The Financial Data Access (FIDA) regulation, introduced by the European Commission in June 2023, is a landmark legislative proposal designed to modernize the EU’s financial sector for the digital age. The proposal aims to establish a clear and harmonized framework for access, sharing and use of customer data across a wide spectrum of financial services which goes beyond the payment account data access mandated by PSD2. Following the Council of the European Union’s political agreement on the FIDA regulation in December 2024, the proposal is now undergoing review by the European Parliament, with formal adoption expected in mid to late 2025. The most recent trilogue negotiations between the Council, Parliament and Commission took place in March 2025, marking a key step toward finalizing the regulation.
Hence, it is important to understand the implications of the FIDA for financial entities. In this article, we dig deeper into the main objectives, scope and implications of FIDA for financial entities. This article will also shed light on what financial entities can do to stay competitive in the changing regulatory environment.
Main objectives of FIDA
The FIDA regulation aims at facilitating safe, secure and efficient data sharing across various financial sectors, fostering the creation of innovative financial products and services. Secondly, FIDA is designed to provide individuals and businesses with greater control over their financial data. This ensures that they can easily grant, manage and revoke access to their data through standardized interfaces and dedicated permission dashboards. This means that customer data will become a portable asset co-owned by the customer rather than solely proprietary to the institution holding it. Thirdly, it introduces robust safeguards to protect data privacy, prevent the misuse of financial information and ensure the security of data sharing mechanisms.
Scope of FIDA
The scope of FIDA is considerably broader than previous open banking initiatives, encompassing a wide range of data types and financial entities. To give you an example, the following are list of data categories covered:
- mortgage credit agreements, loans and accounts;
- savings, investments in financial instruments, insurance-based investment products, crypto-assets, real estate and other related financial assets as well as the economic benefits derived from such assets;
- Pension rights in occupational pension schemes and Pan-European Personal Pension Products (PEPPs);
- Non-life insurance products (excluding sickness and health insurance products), including data collected for demands and needs tests and assessments of product appropriateness and suitability;
- Data forming part of a creditworthiness assessment of a firm which is collected during a loan application process or a request for a credit rating.
FIDA applies to a wide array of financial entities when acting as ”data holders” (entities that collect, store and process customer data) or ”data users” (entities that, with customer permission, lawfully access customer data). These include the following:
- credit institutions;
- payment institutions and e-money institutions;
- investment firms;
- crypto-asset service providers and issuers of asset-referenced tokens;
- managers of alternative investment funds (AIFMs);
- insurance and reinsurance undertakings, as well as insurance intermediaries;
- institutions for occupational retirement provision (IORPs);
- credit rating agencies;
- crowdfunding service providers;
- PEPP providers;
- a new category of regulated entities that are known as Financial Information Service Providers (FISPs).
Implications for financial entities
The FIDA regulation presents a paradigm shift for companies operating within the EU financial sector which imposes a range of new obligations while also unlocking significant strategic opportunities.
To begin with, data holders must, upon customer request, make specified customer data available to the customer directly and to authorized data users through API. For that reason, data holders must modernize their legacy systems, invest in API development and ensure data governance and quality. Moreover, the financial entities will need to adopt back-end systems that are capable of processing and delivering data instantaneously, verify the permission for data users and enhance their cybersecurity practices to protect them from data breaches. In addition to that they need to provide customers with a dedicated permission dashboard to view, manage and revoke data sharing permissions easily and at any time.
In terms of implications for data users, they are only allowed to access and process customer data only for the specific purposes for which the customer has granted explicit permission. This also includes not accessing more data than necessary for the consented purpose and delete customer data when it is no longer required for that purpose or if consent is withdrawn. This requirement largely aligns with the EU General Data Protection Regulation (GDPR). Hence, this obligation will necessitate sophisticated data lifecycle management systems and auditable deletion processes, presenting a notable operational complexity. Furthermore, data users must implement necessary technical and organizational measures to ensure an adequate level of security for storing, processing and transmitting customer data, adhering to regulations such as EU Digital Operational Resilience Act (DORA). More importantly, if the data users are not already regulated financial institution, then they must obtain authorization as a Financial Information Service Provider (FISP) to lawfully access data under FIDA.
Challenges
First of all, varying national interpretations or enforcement practices could lead to fragmentation, undermining the goal of a harmonized Open Finance ecosystem. Thus, effective EU-level oversight and coordination will be crucial to mitigate this risk and ensure that FIDA achieves its full potential.
Secondly, the financial investment required for FIDA compliance is considerable, with the European Commission estimates one-off implementation costs for the industry to be in the range of EUR 2.2 billion to EUR 2.4 billion, with recurring annual costs between EUR 147 million and EUR 465 million. For financial entities, particularly small to medium-sized ones or those heavily reliant on outdated legacy systems, these compliance costs can be daunting and may be perceived purely as a regulatory burden. Having said that FIDA also presents tremendous opportunities, including new revenue stream, charging for data users for data access, stronger systems and security, and better data management.
Finally, the potential involvement of BigTech companies such as Google, Amazon, Apple, Facebook and Microsoft, is significant. Due to their reach and cutting-edge technologies, they could rapidly scale innovative consumer services. Therefore, there is a concern regarding market distortion, data misuse and the potential for these giants to ”steal customers and business” from established financial players in the EU.
Opportunities
While FIDA imposes significant compliance burdens, it also unlocks a wealth of strategic opportunities for forward-thinking companies. Hence, to stay competitive in the changing regulatory landscape financial entities must act as early as possible.
First of all, financial entities need to assess current systems, processes, data governance frameworks, and technological capabilities against the detailed requirements of FIDA. Based on that they need to develop roadmaps that are agile and adaptable, allowing for adjustments as regulatory details become clearer. Secondly, financial need to address technical debt by upgrading or replacing outdated legacy systems that cannot support real-time data processing, API exposure, or modern security standards. Furthermore, they need to implement comprehensive data governance frameworks that define clear roles, responsibilities, policies, and procedures for managing financial data in compliance with FIDA. More importantly, companies need to proactively explore new and enhanced financial products and services that could reach broader customers’ segments. This also includes exploring potential partnerships with fintechs, other financial institutions, or even non-financial players to co-create value in the Open Finance ecosystem.
Final Remarks
FIDA represents a major shift in the EU financial landscape, expanding data access far beyond PSD2 and introducing both significant obligations and promising opportunities for financial entities. The regulation could be seen as a compliance burden, particularly in terms of technology upgrades, data governance, and cybersecurity, but it also enables financial entities to offer more innovative and customer-tailored services.
To remain competitive, financial entities must act now. This means, assess existing systems, address technical debt, implement robust governance frameworks and prepare for a future where customer-permissioned data sharing is the norm. Those who adapt early will not only meet regulatory expectations but also be well-positioned to lead in the evolving Open Finance ecosystem.
Reference:
European Commission (2023) Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on a framework for Financial Data Access and amending Regulations (EU) No 1093/2010, (EU) No 1094/2010, (EU) No 1095/2010 and (EU) 2022/2554. Available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A52023PC0360.
European Commission (2023) Framework for financial data access: What the EU is doing and why. Available at https://finance.ec.europa.eu/digital-finance/framework-financial-data-access_en.
European Commission (2023) COMMISSION STAFF WORKING DOCUMENT IMPACT ASSESSMENT REPORT Accompanying the document Proposal for a Regulation of the European Parliament and of the Council on a framework for Financial Data Access and amending Regulations (EU) No 1093/2010, (EU) No 1094/2010, (EU) No 1095/2010 and (EU) 2022/2554. Available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52023SC0224.
European Union (2022) Report on Open Finance. Available at https://finance.ec.europa.eu/publications/report-open-finance_en.
European Parliament (2025) Legislative proposal for a new open finance framework. Available at Carriages preview | Legislative Train Schedule.