That is not true. Banks in the EU seem to vary a lot, as the definition of “strong” is not defined (plus many banks have not introduced it yet). Biometric is definitely not required. I use hw tokens but at least one of my banks is trying to move to weaker auth.

I didn't say biometric is required, I said it's normal to have 2fa with friction, an hardware token is just as much friction as TOTP or biometric.

I am surprised your bank is moving to a weaker auth, what does that mean?

I have 3 bank accounts in 2 countries and they all switched to biometric because it's just a simpler experience then the hardware token or "mobile token" they used before.