Blog

One year since the FiDA & payments package draft proposals: where do we stand?

6min Read · 28 Jun 2024
fida psr payments

It’s (already) been a year since the European commission published the FiDA (Financial Data Access), PSR and PSD3 draft proposals. Over the last 12 months, they have received a lot of feedback from associations and industry experts and the legislative process has been moving forward. Today, as we are getting closer to the final versions, let’s have a look at how it has evolved and what’s still being discussed.

 

Financial Data Access

Prior to the publication of the FiDA draft proposal, a targeted consultation on Open Finance framework and data sharing in the financial sector took place from May 11th, 2022, to July 5th, 2022. Its outcome was published on August 18th, 2022. and the Financial Data Access draft proposal was released a mere 10 months later.

From June 30th to November 1st, 2023, 84 feedback were received after the publication of the FiDA draft proposal, and coming from all over the EU, whether it be professional associations, academic associations, Fintechs, non-governmental organizations and even EU citizens.

In the meantime, the Committee on Economic and Monetary Affairs (ECON) was appointed in July 2023. On April 30th, 2024, the ECON adopted the report by Michiel HOOGEVEEN (ECR, NL) on the FiDA proposal. This report was not yet submitted for a vote in Plenary due to the European elections schedule. Several changes to the original version can be found in the text adopted at ECON level, notably concerning the companies in scope (credit rating agencies and reinsurance companies are not in scope anymore, but operators of payment schemes now are) and the types of data sets. For instance, credit cards accounts and technical accounts have been added to the list of data sets, as well as non-sensitive categories of data used by data holders to meet know-your-customer (KYC) requirements for business customers. The definition of Financial Data Access Schemes (formerly known as Financial Data Sharing Schemes) has also been modified.  Moreover, the transparency obligation relating to permission dashboards have been reinforced: “the permission dashboard […] shall provide the customer, at any time and in a format that is easy to understand, to the extent that the information is in the possession of the data holder, with an overview of each ongoing permission given to each data user”.

In the progress report published by the Belgian Presidency of the EU, it is stated that “Member States broadly agree on the scope of customer data in the FiDA Regulation Proposal […]. Some critical elements of this proposal still need to be discussed and the drafting amended in order to reach a compromise”.

Several key points are still being discussed by the different stakeholders, notably concerning:

  • the implementation approach of FiDA, either one shot or staggered. The staggered approach would then involve a gradual deployment, depending on the data scope and with different applicability timing depending on the category of data.
  • the final scope is also yet to be decided, especially when it comes to the role that gatekeepers (such as Amazon, Alphabet, Apple, Microsoft and others) could play in this new Open Finance framework.
  • the question of permission dashboards also remains open, and especially the right or not for customers to change/revoke permissions.

Given the different legislative steps on the roadmap, we expect an entry into force of the text early 2025 at the earliest.

 

The Payments Package

The PSD3 and PSR draft proposals are the result of a call for evidence and a public consultation which took place from May 10th, 2022, to August 2nd, 2022, and gathered almost 200 feedback/comments from business associations, citizens and companies. It aims at amending and modernizing PSD2, and therefore at addressing the pending challenges identified while adapting the payment rules to market developments.

Following the publication of the PSR and PSD3 draft proposals, the topics were also handled by the ECON Committee, with both legislative resolutions (on the proposals for a regulation on payment services in the internal market – PSR – and for a directive on payment services and electronic money services in the internal market – PSD3) adopted by the European Parliament, on April 23rd, 2024.

From July 1st, 2023, the Spanish Presidency of the EU put fraud at the center of discussions, and highlighted the need to notably clarify the concept of “Gross Negligence” in order to better allocate liabilities and therefore foster consumer protection.

From January 2024, the Belgian Presidency, following a consultation with the Member States, expressed that “the focus should extend beyond the fraud regime to include other important parts of the Payments Package, e.g. the Open Banking framework, the prudential supervision of payments institutions, etc.”.

 

PSR

The Progress Report published by the Belgian Presidency highlights that Member States have agreed on the fact that screen-scraping and similar methods of access are “outdated, insecure and should not longer be allowed”. As explained, access to payments account data without proper identification (so-called ‘screen-scraping’) should, in any circumstances, never be performed”.

The report also reaffirms that, “to guarantee a high level of security in data access and exchange, access to payment accounts and the data therein should be provided to account information and payment initiation service providers via an interface designed and dedicated for ‘open banking’ purposes, such as an API”. The Council Working Party included the following change to the proposal: a partial derogation from the obligation to have a dedicated interface is clarified to be possible only when the customer-facing interface is an API endpoint already, to avoid a situation whereby insecure access techniques might be perpetuated.

The Verification of Payee obligation, or “matching verification service”, was agreed upon by Member States, as well as related liabilities: “The payer shall not bear any financial losses for any authorised credit transfer where the payment service provider of the payer failed, in breach of Article 50(1), to notify the payer of a detected discrepancy between the unique identifier and the name of the payee provided by the payer”.

Moreover, to increase trust in Open Banking, PSUs need to be in full control of their data and have access to clear information on the data access permissions that have been granted. The report also clarifies the exchange of information between TPP and ASPSP, the exclusion of any liability of an ASPSP resulting from PSU actions through the dashboard that might violate the latter’s contractual obligations to the TPP and the alignment with FIDA requirements.

 

PSD3

The PSD3 Prudential Supervision regime applicable to payment institutions was also a key topic discussed during the Belgian Presidency of the EU. The Council Working Group notably adapted the definition of electronic money to “render it more clear that electronically stored monetary value issued on receipt of funds for the purpose of making payment transactions and accepted by other persons that the issuer is sufficient to constitute electronic money”.

On the revision of cross-border provision of payment services: “the Presidency notes that in relation to the nature of agent passporting, with regard to the concepts ‘right of establishment’ and ‘free provision of services’, the majority of Member States support maintaining the criteria set out in the EBA Opinion on the nature of passport notifications. Hence, there is no need to modify PSD3 in this sense”.

 

What now?

In the next days, the Belgian Presidency of the European Union will end, passing the torch to Hungary which “will build on the work of previous presidencies” and “will continue the negotiations of the ongoing legislative packages”.

As explained in the official program of the Hungarian Presidency of the EU, “The Council is discussing a number of legislative packages reflecting the challenges and opportunities of digitalisation. In this area, the package on the payment services review, access to financial data and the digital euro are of particular importance. We will seek to start trilogue negotiations with the European Parliament on the regulations amending reporting requirements and the Benchmark regulation”.

 

Learn more OUR LUXHUB’S Open Finance Platform

Useful Resources See All
Press Release Six major banks in Luxembourg select LUXHUB as their VOP service provider
#PAYEE VERIFICATION PLATFORM
4min Read · 8 Apr 2025
Blog Why an Open Banking expert is the ideal partner for VOP
#Payee Verification Platform
3min Read · 6 Feb 2025
Press Release LUXHUB obtains ISO 27001 certification
2min Read · 13 Feb 2025
In the Media How FIDA opens unprecedented opportunities: 5 innovative and concrete use cases
2min Read · 25 Nov 2024