend one or more that are suitable to the consumer’s needs, financial situation, and personal circumstances (Article 16(3)(c)). In addition, the revised directive allows Member States to prohibit or impose restrictions on the payments from a consumer to a creditor or a credit intermediary prior to the conclusion of the credit agreement (Article 32(5)).

While the general duty of care is explicitly fleshed out only in relation to remuneration policies, the rules contained in other chapters of the New Consumer Credit Directive, including those on the provision of information and advice, tying practices, creditworthiness assessment, and usury, can also be seen as specific manifestations of this overarching duty. Importantly, the general duty of care encompasses not only the distribution phase but also the product development phase and requires that credit products are designed in the interests of consumers to whom they are marketed. The significance of financial product design from a consumer protection perspective has been increasingly recognized in the wake of the global financial crisis which has witnessed the introduction of the so-called product governance regimes across different areas of financial services (Cherednychenko, 2014, p. 398). Such regimes seek to prevent financial institutions manufacturing financial products that may cause consumer detriment. The most sophisticated EU-wide product governance regime has been introduced by Directive 2014 on markets in financial instruments directive (MiFID II) and Regulation (EU) 2014 on markets in financial instruments (MiFIR) in the field of retail investments (Articles 9(3) and 16(3) MiFID II; Articles 40–43 MiFIR; see, e.g., Moloney, 2015, pp. 761–764). In contrast, the Mortgage Credit Directive contains only a generally formulated provision, obliging product manufacturers to act “honestly, fairly, transparently and professionally, taking account of the rights and interests of the consumers” (Article 7(1)). Yet, the meaning of this duty with respect to mortgage credit products has been specified in the EBA’s guidelines on product oversight and governance arrangements for retail banking products (European Banking Authority, 2016). In particular, such arrangements should be designed to ensure that the interests, objectives, and characteristics of consumers are appropriately taken into account, to avoid potential consumer detriment, and to minimize conflicts of interest (European Banking Authority, 2016, Guideline 1, para. 1.1 and Guideline 9, para. 9.1). Given a lack of the respective legal basis in the 2008 Consumer Credit Directive, however, EBA currently has no competence to apply such guidelines to the manufacturers and distributors of unsecured consumer credit products. The insertion of the general duty of care into the new directive closes this gap, bringing oversight and governance arrangements in relation to such products within the EBA’s ambit.

Furthermore, this new European open norm could prompt Member States to prohibit certain dangerous features of consumer credit products which are not caught by more specific rules, including those on usury. An example of a potentially dangerous credit product feature that may cause consumer detriment is the unlimited possibility to rollover an existing payday loan. The UK, for instance, reported a case of a payday loan rolling over 36 times (Office of Fair Trading, 2013, p. 23). With every new rollover, new costs are added to the outstanding amount. The consumer thus borrows more and more money, while the amount of money that ultimately benefits him or her remains relatively small. Following the persistent irresponsible lending in the payday loan markets, the UK’s FCA has restricted the number of times a loan can roll over (Financial Conduct Authority, 2014a, p. 48). A similar solution could be adopted in other jurisdictions based on the newly introduced EU-wide general duty of care when providing credit to consumers.

Reasonable Forbearance Measures

The concept of responsible lending encompasses the whole consumer credit product life cycle. Regulatory efforts aimed to ensure responsible lending should therefore extend not only to the credit product development and distribution phases but also to credit repayment by consumers in the post-sale phase. Yet, the 2008 Consumer Credit Directive does not contain any provisions on the treatment of consumer borrowers in financial difficulties, leaving this issue entirely to Member States. During the COVID-19 crisis of 2020–2021, large numbers of consumers were unable to meet their repayment obligations under the credit agreements due to the loss of income. The crisis highlighted a great variety and considerable limitations of the existing legal protections for consumers in financial distress across the EU, prompting the EU legislator to pursue harmonization in this area through the New Consumer Credit Directive.

Apart from the new rules on default fees noted above, the revised directive also includes a new provision which requires that creditors have adequate policies and procedures to exercise, where appropriate, reasonable forbearance before enforcement proceedings are initiated (Article 35(1)). When deciding whether it is appropriate to offer forbearance measures, the creditor should take into account, among other elements, the individual circumstances of the consumer, such as the consumer’s interests and rights, his or her ability to repay the credit and his or her reasonable needs for living expenses (Article 35(1) and Recital 79). When forbearance measures are considered appropriate, they should include a modification of the existing terms and conditions of a credit agreement and could among others include a total or partial refinancing of that agreement (Article 35(1) and Recital 80). The modification of the existing terms and conditions in turn could include, among others: extending the term of the credit agreement; changing the type of that agreement; deferring payment of all or part of the instalment repayments for a period; reducing the borrowing rate; offering a payment holiday; partial repayments; currency conversions; and partial forgiveness and debt consolidation (Article 35(1) and Recital 80). These potential measures are without prejudice to rules set out in national law, and Member States are not required to provide for all of them (Article 35(2)).

The New Consumer Credit Directive thus lays down an EU-wide meta-regulatory framework which relies on the internal management of credit institutions to ensure responsible treatment of consumer borrowers in distress. The management bodies of such institutions should have adequate policies and procedures in place that allow their employees to offer forbearance measures that would be appropriate in the specific situation of a particular borrower. This new framework for unsecured consumer credit builds on the one for mortgage credit established by the Mortgage Credit Directive (Article 28), as elaborated in the EBA’s guidelines on arrears and foreclosure (European Banking Authority, 2015c).Footnote 12 At the same time, the revised directive leaves much leeway to the Member States as to how they implement the new rules and to lenders as to how they exercise reasonable forbearance. It is therefore unlikely to achieve a high level of harmonization in this area, and the lenders’ treatment of consumer borrowers in financial difficulties will in all likelihood continue to differ across the EU. Yet, in introducing the meta-regulatory framework for arrears and forbearance measures, the new directive does have the potential to improve the treatment of such borrowers, particularly in those Member States where the rules to this effect currently do not exist.

Enforcement

The effectiveness of EU consumer credit regulation in ensuring responsible lending depends not only on the consumer protection standards in place but also on the way in which they are enforced. Rules governing relations between private parties have traditionally been enforced ex post—that is, after they have been breached and harm has already occurred. To restore the balance between the parties’ interests, a party whose private law right has been infringed typically has to institute proceedings in a private law court, harnessing private law remedies, such as civil liability. Over the past three decades or more, however, it has been increasingly recognized that private enforcement alone is insufficient to ensure compliance with consumer protection standards and that it needs to be complemented by public enforcement (e.g., Cherednychenko, 2023b; Faure & Weber, 2020; Hodges, 2011; Shavell, 2004). The latter refers to the enforcement of rules by public authorities, particularly administrative agencies, using public law tools, notably that of administrative law, so as to secure ex ante compliance with the law and deter future violations.

Public Enforcement

The EU legislator has been especially keen to promote public enforcement in the private law domain. In particular, Regulation (EU) 2017 on cooperation between national authorities responsible for the enforcement of consumer protection laws (CPC Regulation) requires Member States to set up national administrative authorities responsible for the public enforcement of EU consumer protection legislation, including the 2008 Consumer Credit Directive (Article 3(1) and Annex). In certain sectors of the economy, European supervisory authorities, such as EBA, have been established (see Regulation (EU) 2010 establishing a European Supervisory Authority (European Banking Authority)). Furthermore, many EU measures, including those in the financial services field, profoundly restrict national procedural autonomy by harmonizing administrative sanctions. MiFID II, for example, specifies the range of administrative sanctions, including pecuniary penalties, which should be employed for certain types of breach and how the determination as to the appropriate sanction and level of sanction should be made (Articles 70–72). In contrast, the 2008 Consumer Credit Directive merely requires that the penalties provided for by Member States are effective, proportionate, and dissuasive (Article 23). Accordingly, the choice of sanctions for breach of this EU measure lies within the Member States’ discretion, subject to the observance of the principles of effectiveness, proportionality, and dissuasiveness.Footnote 13 In its case law under the old directive, the CJEU has shed some light on the meaning of these European principles, notably with respect to administrative fines (e.g., Ultimo Portfolio Investment (Luxembourg) SA v KM (2021), para. 32). In the light of large-scale irresponsible lending across the EU over the last decade, however, it is questionable whether the principles of effectiveness, proportionality, and dissuasiveness have always been observed at national level when determining the appropriate sanctions for violations of consumer credit regulations as well their level, and designing the enforcement mechanisms in this area more generally.

The New Consumer Credit Directive seeks to improve public enforcement by strengthening administrative penalties for both domestic and cross-border infringements of its provisions. The directive explicitly requires that national administrative agencies are granted the power to disclose to the public any administrative penalty, “unless such disclosure would seriously jeopardize the financial markets or cause disproportionate damage to the parties involved” (Article 44(3)). Naming and shaming is thus viewed by the EU legislator as an important tool for securing compliance with the provisions of the new directive, provided that the stated conditions are met. However, the revised directive does not provide for any criteria that administrative agencies should take into account when imposing administrative penalties. In this respect, the harmonized rules on penalties for breach of the New Consumer Credit Directive differ from those that apply, for example, to violations of Directive 1993 on unfair terms in consumer contracts (Unfair Contract Terms Directive) and Directive 2005 on unfair business-to-consumer commercial practices (Unfair Commercial Practices Directive), as amended by Directive (EU) 2019 on the better enforcement and modernization of Union consumer protection rules (Omnibus Directive, Articles 1 and 3), which do provide for such criteria.

In addition, the New Consumer Credit Directive specifies that when penalties are imposed for “widespread infringements” and “widespread infringements with an EU dimension”, as defined in the CPC Regulation (Articles 21 and 3(3–4)), in coordinated enforcement actions, they should include the possibility either to impose fines through administrative procedures or to initiate legal proceedings for the imposition of fines, or both (Article 44(2)). Such a possibility is also available under other EU measures in the field of consumer law, including the Unfair Contract Terms Directive and the Unfair Commercial Practices Directive, which have been amended by the Omnibus Directive (Articles 1, 3–4). Unlike these measures, however, the New Consumer Credit Directive does not harmonize the maximum amount of administrative fines for any widespread infringements. It is noteworthy that the Commission’s proposal for this directive envisaged that the maximum amount of fines to be imposed for such infringements should be at least 4% of the creditor or the credit intermediary’s annual turnover in all Member States concerned by the coordinated enforcement action (European Commission, 2021c, Article 44(2)). The adoption of this provision would have aligned the rules on the maximum amount of administrative fines for widespread violations of consumer credit regulations with those for widespread infringements of the Unfair Contract Terms Directive and the Unfair Commercial Practices Directive. Yet, this provision was ultimately not included in the revised directive, as the Council of the EU (2021, pp. 7, 112) objected to it, arguing that cross-border consumer credit transactions in the EU are still very limited.

All in all, therefore, the New Consumer Credit Directive is unlikely to harmonize the application of administrative penalties for violations of consumer credit regulations in the EU to a substantial degree. The above mentioned changes to the old directive are comparatively minor, leaving the way in which administrative law tools are applied largely in the hands of national administrative agencies and courts. Some degree of harmonization in this area could be achieved through the case law of the CJEU. In the absence of any harmonized criteria for determining the appropriate sanction and level of sanction in the new directive, however, administrative penalties for its breach will likely continue to vary across the EU.

Private Enforcement

Quite apart from public enforcement, private enforcement—individual and collective—remains an essential pillar of the EU law enforcement architecture. In EU law, civil liability functions not only as a compensatory device to correct the wrong committed by one private individual against another. In addition, it also has a regulatory function, serving as a deterrent against violations of the standards set by the EU legislator with a view to achieving certain policy goals (e.g., Cherednychenko, 2020a; Wagner, 2012, p. 1406). The CJEU has explicitly recognized the deterrent function of private law remedies, including civil liability, in dissuading potential wrongdoers from committing infringements (e.g., Sabine von Colson and Elisabeth Kamann v Land Nordhein-Westfalen (1984), para. 23; Courage Ltd v Bernard Crehan and Bernard Crehan v Courage Ltd and Others (2001), para. 27; Banco Español de Crédito SA v Joaquín Calderón Camino (2012), para. 69; Alfred Hirmann v Immofinanz AG (2013), paras 43–44; Francisco Gutiérrez Naranjo v Cajasur Banco SAU, Ana María Palacios Martínez v Banco Bilbao Vizcaya Argentaria SA (BBVA), Banco Popular Español SA v Emilio Irles López and Teresa Torres Andreu (2016), paras 61–63). At the same time, however, the EU legislator has not adopted a consistent approach to the harmonization of damages and other private law remedies for violations of EU consumer law in general and financial regulation in particular (Cherednychenko, 2020b; Tridimas, 2020). Some EU measures, such as Directive (EU) 2015 on payment services, explicitly confer rights and remedies on private parties. In contrast, other EU measures others, such as MiFID II, do not have a strong interpersonal dimension, focusing instead on the relationship between regulators and regulatees and the role of administrative agencies in securing business compliance with regulatory requirements. Yet other measures, such as the 2008 Consumer Credit Directive, remain silent on both administrative and private law enforcement tools and, in line with the functional nature of EU law, only oblige Member States to ensure that the penalties provided are effective, proportionate, and dissuasive.

Experience with the enforcement of the 2008 Consumer Credit Directive and other EU measures shows that the type of the legal grammar adopted by the EU legislator—more public, private, or neutral—has an effect on the availability of private law remedies in national legal systems, the CJEU’s likely activism in this context, and ultimately the measures’ ability to realize their policy goals (Cherednychenko, 2020b, 2021a). In the absence of explicit rights and remedies in the 2008 Consumer Credit Directive, for example, in some legal systems, the traditional divide between public and private law has created obstacles for consumers to invoke the standards laid down in this directive in private actions against financial institutions (Cherednychenko, 2021b, p. 163). In Germany, for instance, the creditor’s duty to assess the consumer’s creditworthiness was initially implemented in financial supervision legislation alone, which for a long time precluded consumers from invoking private law remedies in case of its violation (Rott, 2016, p. 191). Only the 2014 ruling of the CJEU in LCL Le Crédit Lyonnais SA v Fesih Kalhan (2014), in which the court explicitly stated that Article 8 of the 2008 Consumer Credit Directive “is intended to protect consumers against the risks of overindebtedness and bankruptcy” (para. 42), prompted a change in the German legislator’s approach and led to the insertion of detailed rules on the creditor’s duty to assess the consumer’s creditworthiness into the German Civil Code (§ 505a-§ 505e).

To remove such hurdles to private enforcement, the European Parliament suggested to provide consumers with private law remedies for violations of the new directive’s provisions on the creditworthiness assessment. According to the proposed rule, in case of breach of these provisions, consumers should “have access to proportionate and effective remedies including compensation for damage suffered” (European Parliament, 2021, p. 45). However, this rule did not make it into the final text of the revised directive. Like its predecessor, the New Consumer Credit Directive is silent on private law remedies, while at the same time, unlike its predecessor, explicitly providing for some administrative law tools, as discussed above. The ruling of the CJEU in LCL Le Crédit Lyonnais SA v Fesih Kalhan (2014) underscores the need for national private law remedies for breach of the creditor’s duty to assess the consumer’s creditworthiness even if this duty has only been transposed in national public law. But this decision does not ensure the existence of such remedies in case of breach of other provisions of the new directive. One may wonder, for example, whether the above mentioned general duty of care imposed on creditors and credit intermediaries will have any effects in national private law, as some legal systems, such as the Netherlands, implemented a similar obligation laid down in the Mortgage Credit Directive exclusively in financial supervision legislation (Implementatiewet richtlijn woningkredietovereenkomsten 2015, pp. 8, 20). In the absence of any explicit rules to this effect in the New Consumer Credit Directive, therefore, private law remedies for breach of the protections afforded by this directive may not always be available to consumers at national level. Moreover, where such remedies are available, they may vary considerably from one jurisdiction to another. The extent to which this aspect will be harmonized ultimately depends on the case law of the CJEU. The court has played a proactive role in ensuring the harmonization of private law remedies, such as the creditor’s forfeiture of entitlement to interest, under the 2008 Consumer Credit Directive, interpreting the directive in the light of the principles of effectiveness, proportionality, and dissuasiveness (e.g., LCL Le Crédit Lyonnais SA v Fesih Kalhan (2014), paras 48–55; Home Credit Slovakia a.s. v Klára Bíróová (2016), paras 60–73; OPR-Finance s.r.o. v GK (2020), para. 36; see Howells et al., 2019, p. 247; Steennot, 2020, p. 141; Van Schagen, 2023, p. 1206). The Luxembourg court could assume a similar role under the New Consumer Credit Directive.

Conclusion

To ensure responsible lending in the consumer credit markets, effective market regulation is needed. Widespread irresponsible lending across the EU, along with the growing digitalization of the marketplace, in the last decade or more has exposed serious limitations of the 2008 Consumer Credit Directive. Reflecting the information paradigm of consumer protection, this EU measure proved unable to prevent the mass mis-selling of high-cost credit products, such as payday loans, or credit-related products, such as PPI, to consumers in one former and many current EU Member States. Neither did it prove well-equipped to respond to the new challenges posed by technology-enabled innovations, such as the rise of BNPL and P2PL.

To remedy the shortcomings of the current regulatory regime, the New Consumer Credit Directive introduces a number of important changes thereto. The key novelties include a broader scope of the directive’s application which encompasses, among others, small value loans below EUR 200 and the BNPL offered by creditors and credit intermediaries; adapted rules to facilitate informed consumer decision-making in the digital marketplace, including the creditor’s duty to inform consumers about personalized pricing as well as the bans on pre-ticked boxes and unsolicited sales; the general prohibition of tying practices; stricter rules on the consumer’s creditworthiness assessment, notably the creditor’s duty to carry out a borrower-focused test and refuse credit to uncreditworthy consumers as well as the consumer’s right to human intervention; measures to prevent excessively high borrowing rates, annual percentage rates of charge or total costs of credit as well as caps on certain default charges; the creditor and the credit intermediary’s general duty of care, which, among others, encompasses consumer credit product design and remuneration policies; and the creditor’s obligation to take reasonable forbearance measures before enforcement proceedings are initiated.

Unlike the 2008 Consumer Credit Directive, the new directive thus regulates the whole life cycle of consumer credit products from development through distribution until repayment, albeit to a varying degree. While the core of the directive is still concerned with the distribution phase, new rules, such as the general duty of care and the duty to exercise reasonable forbearance, also touch upon product development and repayment post-sale. Furthermore, the revised regulatory regime is no longer dominated by the information paradigm. Importantly, information requirements are complemented by substantive safeguards against irresponsible lending, such as the creditor’s duty to conduct a borrower-focused creditworthiness assessment and refuse credit in the case of a negative outcome, the general ban on tying practices, and measures to prevent usury, reflecting the recommendations to the European Parliament and the European Commission put forward in my previous work (Cherednychenko, 2018; Cherednychenko & Meindertsma, 2018, 2019). The adoption of these safeguards, together with the broadening of the directive’s scope of application, represents a major step forward in combating irresponsible lending practices and protecting European consumers against overindebtedness in the digital age. The regulatory regime for unsecured consumer credit is now also in line with the one for mortgage credit.

At the same time, however, the effectiveness of the New Consumer Credit Directive in ensuring responsible lending will depend to a considerable extent on its implementation and enforcement in the Member States. While tightening the regulatory grip on the consumer credit markets, it does not cover, for instance, the provision of BNPL by the suppliers of goods and services and direct P2PL. Additional measures at EU or national level may be needed to fill these gaps. Moreover, the new directive leaves considerable leeway for national legislators, administrative agencies and lenders in fleshing out the harmonized standards with more details. A particularly broad leeway is available with respect to product governance, measures to prevent usury, and reasonable forbearance measures. Some room for manoeuvre also remains with respect to the consumer’s creditworthiness assessment. The EBA could play an important role in monitoring the implementation of the respective provisions in national legal systems and clarifying the meaning of the open-ended concepts contained therein. In addition, Member States may derogate from the general prohibition of tying practices to allow lenders to make the provision of consumer credit conditional on the purchase of an insurance policy. In the absence of a European duty on the part of lenders to ensure the basic suitability of credit-related products for consumer borrowers, this tying practice could lead to consumer detriment. To protect consumers against irresponsible product tying, therefore, those Member States that make use of the derogation at issue could impose a duty on the creditor to ensure the basic suitability of the insurance policy tied to the consumer credit product. Last but not least, the enforcement of the new directive remains largely unharmonized. While containing few new rules on administrative penalties, the directive is silent on private law remedies. How effectively the revised rules will be enforced, therefore, largely depends on national administrative agencies, administrative courts, and private law courts. Judicial activism of the CJEU could ensure greater harmonization of administrative sanctions and private law remedies for breach of the revised directive.

In a nutshell, the New Consumer Credit Directive is on the road to responsible lending in the digital marketplace, but the road ahead remains bumpy.