EU parliament adopts proposal that modifies financial data access regulation


On 18 April 2024, the European parliament adopted a proposal for a regulation on harmonised framework for access to financial data – the Financial Data Access Regulation (FIDA), which introduces Open Finance instead of Open Banking based on the Payment Service Directive (PSD2) by broadening the scope of customer data that can be shared based on the customer’s permission. FIDA also creates the Financial Information Service Provider (FISP), which will access and use customer data based on a licence issued by the regulatory authority.

The European parliament adopted the FIDA with the following differences from the original Commission proposal of 28 June 2023:

Customer control over their data

The adopted FIDA proposal modifies the customer consent mechanism, specifying that the explicit permission of customers is needed for data users, including FISPs, to access customer data. FIDA states: “Customers would decide how and by whom their financial data is used. The access should be based on customers’ explicit permission and data users would have to specify what they intend to make with them. The data could not be transferred to a third-party without permission. Moreover, a consent could be withdrawn at any time and free of charge.”

While the wording is different, the fundamentals remain the same when it comes to data users having to specify the purpose of their data processing. The more notable new feature, however, is the “free of charge” clause. This was not included in the original proposal, but has been set in stone in the current version and adds yet another layer of protection for the customer, cementing the customer’s freedom to withdraw, unincumbered by financial pressures.

Another feature that further strengthens the customer’s position is the new proposal that explicitly sets out customer compensation if financial data access scheme members misuse customer data (e.g. if data is transferred to a third party without the customer’s explicit permission).

Gatekeepers excluded

The most revolutionary change from the original proposal is the stipulation that large digital platforms designated as Gatekeepers in the Digital Markets Act should not be eligible to become financial information service providers.

Deadline for conformity

Finally, the proposal extends the deadline for the application of FIDA, giving small firms 12 more months to apply the rules in order to ensure their proportional involvement.

Next steps

European elections are expected to delay the starting date of the trilogues (i.e. negotiations between the European Commission, Parliament and the Council) where compromise will likely be found between the texts of the three institutions. FIDA is likely to be adopted in Q4 2024.

For more information on FIDA, contact your CMS client partner or these CMS experts.