Financial Data Access Regulation (FiDA)
AI-assisted content notice: this page includes AI-assisted summaries, FAQs, and glossary entries prepared for navigation purposes. Verify the underlying legal text before relying on this content.
Summary
The Financial Data Access proposal (FiDA) would establish an EU framework for access to and sharing of customer data held by financial institutions, extending data-sharing beyond payment accounts (open banking) to a broader range of financial products (open finance). It sets rules on who must make data available, who may access it, and under what conditions, including customer permission and safeguards. It also foresees governance arrangements and standardisation to enable secure, interoperable data sharing in the EU financial sector.
Who is affected?
Financial institutions and other data holders (e.g., banks, insurers, investment firms and other financial service providers) that hold customer data would have obligations to make data available upon customer request. Regulated third-party data users (e.g., fintechs and other authorised financial service providers) and customers (consumers and businesses) would be affected through new rights, access conditions and compliance requirements.
Scope
EU rules for customer-permissioned access to and sharing of financial customer data across multiple financial sectors (open finance), including governance, security and interoperability requirements.
Key Points
- Extends EU data-sharing rules from open banking to broader “open finance” datasets and products.
- Requires designated financial data holders to provide access to customer data to authorised data users when the customer permits it.
- Sets conditions for access, including customer permission management, security, and liability/safeguards against misuse.
- Provides for governance and standardisation mechanisms (e.g., common data formats/APIs via schemes) to ensure interoperability.
- Aims to increase competition and innovation in financial services while protecting consumers and business customers.
Key Deadlines
- — Commission proposal published
Related Regulations
Frequently Asked Questions
Who must comply with the Financial Data Access Regulation (FiDA)?
Financial institutions and other data holders, such as banks, insurers, investment firms, and other financial service providers that hold customer data, must comply with FiDA. Regulated third-party data users, including fintechs and other authorised financial service providers, are also subject to specific obligations and requirements.
What is the main scope of FiDA?
FiDA covers customer-permissioned access to and sharing of financial customer data across multiple financial sectors, not just payment accounts. It establishes rules for governance, security, and interoperability to facilitate open finance throughout the EU.
What are the key obligations for data holders under FiDA?
Data holders must provide access to customer data to authorised data users when the customer has given explicit permission. They are also required to implement safeguards, manage customer permissions securely, and ensure compliance with standardisation and interoperability requirements.
Who can access financial data under FiDA?
Authorised third-party data users, such as regulated fintechs and financial service providers, can access customer data, but only with the customer’s explicit consent. Customers themselves (consumers and businesses) also gain new rights to access and control their financial data.
What are the penalties for non-compliance with FiDA?
While specific penalties will be detailed in the final regulation, non-compliance is expected to result in administrative fines and possible restrictions on data access rights. National competent authorities will be responsible for enforcement.
How does FiDA interact with existing EU regulations like PSD2 and GDPR?
FiDA builds on the open banking framework established by PSD2, extending data-sharing to a wider range of financial products. It complements GDPR by requiring customer consent and implementing data protection safeguards, but introduces sector-specific rules for financial data sharing.
What practical steps should financial institutions take to comply with FiDA?
Institutions should review and update their data management systems to support secure, permissioned data sharing. They must also implement standardised APIs, establish robust customer consent mechanisms, and participate in relevant governance schemes.
What is the timeline for FiDA’s implementation?
As FiDA is still a proposal, the exact timeline is not yet fixed. Once adopted, there will likely be a transitional period for financial institutions and data users to achieve compliance, with detailed deadlines specified in the final regulation.
What governance arrangements does FiDA foresee?
FiDA anticipates the creation of governance schemes to oversee standardisation, interoperability, and compliance among participants. These schemes will define common technical standards and procedures for secure data sharing.
How does FiDA aim to protect customers?
FiDA requires explicit customer permission for data sharing, mandates strong security and liability provisions, and establishes safeguards against misuse of data. It also gives customers greater control and transparency over how their financial data is accessed and used.
Key Terms
- Open Finance
- A framework that extends data-sharing beyond payment accounts to a broader range of financial products and services, enabling customer-permissioned access across the financial sector.
- Data Holder
- A financial institution or service provider that possesses and manages customer financial data and is required to make it available to authorised data users under certain conditions.
- Authorised Data User
- A regulated third-party, such as a fintech or financial service provider, that is permitted to access customer financial data with the customer’s explicit consent.
- Customer Permission Management
- Processes and systems for obtaining, recording, and managing explicit consent from customers for sharing their financial data with third parties.
- Standardised APIs
- Application Programming Interfaces developed according to common technical standards to facilitate secure and interoperable data sharing between financial institutions and authorised data users.
- Interoperability Requirements
- Technical and operational standards ensuring that different financial institutions and data users can securely and efficiently exchange data across the EU.
- Governance Scheme
- A formal arrangement or body responsible for overseeing the implementation of standardisation, interoperability, and compliance with FiDA requirements.
- Data Access Right
- The legal entitlement of customers to direct their financial institutions to share their financial data with authorised third parties.
- Safeguards Against Misuse
- Legal and technical measures designed to prevent unauthorised access, use, or abuse of customer financial data shared under FiDA.
- Liability Provisions
- Rules specifying the responsibilities and potential consequences for parties involved in data sharing, particularly in cases of data breaches or misuse.