The European Union is preparing a major shift that could reshape the financial market. The new Financial Data Access Framework (FiDA) regulation aims to make information sharing across the financial sector safer and more efficient, while also supporting the growth of fintech companies. What will this mean in practice? Specifically, the EU hopes the regulation will pave the way for personalised financial advice and new financial management applications. The regulation is expected to be adopted in 2025, with the first stage of implementation beginning in 2027.
A new concept for sharing financial data
The Open Finance concept introduced by the FiDA Regulation builds on the Open Banking model established by the Payment Services Directive (PSD2). Under this framework, specially licensed entities can access information about customers’ payment accounts directly from banks and payment institutions. This allows them not only to view account activity but also to initiate payments on behalf of the customer. All of this can be done without using a traditional banking application.
However, the new data-sharing framework will also extend to other financial products – such as credits, savings accounts, investments, insurance, and private pension insurance products. Imagine being able to check the status of all your finances through a single app, without needing to log in to each service separately. This gives customers the ability to securely and easily share a comprehensive overview of their finances with third parties, enabling access to a much broader range of services.
Open Finance and its key players
The FiDA Regulation identifies several types of actors that play a central role in Open Finance:
1. Data holders
These are entities that hold and manage customers’ financial data – typically banks, insurance companies, management companies, or pension funds. Their role is to make this data available to data users (e.g. fintechs), provided the customer grants explicit consent.
2. Data users
These are entities that access customer financial data in order to provide financial services. Under the FiDA Regulation, data users include credit institutions, payment institutions, investment firms, crypto-asset service providers, and insurance companies. The regulation also introduces a completely new subcategory of data users – the so-called Financial Information Service Providers (FISPs).
Financial Information Service Providers (FISPs)
In practice, these are typically fintech companies, technology firms, or other entities that, with the customer’s consent, gain access to their financial data and offer various innovative services based on it – for example, personal finance management apps, automated financial advice, product comparison tools, or account aggregation services.
To operate as a FISP, an entity must meet several requirements stipulated in the FiDA Regulation, including the following:
a) obtaining authorisation from the regulator (most likely the Czech National Bank in the Czech Republic) to provide FISP services under the rules set out in the FiDA Regulation;
b) obtaining explicit consent from the customer to process and use their data;
c) ensuring a high level of security and protection of personal data;
d) maintaining transparency with customers regarding what data will be used and for what purpose.
3. Customers
These are natural or legal persons whose data will be shared. They will have full control over who can access their data and for what purpose.
Financial Data Sharing Schemes
The FiDA Regulation introduces a new concept – the Financial Data Sharing Scheme (FDSS) – which will unify the rules for handling data across the financial sector. Data holders will be required to make data available to data users through a secure API, subject to customer consent. The financial regulator (likely the CNB) will oversee these schemes and enforce mandatory membership. Data holders will be responsible for securely disclosing the data, while data users will be accountable for its further processing.
Data holders and data users will be required to join at least one such scheme within 18 months of the FiDA Regulation coming into force, which is expected to happen by the end of 2025 at the earliest. Membership will be open, and entities will be allowed to join multiple schemes simultaneously. Data holders will also be entitled to receive compensation from data users for providing access to their data.
Permission dashboard – A digital overview of who has access to your data
One of the key new features will be the obligation for data holders to provide each customer with a permission dashboard – an overview of all permissions granted for access to their financial data.
In practice, a permission dashboard will function as an online interface where customers can easily see which applications and services have access to their financial data.
The permission dashboard will allow:
- An overview of all granted consents – Customers will have a centralised list of all entities they have authorised to access their data.
- Easy consent management – Access can be removed, modified, or extended at any time with a simple click.
- Change notifications – The dashboard will notify customers, for example, when their consent is about to expire or when new access is requested.
- Control over the scope of data shared – Customers will be able to choose whether to share only basic information or also detailed transaction history.
Implementation stages
The exact date the FiDA Regulation will come into force has not yet been determined, but its adoption is not expected before the end of 2025.
Stage 1 – Within 24 months of the Regulation’s entry into force, data on consumer credit agreements, savings accounts, and motor insurance must be made available.
Stage 2 – Within 36 months, the disclosure obligation will extend to data on residential mortgage loans, investments in financial instruments, crypto-assets, and personal pension products.
Stage 3 – Within 48 months, data on credit ratings, non-life insurance, insurance-based investment products, and insurance-tied private pension products must also be made available.
FDSS requirements must be fulfilled 6 months before the end of each implementation stage (i.e. within 18, 30, and 42 months, respectively).
Practical market implications of the FiDA
The FiDA Regulation is expected to bring a range of new opportunities. Those who prepare in advance will be best positioned to benefit from this change. What exactly will it mean for you – and what will banks, fintechs, and other financial market players gain from it?
- Developing new services – Open access to data will enable the creation of innovative products, such as personalised financial advice or smart money management apps.
- Easier market entry and more competition – Fintech companies will gain access to data that was once the exclusive domain of large banks. This will foster greater competition and open the door to new ideas.
- Improved customer experience – With increased transparency and simple consent management, firms will be able to offer customers more convenience and enhanced security.
- Partner ecosystems – The FiDA Regulation will encourage collaboration between traditional banks and fintechs, enabling them to build comprehensive solutions that would be difficult to develop independently.
