All Posts

Open Finance

PSD2 Was Just the Beginning: How FIDA Expands Open Banking to All of Finance

PSD2 opened payment accounts. FIDA opens everything else — mortgages, insurance, pensions, investments, and crypto. Here's how European open finance is evolving.

PSD2 arrived in 2018 with a bold promise: your bank data belongs to you, and you should be able to share it with whoever you choose.

Seven years later, 15 million people in the UK alone use open banking services. Account aggregation apps pull data from dozens of banks. Lenders verify income instantly instead of asking for three months of PDF statements. Payment initiation lets you pay merchants directly from your bank account.

But here's the thing PSD2 never touched: everything else.

Your mortgage sits in one system. Your car insurance in another. Your workplace pension is managed by a provider you barely remember signing up with. Your investment ISA has its own app, its own login, its own data format. And your savings accounts — plural, because you've opened three across different providers chasing the best rates — each live in their own walled garden.

PSD2 gave you visibility into your current account. FIDA gives you visibility into your entire financial life.

From Open Banking to Open Finance

The progression makes sense once you see it. Open banking was always phase one. The EU's roadmap was always broader.

PSD2 covered payment accounts — current accounts, e-money accounts, payment transactions. It proved the model works. Third parties can access bank data securely. Customers benefit from competition and innovation. The financial system doesn't collapse.

FIDA takes that proven model and applies it to the rest of the financial ecosystem:

  • Mortgages and loans — agreement terms, balances, repayment schedules
  • Savings products — balances, interest rates, terms
  • Investments — holdings, transactions, portfolio data
  • Non-life insurance — motor, home, travel, liability policies
  • Pensions — occupational and personal pension products
  • Crypto assets — holdings under MiCA-licensed providers
  • Creditworthiness data — information collected during loan applications

Every one of these categories is currently siloed. FIDA breaks down the walls.

What FIDA Learned from PSD2's Mistakes

PSD2 wasn't perfect. The implementation was messy. Each EU member state did it differently. API standards varied wildly. Banks built the minimum viable interface — technically compliant but practically frustrating. Screen scraping persisted because the official APIs were unreliable.

FIDA is designed to avoid repeating those problems.

Standardisation through schemes. Instead of letting each member state and each institution interpret the rules independently, FIDA creates Financial Data Sharing Schemes (FDSS) — industry-led bodies that define common API standards, security requirements, and data formats. Everyone in a scheme uses the same technical framework. This should prevent the API fragmentation that plagued PSD2.

Compensation changes the incentive. Under PSD2, banks had to provide data for free. The predictable result: they invested the bare minimum in API quality. Under FIDA, data holders can charge a reasonable fee. When sharing data generates revenue, the incentive to build reliable, high-quality APIs improves dramatically.

Customer dashboards are mandatory. PSD2 had consent, but it was often buried in terms and conditions. FIDA requires every data holder to give customers a real-time dashboard showing exactly who has access to their data, what data is being shared, and a one-click revocation option. Transparency isn't optional.

A single regulation, not a directive. PSD2 was a directive — each country transposed it into national law, creating 27 variations. FIDA is a regulation — it applies directly and uniformly across all EU member states. One set of rules, one compliance standard.

Why This Time Is Different for Financial Institutions

When PSD2 arrived, banks were the only ones affected. They grumbled, built APIs, and moved on.

FIDA pulls in institutions that have never dealt with open data before.

Insurance companies will need to share policy data, claims history, and risk assessments through standardised APIs. Most insurers don't have API infrastructure for external data sharing. Their systems were built for internal processing, not real-time third-party access.

Pension funds will need to share contribution data, projected benefits, and investment allocations. Many pension providers still rely on annual paper statements. Real-time API access to pension data is a significant technical leap.

Investment firms and asset managers will need to share portfolio holdings, transaction history, and performance data. While some wealth management platforms offer client portals, standardised API access for authorised third parties is new territory.

Crypto providers already operating under MiCA will add FIDA data-sharing obligations on top of their existing regulatory requirements.

For banks, FIDA is an extension of what they've already done. For everyone else, it's a first encounter with mandated data sharing.

What This Means for Consumers

The practical implications are significant:

Financial advice gets smarter. A robo-advisor or financial planner that can see your complete picture — savings, investments, pensions, insurance, debts — can give you genuinely useful recommendations. Today, they're working with fragments.

Switching gets easier. Want to compare mortgage rates? Instead of filling out 15-page applications at each lender, your actual financial data travels with you. The same applies to insurance, savings, and investments.

Pension tracking becomes possible. The average European worker changes jobs multiple times across their career, accumulating pension pots with different providers in different countries. FIDA makes it possible to aggregate all of these into a single view.

Insurance pricing gets fairer. Customers can share their actual driving data, claims history, or property details with any insurer — not just the one that already holds their policy. More data means more accurate pricing and more competition.

The Opportunity for Data Infrastructure

PSD2 created an entire industry of open banking middleware — companies like Plaid, TrueLayer, Yapily, and Tink that sit between banks and third parties, handling the API complexity.

FIDA will create a similar need, but at a much larger scale. The number of data holders is larger. The data types are more complex. The consent requirements are more granular. And the institutions that need to comply — insurers, pension funds, investment firms — generally have less modern API infrastructure than banks do.

This creates demand for platforms that can handle:

  • Standardised API infrastructure across multiple financial product categories
  • Consent management that meets FIDA's dashboard and revocation requirements
  • Data format standardisation (ISO 20022 and FDSS-defined formats)
  • Third-party authentication and FISP verification
  • Audit logging for regulatory compliance
  • DORA-compliant security and operational resilience

The institutions that already have this infrastructure — because they built it for PSD2 or other open banking regimes — have a head start. Everyone else is looking at a substantial build-or-buy decision.

Where Things Stand Now

FIDA is in trilogue — the final negotiation stage between the EU's three legislative institutions. A political agreement is expected in the first half of 2026. After that, formal adoption, publication, and an implementation period of 18-30 months (still being debated).

The regulation isn't final, but the direction is certain. All three institutions support the principle. The debate is about implementation details — how fast, how broad, what exemptions.

For financial institutions, 2026 is the preparation year. The ones that start assessing their data architecture, API capabilities, and consent management needs now will be ready when the compliance clock starts. The ones that wait for the final text will be scrambling.

PSD2 was the proof of concept. FIDA is the full rollout.

Fiskil helps financial institutions build the data-sharing infrastructure that open finance regulations require — from API management to consent flows to audit logging. See how our Data Provider platform works.

Related articles

The EU Data Act Is Already in Effect: What Companies Need to Do Now

The EU Data Act Is Already in Effect: What Companies Need to Do Now

The EU Data Act's main obligations are already enforceable. What companies with connected products need to do now to comply and avoid penalties.

EU Data Act for Connected Product Manufacturers: What You Need to Share and How

EU Data Act for Connected Product Manufacturers: What You Need to Share and How

What the EU Data Act requires connected product manufacturers to do. Covers data-sharing obligations, technical requirements, and implementation options.

EU Data Act for Automotive: What OEMs Need to Know About Connected Vehicle Data

EU Data Act for Automotive: What OEMs Need to Know About Connected Vehicle Data

How the EU Data Act affects automotive OEMs and fleet operators. Covers vehicle data obligations, telematics sharing, and compliance requirements.