Start Free Trial

AISP Licensed Providers EU 2026: Tink, TrueLayer, Yapily

AISP licensed providers in the EU for 2026: how Tink, TrueLayer, Yapily, Salt Edge, Plaid and Finicity compare on coverage, pricing, and core capabilities.

AISP Licensed Providers in the EU (2026): Tink, TrueLayer, Yapily, Salt Edge, Plaid and Finicity Compared

TL;DR

An Account Information Service Provider (AISP) is a firm authorised under PSD2 (Directive 2015/2366) to read your bank-account data after you grant consent. Six aggregators dominate the EU market in 2026: Tink (owned by Visa, ~6,000 banks across 18 countries), TrueLayer (UK origin, very strong in DACH/Benelux), Yapily (pure-infrastructure API, ~2,000 banks), Salt Edge (Estonia-licensed, broadest CEE coverage), Plaid (US-origin, EEA via Plaid Financial Ltd.) and Finicity (Mastercard Open Banking). All are supervised by national competent authorities — EBA at EU level, FCA in the UK, BaFin in Germany, KNF in Poland, ACPR in France — and they pass through the same PSD2-compliant Strong Customer Authentication you see in your bank app.

Educational content, not legal, regulatory or vendor-selection advice. Coverage, pricing and capability differ by integration tier and country; verify with each provider and with your national competent authority.

What changed: aggregator landscape pre-PSD2 vs PSD2 vs PSD3

Before PSD2 (pre-2018) aggregators existed but operated in a legal grey zone, relying on screen-scraping with stored credentials. There were perhaps a dozen serious players, mostly local; cross-border coverage was patchy and trust low.

Under PSD2 (2018–2026) the EBA register of authorised AISPs grew to over 500 entities by 2026. A handful consolidated into multi-country aggregation giants: Tink, TrueLayer, Yapily, Salt Edge, Plaid, Finicity, Nordigen (acquired by GoCardless), Klarna Kosma (Klarna's spin-out), Token.io (Mastercard) and Worldline's Open Banking unit. The economics flipped: the underlying bank API is free under PSD2, so aggregators monetise through reliability, coverage breadth, data enrichment (categorisation, merchant cleansing), KYC/identity products and developer experience.

Toward PSD3 (2026+) the Commission's Payment Services Regulation will allow "premium APIs" — banks may charge aggregators for enriched data beyond the regulated baseline — and FIDA (Financial Data Access regulation) extends the open-data perimeter to mortgages, pensions and insurance, expanding the addressable market for aggregators by several multiples.

Stakeholders in the AISP chain

  • ASPSP (Account Servicing Payment Service Provider) — your bank
  • AISP aggregator — Tink / TrueLayer / Yapily / Salt Edge / Plaid / Finicity, holding the PSD2 licence
  • End-user application — a personal finance app, lender, accounting tool or B2B treasury platform that consumes the aggregator's API. Many such apps, including Freenance, are themselves AISP-licensed and use aggregators only for breadth in countries they have not yet integrated directly.
  • PISP layer — most of the six also offer payment initiation; some focus more on payments (TrueLayer, Token.io) than on data (Tink, Salt Edge).
  • You, the Payment Service User (PSU) — sovereign over your data and your 180-day renewable consent.

All EU-based AISPs are authorised under Directive (EU) 2015/2366 and Commission Delegated Regulation (EU) 2018/389 (RTS on SCA). National transposition determines which competent authority licenses them. The UK frameworks rely on the Payment Services Regulations 2017, with FCA supervision.

  • Tink AB — Swedish-licensed payment institution, supervised by Finansinspektionen, passported across EEA
  • TrueLayer Limited — UK-authorised by FCA; EU operations via TrueLayer Ireland (Central Bank of Ireland)
  • Yapily Connect Ltd / Yapily Connect Europe Ltd — UK FCA + Lithuanian licence (Bank of Lithuania) for EEA passporting
  • Salt Edge Limited — Canadian parent, EEA operations via Salt Edge Ireland (Central Bank of Ireland) and registered AISP in multiple Member States
  • Plaid Financial Ltd — UK FCA; EEA operations via Plaid B.V. (DNB, Netherlands)
  • Finicity Europe Ltd — part of Mastercard, FCA-authorised, with EEA permissions via Mastercard Payment Services entities
  • GoCardless Bank Account Data (ex-Nordigen) — Latvian licence supervised by Latvijas Banka
  • Klarna Kosma — operates via Klarna Bank AB, Swedish-licensed
  • Token.io — UK FCA, EEA via Token Solutions Ireland

All can passport across the EEA after their first authorisation.

API technical layer: what aggregators abstract

Every aggregator hides the four/five PSD2 API dialects (Berlin Group NextGenPSD2, STET, PolishAPI, OBIE, bespoke) behind a single REST/JSON developer API. They normalise:

  • Account types (current, savings, credit card, loan)
  • Transaction schema (date, amount, currency, counterparty, raw description)
  • Balance types (booked, available, expected)
  • Consent lifecycle (init → SCA → token → 180-day renewal)
  • Error codes and retry semantics

A direct Berlin Group integration with one bank takes 4–8 weeks of engineering; covering 200 banks directly is an 18-month project. Aggregators compress that to a single integration in days.

The six major AISP aggregators compared

Tink (Visa)

  • Owner since 2022: Visa Inc.
  • Coverage: ~6,000 connections, 18 European countries
  • Strengths: broadest coverage in the Nordics, very mature data enrichment (categorisation, income verification), CBI Globe partnership for Italy
  • Weaknesses: premium pricing, less PISP focus than TrueLayer
  • Pricing model: subscription + per-call, custom enterprise quotes typically 0.05–0.20 EUR per successful AIS call
  • Notable customers: PayPal, BNP Paribas, NatWest, AMEX, Adyen, Klarna

TrueLayer

  • Headquartered: London
  • Coverage: ~1,200 connections, strong in UK, Ireland, DACH, Benelux, France, Italy, Spain
  • Strengths: market-leading PISP / "pay by bank" stack with VRP (Variable Recurring Payments) in UK, instant payouts, low-latency API, top-quartile developer experience
  • Weaknesses: slimmer CEE and Nordics coverage
  • Pricing model: free tier for AIS up to a volume threshold, then per-call; PIS priced per successful payment
  • Notable customers: Coinbase, Trading 212, Cazoo, Revolut, Shopify

Yapily

  • Headquartered: London
  • Coverage: ~2,000 connections across 19 countries
  • Strengths: pure infrastructure / "headless" API — no UI layer, ideal for fintechs that want full control. Clean data schemas, transparent pricing.
  • Weaknesses: no opinionated UX components — you build SCA flows yourself
  • Pricing model: flat-fee enterprise plans, predictable
  • Notable customers: Intuit QuickBooks Europe, Volt, Vivid Money, American Express

Salt Edge

  • Headquartered: Toronto (parent), with Ireland and Cyprus EU entities
  • Coverage: the broadest in the world by raw bank count — ~5,000 banks in 50+ countries, particularly strong in CEE (Poland, Czechia, Romania, Hungary), Baltics, MENA
  • Strengths: the de-facto choice for any app with CEE or emerging-market ambitions; offers both AIS, PIS and bank compliance-as-a-service for banks themselves
  • Weaknesses: developer experience is less polished than Tink/TrueLayer; pricing tiers can be opaque
  • Pricing model: per-bank-connection per month plus per-call
  • Notable customers: ING Romania, Mogo, Lemonway, several Polish neobanks

Plaid

  • Headquartered: San Francisco; EEA HQ in Amsterdam
  • Coverage: dominant in the US (~12,000 institutions), in Europe via Plaid Financial Ltd: ~2,000 banks across UK, Ireland, France, Germany, Spain, Netherlands, Belgium, Italy, Denmark, Sweden, Norway, Poland
  • Strengths: unmatched developer experience (Plaid Link drop-in UI is widely loved), strong identity & income verification add-ons, excellent fraud signals
  • Weaknesses: PSD2-compliance coverage thinner than Tink/Salt Edge outside core markets; Polish coverage modest vs Salt Edge
  • Pricing model: per-API-call, with Link onboarding fee
  • Notable customers: Robinhood, Venmo, Coinbase, Wise (selective markets)

Finicity (Mastercard Open Banking)

  • Owner since 2020: Mastercard
  • Coverage: US-strong; EU via Mastercard Open Banking entities — improving rapidly post-Aiia acquisition (Aiia covered Nordics + DACH)
  • Strengths: integrated with Mastercard's wider open-banking and identity stack; income/employment verification (Verification of Income, Verification of Assets) particularly strong for lending use cases
  • Weaknesses: EU coverage still consolidating after multiple acquisitions
  • Pricing model: enterprise contracts, often bundled with other Mastercard services
  • Notable customers: Experian, Rocket Mortgage, several US lenders, growing EU lender base

Honourable mentions

  • GoCardless Bank Account Data (formerly Nordigen) — free tier for AIS makes it popular for hobby/MVP projects and indie developers; commercial use still requires paid plan
  • Klarna Kosma — Klarna's spin-out, leveraging deep integration with the Klarna app's installed base
  • Token.io (Mastercard) — PIS-first, strong in pay-by-bank
  • Worldline Open Banking — broad European bank network, strong with banks themselves as customers
  • Banked, Volt — PIS-focused payment initiators with light AIS overlay

AISP licensing — what it took these firms

To carry an AISP licence, each provider went through 6–12 months of national-authority approval. They demonstrated:

  • Initial capital (50,000 EUR for PIS-only; not required for pure AISP but professional indemnity insurance is)
  • Professional indemnity insurance sized to expected transaction volumes per EBA/GL/2017/08
  • Fit-and-proper directors and qualifying shareholders
  • DORA-aligned ICT risk and incident-response plans
  • A complete operational framework: outsourcing register, BCP, three-lines-of-defence governance
  • Country-specific transposition compliance (ZAG, Wft, PolishAPI guidelines, etc.)

Passporting to additional EEA states is then a 1–3 month notification, not a full re-authorisation.

SCA: what each aggregator hands off to your bank

None of these aggregators ever sees your bank credentials. The PSD2 RTS (Commission Delegated Regulation 2018/389) require Strong Customer Authentication using at least two of: knowledge (password/PIN), possession (registered device with banking app or hardware token) and inherence (biometric). Bank-side SCA flow happens either in the bank's mobile app (push notification + biometric) or via a redirect to the bank's web SCA page; the aggregator only receives an access token afterward.

Consent is granted for up to 180 days (extended from the original 90 days by EBA in March 2021), after which the aggregator must redirect you back to your bank for fresh SCA. Each refresh of account information without your active presence is limited to 4 calls per day under EBA Q&A guidance.

Liability shift and your protections

Under PSD2 Art. 73, your bank must refund any unauthorised payment by the end of the next business day. If a PISP initiated the payment, liability is borne by the PISP, which in turn has recourse against the bank if the failure was at the API layer. An AISP that merely reads data carries no payment liability but is fully accountable under GDPR Art. 6(1)(a) for consent management and Art. 32 for security of processing. Aggregators carry mandatory professional indemnity insurance for this exposure.

PSD3 / PSR / FIDA reform — how it changes the aggregator market

  • Premium APIs — banks may sell enriched data (categorisation, full history >90 days, instant balance) above the regulated baseline. Aggregators will likely resell these as upgrade tiers.
  • API SLAs — mandatory 99.5 %+ uptime targets; aggregators that today differentiate on "uptime engineering" lose part of their moat.
  • Direct settlement access — payment institutions can connect to TARGET2/TIPS/SEPA Clearing directly, enabling cheaper PIS flows.
  • FIDA — savings, mortgages, pensions and insurance enter the open-data perimeter. Aggregators that move first into mortgage and pension data will leapfrog peers.

EU PSD2 vs UK Open Banking aggregator dynamics

UK open banking is narrower (CMA9 banks, mature OBIE Read/Write API) but technically tighter. Many aggregators began UK-first (TrueLayer, Yapily, Plaid Europe) and expanded into EU. Differences relevant when picking a provider:

  • Variable Recurring Payments (VRP) are live for sweeping in the UK since 2022 but not yet uniformly available in the EU (PSD3 will harmonise this)
  • Consent renewal is 90 days in the UK vs 180 days in the EU
  • Bank coverage in the UK is narrower (CMA9 + expanding) vs ~6,000 ASPSPs in the EEA

For consumers: what to look for in the app on top of an aggregator

If you are picking a personal finance app, what matters is rarely the aggregator brand under the hood, but:

  1. Bank coverage in your country — does the aggregator integrate your specific bank?
  2. Refresh frequency — 4×/day is the PSD2 limit for unattended access
  3. Consent UX — does the app remind you before the 180-day expiry?
  4. Categorisation quality — Tink and Finicity lead here
  5. Data retention — what happens to your transactions after you disconnect?

Many users benefit from AISP-integrated apps that aggregate multi-bank balances and project cashflow; Freenance positions itself as an EU-native AI cashflow companion built on this AISP foundation, with a Financial Freedom Runway focus and multi-bank aggregation across PLN, EUR and other EEA currencies.

For developers / founders: choosing an aggregator

  • MVP / hobby: GoCardless Bank Account Data — free tier
  • Pan-European, UK + DACH + Benelux + South: Tink (broadest), Yapily (cleanest API)
  • Payment initiation first: TrueLayer, Token.io
  • CEE / Polish / Baltic emphasis: Salt Edge
  • Lending / income & employment verification: Finicity
  • US + EU customer base: Plaid

Pitfalls to budget for: 180-day consent UX cost (~10–15 % consent attrition per cycle without nudges), bank-side API outages outside SLA, DORA compliance burden (since 17 January 2025), MIFID II overlap if you display investment data, and overlapping GDPR + PSD2 consent obligations.

Worked example: three accounts, one aggregator decision

Anna, 30, in Warsaw, holds mBank (PLN), Revolut (EUR multi-currency) and N26 (DE). She uses a personal finance app to track her Financial Freedom Runway. The app's developer picked Salt Edge for Polish coverage (PolishAPI maturity) and supplemented with Tink for Revolut and N26. Each connection refreshes 4×/day, SCA every 180 days. Total cost to the app: a few cents per active user per month — economically rational because Anna's lifetime value as an AISP-aggregated user is in the tens of EUR.

Polish reader angle: KNF, PolishAPI and aggregator coverage

In Poland, Salt Edge and Tink both have strong PolishAPI integrations with the big six — PKO BP, mBank, ING Bank Śląski, Santander Bank Polska, Pekao, Millennium. Plaid covers PKO + mBank + ING reliably, less for smaller banks. Yapily and TrueLayer have grown Polish coverage rapidly in 2025–2026 thanks to Polish-engineering hires. For an AISP-aspirant Polish startup, KNF's 2026 approval timeline is 6–9 months; many founders simply contract one of these aggregators rather than seek a direct licence.

FAQ

Is using an AISP aggregator safe? Yes — the aggregator is authorised and supervised by a national competent authority, never sees your bank password, and must hold professional indemnity insurance. SCA always happens in your bank's own flow.

Do I pay extra for using an app on top of an aggregator? No. PSD2 prohibits banks from charging for the standard AIS/PIS APIs. The app may charge you a subscription for its software, but the data plumbing is regulated free.

Can I see which aggregator a given app uses? The app should disclose this in its privacy notice and consent flow. You can also see the AISP name in your bank's "Connected services" list.

What happens if my aggregator goes bust? Your bank-side consent is revocable any time. Your data sits with the aggregator and the app, both subject to GDPR retention rules. The app should be able to switch aggregator with minimal disruption — though you will need to re-consent in your bank app.

Why do some apps still ask me to upload CSV files? Usually because they have not integrated your specific bank yet, or your country sits outside their aggregator coverage. PSD2 coverage is broad but not 100 %.

Will PSD3 change which aggregator I should use? Probably not at the app level, but premium APIs and FIDA will expand what aggregators offer. The big six are all positioning to be FIDA-ready.

Sources

  • Directive (EU) 2015/2366 (PSD2)
  • Commission Delegated Regulation (EU) 2018/389 (RTS on SCA)
  • European Commission proposal COM(2023)366 (PSD3 / PSR)
  • EBA Register of authorised payment and electronic money institutions
  • EBA Guidelines EBA/GL/2017/08 (professional indemnity)
  • DORA — Regulation (EU) 2022/2554
  • Berlin Group NextGenPSD2, STET, PolishAPI, OBIE standards
  • National competent authorities: FCA, BaFin, ACPR, Bank of Italy, Banco de España, DNB, KNF, Central Bank of Ireland, Bank of Lithuania, Finansinspektionen

Want full control over your finances?

Try Freenance for free

Related Articles

Fintech

Best Bank in France for Expats 2026: FR Bank Comparison

Hybrid 2026 guide to the best bank in France for expats — BNP Paribas, Société Générale, Boursorama, Revolut and N26 — KYC, fees, mortgage prep, IBAN.

Read more →Fintech

Best Bank in Germany for Expats 2026: DE Bank Comparison

Hybrid 2026 guide to the best bank in Germany for expats — Deutsche Bank, Commerzbank, Sparkasse, Postbank, Revolut and N26 — KYC, fees, mortgage prep.

Read more →Fintech

Best Bank in Italy for Expats 2026: IT Bank Comparison

Hybrid 2026 guide to the best bank in Italy for expats — Intesa Sanpaolo, UniCredit, Fineco, Illimity plus Revolut and N26 — codice fiscale, KYC, mortgage prep.

Read more →Fintech

Best Bank in the Netherlands for Expats 2026: NL Comparison

Hybrid 2026 guide to the best bank in the Netherlands for expats — ING, ABN AMRO, Rabobank, SNS, bunq, Revolut and N26 — BSN, KYC, fees, mortgage prep.

Read more →
Start today

Your path to financial freedomstarts here

Join thousands of investors who use Freenance to manage their personal finances.

Start for free
14 days free
No credit card
256-bit encryption