It depends per bank; mine discontinued the paper OTP pad as well as the SMS codes, and gave me a separate 2FA device when I didn't want to use their app. I don't think banks can force you to have a smartphone yet.
Does nobody in the EU do computers ? How do they pass asinine laws like this ? I mean, from the outside, it always appears as though the EU is much better than the US when it comes to consumer rights, but it always feels like they don't have a very good grip on technology.
Where I live, the authentication systems implemented by banks are also used for verifying user identity to various other services, including governmental ones.
Basically, there's a common (government-backed) user identification system which hooks up to interfaces that banks provide. When you're logging in to an online service that requires strict identification of the user (such as ones that would require an official id document if done in person), you first pick the bank you're using, and the service forwards you to the bank's website. Once you log in with your bank credentials, the original requesting website gets informed that you've provided valid login information, and the identity that the login matches with.
I don't know the exact technical details of how that works, but essentially the bank also acts as a user identification service for various official and governmental online services. It's treated as similar to proving your identity with a document, or to signing a document with your signature.
I don't know if this is a common thing in other European countries, but if it is, that might be a reason why the EU has an interest in enforcing 2FA.
You're not strictly required to use a smartphone, as at least my bank has other means of 2FA that satisfy the regulatory requirements, but they are more cumbersome.
I don't think this was driven by law, but by an appropriate wish to increase transaction security (you really shouldn't use SMS for this anymore).
There are some rules here that are nonsense, such as know-your-customer laws that force me to enter my home address even when the product or service (say, a concert or train ticket) is delivered to me entirely electronically.
Most of the move to purely electronic payment is driven by the market and the large banks; e.g. in the Netherlands we actually never had laws that force shops to accept cash as payment.
I agree that you shouldn't use SMS. My point was that unless the law (if there is one), requires that 2FA be enabled in an accessible way, the banks will do their own thing with the phone push notification system. The 2FA situation is quite bad in the US too, but a small no. of banks do offer TOTP.
FYI in New Zealand a few banks can provide a device (e.g. RSA SecurID) for proper non-bank 2 factor auth with consumer accounts. However some major banks only use phones for 2FA (app or SMS).
The norms seem to vary considerably depending on country.
They can and do. There are a number of banks where you have absolutely no choice.