How Europe Built Open Banking and Where It's Headed Next

·Cozzy·6 min read·Updated
open bankingfintechregulationPSD2Europe
Cover image for How Europe Built Open Banking and Where It's Headed Next

How Europe Built Open Banking and Where It's Headed Next

In December 2025, the UK recorded 16.5 million open banking user connections. That's nearly one in three adults sharing their bank data with apps they trust. 24 billion API calls flowed through the system that year. Banks talked to budgeting tools. Budgeting tools talked to payment services. Money moved in ways that would have been unthinkable a decade ago.

None of this happened by accident. It took almost 20 years of European regulation, three major directives, and plenty of friction between banks and fintechs to get here. And the next chapter is about to be bigger than everything that came before.

Where did it start? SEPA and PSD1 (2007)

Before the first Payment Services Directive, sending money across European borders was expensive and slow. Each country ran its own payment system with its own standards. A transfer from Germany to France could take days and cost several euros in fees.

In 2002, the European banking industry created the European Payments Council to fix this. Their project was called SEPA (the Single Euro Payments Area). The goal was simple: make a euro payment to any account in Europe as easy as a domestic transfer.

PSD1 became law in 2007 and was transposed across all EU and EEA member states by November 2009. It did two things that mattered.

First, it created the legal foundation for SEPA. Cross-border euro payments got cheaper and faster. Second, it introduced Payment Institution licenses. For the first time, non-banks could legally offer payment services in Europe. Companies like Adyen got their start under this framework.

PSD1 wasn't about open banking. Nobody was talking about APIs or data sharing in 2007. But it established something new: banks would no longer be the only ones legally allowed to handle your money.

Timeline of European open banking regulation from PSD1 to FIDA

What made PSD2 the breakthrough? (2018)

PSD2, the Revised Payment Services Directive, changed everything. Proposed in 2013 and enforced across the EU from 13 January 2018, it gave customers a right that seems obvious in hindsight: your bank data belongs to you, not your bank.

Under PSD2, banks had to build APIs (secure data connections) and share your account information with regulated third-party providers, but only with your explicit consent. Two new types of company emerged:

  • Account Information Service Providers (AISPs) could read your bank data to power budgeting apps, credit checks, and financial dashboards
  • Payment Initiation Service Providers (PISPs) could trigger payments directly from your bank account, bypassing card networks entirely

PSD2 also introduced Strong Customer Authentication (SCA). Every online payment now needed two forms of verification. This was the regulation behind the "confirm in your banking app" prompts that became part of daily life.

The UK, while implementing PSD2 before Brexit, went further. The Competition and Markets Authority ordered the nine largest UK banks to build standardised APIs through the Open Banking Implementation Entity. This top-down approach gave the UK a head start that still shows in the numbers today.

How did adoption actually go?

PSD2 didn't deliver a smooth revolution. Some banks embedded unnecessary steps into their authentication flows. Customers had to click through 5 to 15 screens to grant access when the process should have taken seconds. API quality varied wildly between banks and countries. Northern Europe and the UK moved fast. Southern Europe lagged behind.

Screen scraping (the old method where apps logged into your bank's website to read data) refused to die quietly. PSD2 APIs often returned less data than scraping could access, so many providers kept both methods running as a fallback.

Despite the bumps, adoption grew fast. The UK's Open Banking entity reported that by the end of 2025:

  • 16.5 million user connections were active, up 36% from 12.1 million in 2024
  • 24 billion API calls were made, up 27% year on year
  • 351 million open banking payments were processed, a 57% increase
  • System availability stayed above 99.50% with average response times of 324 milliseconds

Variable Recurring Payments (VRPs), which let apps make flexible recurring transfers on your behalf, nearly doubled in volume with 98% year-on-year growth. Across Europe more broadly, the region held roughly 36% of global open banking revenue in 2025.

UK open banking adoption statistics for 2025

What do PSD3 and the PSR fix?

On 27 November 2025, the EU reached a provisional agreement on the next generation of payments regulation. This time, it comes as two pieces: the Payment Services Directive 3 (PSD3) and the Payment Services Regulation (PSR).

The split matters. PSD2 was a directive, meaning each country transposed it into local law differently. The PSR is a regulation, directly applicable across all member states with no room for national interpretation. The European Commission called the package "an evolution, not a revolution".

Here's what changes:

Stronger fraud protection. Banks must verify that the recipient's name matches their IBAN before processing a transfer. If they fail to flag a mismatch and you lose money to fraud, the bank is liable. Victims of impersonation fraud get mandatory reimbursement.

Better open banking APIs. Dedicated interfaces must achieve performance parity with the bank's own channels. Banks can no longer offer a degraded experience to third parties. Permission dashboards become mandatory, giving you one place to see and control who accesses your data.

Non-bank access to payment systems. Fintechs and payment institutions gain direct access to all EU payment systems, levelling a playing field that still tilted toward traditional banks.

Human support required. Payment providers must offer human customer support, not just chatbots.

The final text is expected to be published by mid-2026, with the PSR applying 18 months after entry into force.

Comparison of key changes from PSD2 to PSD3 and PSR

What is FIDA? From open banking to open finance

PSD2 only covered payment accounts. Your current account, your debit card, your direct debits. Everything else (your savings, investments, insurance, pension, mortgage) stayed locked inside individual providers with no obligation to share.

The Financial Data Access regulation (FIDA), proposed by the European Commission in June 2023, changes this. It extends the principle of "your data, your choice" to nearly every financial product you hold.

Under FIDA, 15 categories of financial entity must share customer data on request. That includes:

  • Savings and investments (stocks, bonds, funds, crypto-assets)
  • Insurance (non-life policies, excluding health)
  • Pensions (occupational and personal)
  • Mortgages and loans (balances, conditions, transaction history)
  • Creditworthiness data used during loan applications

Financial institutions will join Financial Data Sharing Schemes that set common technical standards. Customers get standardised dashboards to grant, manage, and revoke access to their data.

The Council reached its negotiating position in December 2024 and trilogue negotiations with the European Parliament are now underway. The final text is expected in 2026, with full implementation likely starting in 2027.

One politically charged detail: EU discussions have focused on potentially restricting access for Big Tech platforms like Apple, Google, and Amazon to protect European competitiveness.

What does this mean for your money?

Diagram of how bank syncing works: you grant consent, a regulated provider connects to your bank's API, and your transactions flow securely into the app

The practical impact of two decades of regulation comes down to three things.

More control. Right now, your financial life is scattered across banks, insurers, pension providers, and investment platforms. FIDA will let you pull all of that into one place, with you deciding exactly who sees what.

Lower costs. Open banking payments bypass card networks entirely. No interchange fees, no scheme fees. As PSD3 forces better API quality and gives fintechs direct access to payment systems, expect account-to-account payments to replace cards for more transactions.

Smarter tools. When apps can see your full financial picture (not just your current account), they can give genuinely useful advice. A budgeting app that knows your mortgage rate, pension contributions, and investment returns can tell you something meaningful about your money.

Europe's regulatory journey from PSD1 to FIDA has taken two decades. Each step has given you more say over your own financial data, and the next few years extend that from your current account to your savings, pension, insurance, and mortgage. Worth knowing as you choose the tools you'll trust with that data.

Cozzy will use open banking (via Yapily, a regulated provider) to sync your accounts securely when bank linking launches. Join the open beta at cozzy.io to be ready for it.

The Cozzy Team

The team behind Cozzy — an AI-powered budget tracker helping people across Europe take control of their finances.

The world's first trillionaire, and why there shouldn't be one

The world's first trillionaire, and why there shouldn't be one

Elon Musk just became the world's first trillionaire. Here's the case against wealth that size, what history shows, and what the defenders get right.

Cozzy is in open beta: a friendlier money app for Ireland

Cozzy is in open beta: a friendlier money app for Ireland

Cozzy is now in open beta. A calm, empathetic money app built in Ireland, with an AI coach, real budgeting, and a learning hub designed for the way people actually use money.

Ireland's Cost-of-Living Squeeze Just Got Worse

Ireland's Cost-of-Living Squeeze Just Got Worse

Inflation hit 3.6% in March as energy prices surged 11%. Here's what's driving costs up and how Irish households can protect their finances.