.svg)
Moving into 2026, the European payments industry is monitoring the progress of the Financial Data Access (FiDA) Regulation, which builds on the open banking framework established in the revised Payment Services Directive (PSD2) to establish a regime for open finance across the EU.
Although phased implementation is scheduled for 2027, 2026 will be decisive for operational and strategic readiness.
FiDA aims to give consumers and firms greater control over financial data, while embedding data governance, security, and operational resilience into the core of new business models. For compliance teams, this signals a shift from policy monitoring to preparatory execution.
Early assessment and licensing
FiDA will apply to a range of entities when acting as data holders or data users, including payment and electronic money institutions, crypto-asset service providers (CASPs) and issuers of asset-referenced tokens (ARTs).
It will establish the category of “financial information services provider” (FISP), an entity authorised under Article 14 to access customer data to provide financial services. This aims to ensure that only trusted and secure providers can access and process customer data.
New entrants would need to apply for a licence (at an estimated cost of around €18.5m) and comply with operational resilience and cybersecurity requirements.
In 2026, firms should assess commercial viability, map governance gaps and begin early-stage data strategy planning to ensure readiness for licensing and operational compliance.
Operational and supervisory implications
FiDA sits within the EU’s broader digital strategy, aligning with the General Data Protection Regulation (GDPR) and building on the Data Act, which became applicable as of September 12, 2025.
Complying with FiDA will be a significant undertaking: providing customers with their data immediately, free of charge, continuously and in real time upon request, but also securely, could be costly and resource-intensive.
A central element of FiDA is the establishment of financial data-sharing schemes, which will define technical standards, interfaces, protocols and authentication. Participation will be effectively mandatory, creating a supervisory expectation that firms not only comply but actively engage to shape interoperability rules.
Dashboards for customer permissions will reinforce accountability and transparency. Firms should develop communication programmes to ensure consumers understand their rights, anticipating supervisory assessment of both process and consumer outcomes.
Strategic and compliance foresight
Although the text of the regulation is not yet finalised, the scale of the compliance challenge means financial institutions should begin preparing in 2026. This includes mapping data flows to identify where interoperability gaps may arise.
The regulation includes wide administrative sanctions for non-compliance, including financial penalties of up to 2 percent of total turnover, suspension of a licences and supervisory censure, whereas proactive engagement offers a strategic advantage by embedding operational resilience, shaping technical standards, and building trust ahead of the 2027 rollout.
