All Posts

Mon, 16 Jun 2025

The UK's new Data Act is a £10 billion bet on open data

Last week the UK Parliament gave final approval to the Data (Use and Access) Bill, which is now set to receive Royal Assent and become law. The Data Bill reforms the existing UK General Data Protection Regulation (GDPR) and the Privacy and Electronic Communications Regulations (PECR), completing a legislative journey that began in late 2024. The new law will unlock "Smart Data" powers across the UK economy and, crucially, provide the legal scaffolding to move beyond open banking into full-scale open finance.

From niche to ubiquitous data-sharing

Open banking proved that letting people share payments and account information securely can spark whole new business models; more than ten million Britons now rely on it each month. The Data Act carries that logic across the entire economy: energy usage, mobile bills, pension pots, insurance policies and more can now flow to any authorised third party with a single click.

Smart Data schemes sit at the heart of that expansion. The Act empowers the Science and Technology Secretary and HM Treasury to create sector-specific regulations that spell out who must provide which datasets, through what secure APIs and under what access safeguards. In practice, GDPR’s download-your-data right becomes a live, direct-to-third-party pipeline, laying the rails for an open data marketplace where consumers and businesses can share information and unlock personalised services.

£10 billion of growth on the table

Government impact assessments project that easier data portability could add roughly £10 billion to GDP over the next decade. The Act’s Smart Data clauses empower ministers and the Treasury to roll out new schemes sector by sector, mandating secure, standardised APIs so information can flow just as freely as money now does under open banking.

Everyday gains from Smart Data

Smart Data isn’t just policy jargon, it’s the plumbing for everyday conveniences that save time, money and frustration. Once your data can move safely on your consent, everyday tasks from checking balances to switching providers become as seamless as tapping a screen. For example:

  • Personalised dashboards – A single app could show your current account, pension forecast, energy contract end-date and mobile data allowance side by side.
  • Seamless switching – Providers will be able to cancel an old service and sign you up to a cheaper one without the paperwork.
  • Richer underwriting – Lenders and insurers can request real-time data (with your consent) to tailor products and include those previously excluded from mainstream finance.
  • Instant identity & income verification – User-permissioned data streams from banking and telecom APIs let insurers, lenders and gig-economy platforms confirm who you are and what you earn in real time, enhancing onboarding while combating fraud.

How does it compare with Australia’s Consumer Data Right?

Australia’s Consumer Data Right (CDR), launched in 2020, offers a proven blueprint for phased, economy-wide data portability. Banking was first, energy followed in 2022, and rules to include non-bank lenders and BNPL providers were finalised in March 2025. Early CDR adopters have already used open-banking feeds to power budgeting tools and streamline mortgage assessments, while energy innovators are leveraging real-time consumption data to deliver usage-based insights and personalised recommendations. The UK’s Act now benefits from five years of CDR learnings, including the value of clear value propositions and collaborative standard-setting - positioning both jurisdictions to lead the charge in seamless, cross-sector data sharing.

Governance and trust will decide success

Regulators, industry participants and consumer groups must now convert the Act into concrete technical standards, clear liability frameworks and user-friendly redress mechanisms so data portability feels as safe and intuitive as online banking.

Key challenges include:

  • Security & privacy – Robust authentication and consumer-orientated consent flows are essential to avoid breaches or screen-scraping work-arounds.
  • Interoperability – APIs and data fields should be harmonised across energy, telecoms and financial services to prevent fragmentation.
  • Digital literacy – Consumer education is key for understanding both the value and the risks of sharing granular personal data.
  • Regulatory coordination – Sector regulators must sync their oversight to plug any gaps while avoiding layers of prescriptive rules that could stifle innovation.

Where Fiskil fits in

Fiskil’s managed data-holder infrastructure, alongside our battle-tested Banking and Energy APIs, takes the heavy lifting out of compliance. We map evolving UK Smart Data standards to a single, scalable platform, handle consent and identity flows end-to-end, and provide out-of-the-box observability so you can demonstrate timely regulatory assurance. Whether you’re a bank expanding open data sets, a telco gearing up for mandated data sharing, or a fintech orchestrating multi-sector data, Fiskil keeps you on spec while you focus on shipping new innovative products and features.

What happens next?

Royal Assent is expected within weeks, at which point the Bill will become the Data (Use and Access) Act 2025. Officials will then consult on the first wave of Smart Data schemes, likely energy and telecoms, while the Joint Regulatory Oversight Committee refines the roadmap for open finance. Forward-looking firms should start mapping where new data feeds could transform onboarding, underwriting or customer engagement.

Posted by

Coco Armstrong

Coco Armstrong

Share this post