We are a regulated financial institution and Apple Pay issuer seeking clarification on the in-app push provisioning requirement and the January 15, 2026 timeline.
Like many community financial institutions:
Our mobile banking app is issuer-branded but provided by a third-party vendor
Apple Pay enablement and tokenization are handled by a separate card processor
While we support Apple’s goals and understand the issuer is ultimately responsible, delivery of in-app provisioning is dependent on third-party vendor roadmaps and cross-vendor integrations that are outside our direct control. Despite active, good-faith efforts with both vendors, current platform constraints make the January 15, 2026 deadline challenging.
We would appreciate clarification on:
How Apple evaluates compliance when an issuer’s mobile app is built and maintained by a third party
Whether any transitional flexibility or phased enforcement is expected for issuers showing documented progress
Whether approved web-based provisioning may be acceptable as an interim option
How issuers should document due diligence when vendor dependencies delay implementation
Additional guidance would help many credit unions and community banks plan appropriately and remain compliant.
Thank you for your guidance.