We are a regulated financial institution and Apple Pay issuer seeking clarification on the in-app push provisioning requirement and the January 15, 2026 timeline.
Like many community financial institutions:
Our mobile banking app is issuer-branded but provided by a third-party vendor
Apple Pay enablement and tokenization are handled by a separate card processor
While we support Apple’s goals and understand the issuer is ultimately responsible, delivery of in-app provisioning is dependent on third-party vendor roadmaps and cross-vendor integrations that are outside our direct control. Despite active, good-faith efforts with both vendors, current platform constraints make the January 15, 2026 deadline challenging.
We would appreciate clarification on:
How Apple evaluates compliance when an issuer’s mobile app is built and maintained by a third party
Whether any transitional flexibility or phased enforcement is expected for issuers showing documented progress
Whether approved web-based provisioning may be acceptable as an interim option
How issuers should document due diligence when vendor dependencies delay implementation
Additional guidance would help many credit unions and community banks plan appropriately and remain compliant.
Thank you for your guidance.
Hi @ICCU,
You wrote:
We are a regulated financial institution and Apple Pay issuer seeking clarification on the in-app push provisioning requirement and the January 15, 2026 timeline.
As a regulated financial institution and Apple Pay issuer, you are subject to specific legal and contractual obligations related to Apple Pay program requirements, including in-app push provisioning. These obligations may carry significant compliance, contractual, and regulatory implications.
I strongly advise you to contact your legal counsel to:
- Review your agreements with Apple, your card processor, and your third-party mobile banking vendor
- Understand your legal obligations and potential liability related to the January 15, 2026 deadline
- Assess your documentation and due diligence strategy in the event of a delayed implementation
- Determine whether interim solutions such as web-based provisioning satisfy your contractual requirements
- Evaluate any risk exposure arising from third-party vendor dependencies
Your legal team is best positioned to provide guidance tailored to your institution's specific contractual, regulatory, and compliance circumstances.
Cheers,
Paris X Pinkney | WWDR | DTS Engineer
