Legislative proposal for a new open finance framework

In “A Europe Fit for the Digital Age”

PDF version

In the context of the Digital Finance Strategy, the European Commission announced a proposal on open finance, which would refer to the access and reuse of customer data, with consent, across a range of financial services.

This initiative would enable data sharing and third party access for a wide range of financial sectors and products, in line with data protection and consumer protection rules. It would be based on the principle that financial services customers own and control the data they supply and the data created on their behalf.

The Commission launched also a targeted consultation on open finance framework and data sharing in the financial sector. It ran from 10 May 2022 to 5 July 2022. The consultation aimed to inform the Commission on the application and impact of PSD2 and on the views on open finance, taking into consideration, among others, developments in the payment market, payment user needs and the need for possible amendments. The targeted consultation aimed to gather input from more professional stakeholders.

On 14 September 2022, in the Letter of Intent to President Metsola and Prime Minister Fiala, President Von der Leyen announced data access in financial services among the key new initiatives for 2023 

On 18 October 2022, the European Commission published the Commission Work Programme 2023, where a legislative proposal on an open finance framework was scheduled to be delivered in the second quarter of 2023.

On 28 June 2023, the Commission put forward a legislative proposal for a framework for financial data access (open finance framework). The framework aims to establish clear rights and obligations to manage customer data sharing in the financial sector beyond payment accounts. The proposed regulation establishes rules on the access, sharing and use of certain categories of customer data in financial services. It also establishes rules concerning the authorisation and operation of financial information service providers. The proposed regulation will apply to following categories of customer data on:

1. mortgage credit agreements, loans and accounts, except payment accounts as defined in the Payment Services Directive (EU) 2015/2366, including data on balance, conditions and transactions;

2. savings, investments in financial instruments, insurance-based investment products, crypto-assets, real estate and other related financial assets as well as the economic benefits derived from such assets;

3. pension rights in occupational pension schemes;

4. pension rights on the provision of pan-European personal pension products;

5. non-life insurance products, except for sickness and health insurance products;

6. data which forms part of a creditworthiness assessment of a firm which is collected as part of a loan application process or a request for a credit rating.

The proposal aims to establish clear rights and obligations to manage customer data sharing in the financial sector beyond payment accounts, namely:

- possibility but no obligation for customers to share their data with data users (e.g. financial institutions or fintech firms) in secure machine-readable format to receive new, cheaper and better data-driven financial and information products and services (i.e. such as financial product comparison tools, personalised online advice);

- obligation for customer data holders (e.g. financial institutions) to make this data available to data users (e.g. other financial institutions or fintech firms) by putting in place the required technical infrastructure and subject to customer permission;

- full control by customers over who accesses their data and for what purpose to enhance trust in data sharing, facilitated by a requirement for dedicated permission dashboards and strengthened protection of customers' personal data in line with the General Data Protection Regulation (GDPR);

- standardisation of customer data and the required technical interfaces as part of financial data sharing schemes, of which both data holders and data users must become members;

- clear liability regimes for data breaches and dispute resolution mechanisms as part of financial data sharing schemes so that liability risks do not act as a disincentive for data holders to make data available;

- additional incentives for data holders to put in place high-quality interfaces for data users through reasonable compensation from data users in line with the general principles of business-to-business (B2B) data sharing laid down in the Data Act proposal (and smaller firms will only have to pay compensation at cost).

The general objective of the proposal is to improve economic outcomes for financial services customers (consumers and businesses) and financial sector firms by promoting digital transformation and speed up adoption of data-driven business models in the EU financial sector. The final aim is to provide more innovative financial products and services for users and to stimulate competition in the financial sector. 

In the European Parliament, the Committee on Economic and Financial Affairs (ECON) is responsible for the file. On 19 July 2023, ECON Committee appointed MEP Michiel Hoogeveen as rapporteur. The Committee on Legal Affairs (JURI), The Committee on Internal Market and Consumer Protection (IMCO), and the Committee on Civil Liberties, Justice and Home Affairs (LIBE) has been proposed for an opinion. The JURI and IMCO Committes have decided not to give an opinion.  

In the Council, discussions have started within the Council preparatory bodies.


For further information: Stefano Spinaci, legislative-train@europarl.europa.eu

As of 20/10/2023.