Open Finance
What Is FIDA? Europe's Open Finance Regulation, Explained
FIDA will require banks, insurers, and pension funds across the EU to share customer financial data through standardised APIs. Here's what it means and why it matters.
Remember when PSD2 forced European banks to open up payment account data? That was 2018. It created an entire industry — account aggregation, payment initiation, open banking platforms. But it only covered one sliver of your financial life: your payment accounts.
Your mortgage? Off limits. Your car insurance? Locked away. Your pension? Good luck getting that data out. Your investment portfolio? Ask your advisor to email you a PDF.
FIDA changes all of that.
FIDA in 60 Seconds
FIDA — the Financial Data Access regulation — is the EU's framework for open finance. It requires financial institutions across the EU to share customer data with authorised third parties, through standardised APIs, when the customer gives consent.
The scope is broad. We're talking about mortgages, savings accounts, loans, investments, non-life insurance, pensions, and even crypto holdings. Every major financial product category except payment accounts (still covered by PSD2 and the upcoming PSD3/PSR).
The European Commission proposed it in June 2023. As of early 2026, the three EU institutions — Parliament, Council, and Commission — are negotiating the final text. A political agreement is expected in the first half of 2026, with compliance obligations likely starting around 2028-2029.
What Does FIDA Actually Require?
Three things, fundamentally:
1. Data holders must share data when customers say so. Banks, insurers, investment firms, pension providers, and crypto-asset service providers will need to provide customer data through standardised APIs. In real time. 24/7. In machine-readable formats.
2. A new type of regulated entity emerges. Financial Information Service Providers (FISPs) are a new category under FIDA. They'll need authorisation from a national regulator to access financial data on behalf of customers. Existing open banking providers (AISPs under PSD2) get a simplified licensing path.
3. Customers get a dashboard. Every data holder must give customers a real-time view of who has access to their data, what data is being shared, and the ability to revoke access instantly.
How Is This Different from PSD2?
PSD2 opened one door. FIDA opens the whole building.
| PSD2 / PSD3 | FIDA | |
|---|---|---|
| Scope | Payment accounts | Mortgages, loans, savings, investments, insurance, pensions, crypto |
| Who shares data | Banks (payment accounts) | Banks, insurers, investment firms, pension funds, crypto providers |
| Compensation | Free — data holders cannot charge | Reasonable compensation allowed |
| Third-party licensing | AISP / PISP | FISP (new category) |
| Authentication | Strong Customer Authentication | SCA (EU Digital Identity Wallet expected as future authentication method) |
That compensation model is a significant shift. Under PSD2, banks had to hand over data for free, which created friction — banks had little incentive to build high-quality APIs. Under FIDA, data holders can charge a reasonable fee. This creates a different dynamic: data sharing becomes a potential revenue line, not just a compliance cost.
Who Is Affected?
If you hold customer financial data in the EU, you're probably in scope. Specifically:
- Banks and credit institutions — for savings, loans, mortgages (payment account data stays under PSD3)
- Insurance companies — non-life insurance products (health and sickness insurance are excluded)
- Investment firms and asset managers — investment accounts and portfolio data
- Pension funds — occupational pensions and personal pension products
- Crypto-asset service providers — crypto holdings under MiCA licensing
- Credit rating agencies — creditworthiness data collected during loan applications
That's a lot of institutions that have never had to build data-sharing infrastructure before. Banks at least went through PSD2. Insurers, pension funds, and investment firms are starting from zero.
What Data Gets Shared?
The data categories are wide but bounded:
- Mortgage credit agreements
- Loans and credit accounts (excluding payment accounts)
- Savings products
- Investment holdings and transactions
- Insurance-based investment products
- Non-life insurance policies
- Occupational and personal pension products
- Crypto-asset holdings
- Creditworthiness assessment data
Under current proposals, transaction data going back up to 10 years would be in scope, along with current contract information. There is broad consensus that terminated contracts would be excluded, though exceptions are still being debated.
And there are important carve-outs: life insurance is excluded (over concerns about financial exclusion), as is health and sickness insurance data.
Financial Data Sharing Schemes
Here's where FIDA gets interesting. Unlike PSD2 — where each country implemented things differently, leading to fragmented API standards across Europe — FIDA introduces Financial Data Sharing Schemes (FDSS).
These are industry-led bodies that define the technical standards, security requirements, compensation methodology, and liability rules for data sharing. Every data holder and every FISP must participate in at least one.
Think of them as the rulemaking bodies that sit between the regulation and the implementation. They'll determine what the APIs actually look like, how compensation gets calculated, and how disputes get resolved.
For institutions with a long-term view, 2026-2027 is the window to help shape these schemes. Once the standards are set, everyone else has to follow them.
The Timeline
FIDA isn't law yet. Here's where things stand:
| Milestone | When |
|---|---|
| Commission proposal | June 2023 (done) |
| Council general approach | December 2024 (done) |
| Trilogue negotiations | Ongoing (started mid-2025) |
| Political agreement | Expected H1 2026 |
| Formal adoption and publication | Expected late 2026 |
| First compliance obligations | ~2028-2029 |
| Full compliance | ~2029-2030 |
The implementation timeline is one of the most contested items in trilogue. The Commission wants 18 months. France and Germany are pushing for 24-30 months. The Parliament has discussed phased rollouts of 2-4 years depending on the data category.
Whatever the final number, financial institutions should be planning for 2028 as the earliest date when real obligations kick in.
The Big Tech Question
One of the more politically charged aspects of FIDA is the proposed exclusion of "gatekeeper" companies — companies designated as gatekeepers under the Digital Markets Act (currently Alphabet, Amazon, Apple, ByteDance, Meta, and Microsoft) — from obtaining FISP licences. Germany and other member states argue that allowing Big Tech access to European financial data creates systemic risk and competitive imbalance.
This is still being debated. The Centre for Data Innovation has argued the exclusion is counterproductive. But the political momentum favours keeping it.
For financial institutions, the practical implication is clear: Big Tech won't be competing for your customers' data under FIDA. The competitive landscape will be shaped by specialised fintechs, existing open banking providers, and new FISPs.
What About Costs?
Industry estimates put FIDA compliance costs at up to three times what PSD2 cost. The scope is far broader — more product categories, more data types, more institutions, more complex consent requirements.
The Commission's non-paper from May 2025 tried to reduce this burden by narrowing the scope to individuals and SMEs only (excluding companies with over EUR 50 million in annual turnover). That's estimated to save around EUR 370 million for investment firms alone.
Still, for a mid-size European insurer or pension fund that has never built API infrastructure, the implementation cost is significant. Most will face a build-vs-buy decision — and for many, partnering with an established data-sharing platform will be faster and cheaper than building from scratch.
Why This Matters
FIDA is the regulatory engine behind European open finance. It takes the idea that started with PSD2 — your data, your choice — and extends it across your entire financial life.
For consumers, it means genuine financial data portability. Compare mortgage rates using your actual financial profile. Get insurance quotes based on real data, not estimates. Consolidate your pensions, investments, and savings into a single view.
For financial institutions, it means a fundamental shift in how data flows. Institutions that build high-quality data-sharing infrastructure early will be better positioned to attract customers, participate in new ecosystems, and generate revenue from data services. Those that treat FIDA as a compliance checkbox will spend more and gain less.
The regulation isn't final yet. But the direction is locked in. All three EU institutions support the framework. The question is when, not whether.
Fiskil provides open finance data-sharing infrastructure — APIs, consent management, and compliance tooling — used by financial institutions across multiple regulatory frameworks. Learn about our Data Provider platform.
