The payment services market has changed a lot in recent years due to the increase in electronic payments in the European Union (EU) and the entry of new providers into the market, thanks to digital technologies. In 2015, with the second Payment Services Directive (PSD2), Open Banking was introduced in the EU. In June 2023 the European Commission (EC) published a package revising PSD2 (PSD3) and introducing a new Regulation on a Framework for Access to Financial Data (FIDA). This regulation introduces "Open Finance" by broadening the scope of customer data that can be shared and opening the door to new types of business models in financial institutions.

FIDA - Regulation on access to financial data

Watch video

Executive summary

The EC has published a legislative proposal to regulate access to and use of customer data held by entities in the financial sector. This proposal aims to establish clear rights and obligations for managing the exchange of customer data in the financial sector, beyond payment accounts.

Main Content

This Technical Note provides the main measures contained in the Regulation to achieve the following objectives:

  • Access to customer data held by financial institutions. An obligation is introduced to ensure that data are used only for the purposes and under the conditions agreed by the customer. In addition, a data user may only access customer data if it is a financial institution, or if it has been authorised as a provider of financial information services.
  • Responsible data use. Data holders should provide customers with a permission dashboard so that they can monitor and manage the permissions they have granted to data users.
  • Financial data exchange systems. Data holders, data users and customer associations and organisations shall become members of a financial data sharing scheme regulating access to customer data. Such exchange systems shall include, inter alia, applicable rules including those on membership and  transparency, as well as a mechanism through which to amend such rules.
  • Requirements for data access and organisation. A financial information service provider may only access customer data if it is authorised to do so by the Competent Authority (CA) of a Member State, and must submit to the CA an application for authorisation including: a programme of operations and a business plan.

Download the technical note on Financial Data Access Framework Regulation (FIDA).