Start Free Trial

PSD3, PSR & FIDA EU 2026: What Changes for Finance Apps

PSD3, PSR and FIDA in 2026: what changes for personal finance apps, premium APIs, fraud liability rules, and the new EU financial data access framework.

PSD3, PSR and FIDA in the EU (2026): What Changes Are Coming for Personal Finance Apps — a Deep Dive

TL;DR

PSD3 is the European Commission's proposed reform of PSD2, published on 28 June 2023 as the package COM(2023)366 (PSD3 + PSR) alongside COM(2023)360 (FIDA — Financial Data Access regulation). It replaces the patchy national implementations of the 2015 directive with a directly applicable Payment Services Regulation (PSR), leaves prudential and licensing rules in a slimmer Payment Services Directive 3 (PSD3), and extends open-data principles beyond payment accounts to mortgages, loans, savings, investments, pensions and insurance under FIDA. The package is supervised by the European Banking Authority (EBA) plus national competent authorities — BaFin, ACPR, Bank of Italy, Banco de España, DNB, KNF, Central Bank of Ireland. For users, expect tighter fraud protection (mandatory IBAN/name matching, refund liability for spoofed-caller scams), better API performance with measurable SLAs, premium APIs from banks, and within 2–3 years a step-change in app coverage — a single personal finance app being able to read your mortgage balance, pension pot and insurance policy alongside your current account.

Educational content, not legal or regulatory advice. PSD3 / PSR / FIDA are still in trilogue / transposition phases; verify with EBA and your national competent authority.

What changed: PSD2 vs PSD3 / PSR / FIDA

PSD2 (2015/2366, applicable 2018–2026): a directive — meaning each EEA Member State transposes it into national law (ZAG, Wft, PolishAPI guidelines, etc.), causing meaningful interpretive divergence. Open banking is limited to payment accounts — current accounts, e-money wallets. No formal API SLAs, no premium APIs allowed, no harmonised liability for social-engineering fraud.

PSD3 + PSR (proposed 2023, expected application 2026–2027): split into two instruments. The PSR (Payment Services Regulation) covers conduct of business — SCA, fraud prevention, transparency, AISP/PISP operational rules — and is directly applicable in all Member States without national transposition (eliminating divergence). PSD3 keeps prudential rules and licensing — merging the EMI (e-money) regime into a single Payment Institution licence. Both make explicit what EBA opinions only suggested under PSD2.

FIDA (proposed 2023, expected application 2027+): extends the open-data perimeter to non-payment financial data — mortgages, consumer credit, savings, investments, pensions (occupational and personal), and most insurance contracts. It introduces a new licensed role, the FISP (Financial Information Service Provider), and a market-led contractual layer called Financial Data Sharing Schemes (FDSSs) that set commercial rules between data holders and FISPs.

Stakeholders in the post-PSD2 landscape

  • ASPSP (Account Servicing PSP) — banks, e-money institutions: same role
  • AISP / PISP — accounts information / payment initiation: same roles, with tighter SLAs and fraud-liability rules
  • FISP — new, licensed financial information service provider under FIDA
  • Data holders — banks, mortgage lenders, asset managers, pension funds, insurers — must expose APIs for FIDA-covered data
  • FDSS members — banks and FISPs sign multilateral schemes setting fees, SLAs, dispute resolution
  • PSU / data subject — you, sovereign over data, granting and revoking permissions in a centralised dashboard
  • Card schemes (Visa, Mastercard, Amex) — affected by stricter 3DS2 and IBAN-matching rules but not by FIDA directly
  • National CAs — BaFin, ACPR, Bank of Italy, Banco de España, DNB, KNF, Central Bank of Ireland — supervising, plus EBA at EU level and EIOPA for insurance under FIDA
  • You, the Payment Service User (PSU) — gain a permission-dashboard right under FIDA, expanded refund rights under PSR
  • PSD3 — Directive on Payment Services and Electronic Money Services: proposed COM(2023)366, replacing both PSD2 (2015/2366) and the E-Money Directive (2009/110/EC). National transposition expected within 18 months of entry into force.
  • PSR — Payment Services Regulation: proposed COM(2023)366. Directly applicable; covers conduct of business, AISP/PISP, SCA, fraud prevention, transparency.
  • FIDA — Financial Data Access Regulation: proposed COM(2023)360. Directly applicable; covers data scope beyond payment accounts.

National transposition rules of PSD2 (ZAG in Germany, Ordonnance 2017-1252 in France, D.lgs. 218/2017 in Italy, RDL 19/2018 in Spain, Wft in the Netherlands, Ustawa o usługach płatniczych in Poland) will be replaced or rewritten. UK divergence will continue under the FCA's Smarter Regulatory Framework.

API technical standards under PSD3 / PSR

PSD2 left the choice of API standard to industry; Berlin Group NextGenPSD2, STET, PolishAPI and OBIE emerged. PSD3 / PSR does not mandate a single standard but introduces:

  • Mandatory API performance metrics — uptime ≥99.5 % (or comparable), defined latency at the 95th percentile, error-rate caps. Banks publishing performance dashboards.
  • Removal of the fallback mechanism — under PSD2, banks that failed API SLAs had to provide a screen-scraping fallback. PSD3 / PSR removes the fallback provided the API meets the new SLA targets; banks that breach SLAs face supervisory enforcement instead.
  • Standardised "permission dashboard" — every bank must give the user a single page to see and revoke every active AISP / PISP consent.
  • Premium APIs explicitly allowed — banks may charge for enriched data (categorisation, full history >90 days, instant balance, business-account specifics) above and beyond the regulated free baseline.

For FIDA, the Commission expects Financial Data Sharing Schemes to converge on common API patterns — Berlin Group's openFinance API extension is one strong candidate; the Centre for Finance, Innovation and Technology (CFIT) ecosystem in the UK is another.

Licensing under PSD3

PSD3 merges the EMI (Electronic Money Institution) regime into a unified Payment Institution licence with sub-categories. Headline numbers (subject to final text):

  • Initial capital: ranges retained — 50,000 EUR for PIS-only; 125,000 EUR for institutions issuing e-money; 350,000 EUR for institutions providing full payment-account services
  • Professional indemnity insurance retained for AISPs, formula refined by EBA Guidelines
  • Fit-and-proper check unchanged
  • DORA-aligned ICT risk management (Regulation 2022/2554) mandatory since 17 January 2025
  • EEA passport unchanged — single authorisation, notify other Member States
  • Approval timeline — Commission targets 6 months as the cap; in practice many national authorities still take 6–12

FIDA creates a parallel FISP licence regime — lighter than PIS, focused on data fitness, data security, and consent integrity.

SCA under PSR — what changes

The PSR re-affirms SCA but tightens and clarifies:

  • Behavioural biometrics explicitly recognised as an inherence factor
  • Accessibility — banks must provide SCA flows that work for users without smartphones (elderly, disability) — no biometric-only flows
  • No silent downgrade from 3DS2 to 3DS1 — issuers banned from forcing fallbacks that reduce security
  • Tighter SCA on AISP — push for shorter consent renewal cycle (under discussion: returning from 180 to a hybrid 90-day model with extended renewal on inactivity)
  • TRA thresholds retained but with quarterly publication of acquirer fraud rates

Fraud-liability tightening — the most consumer-visible change

PSR introduces several refund-trigger expansions:

  • IBAN / name verification (VOP — Verification of Payee) — mandatory on every credit transfer. The payer's bank must confirm whether the IBAN matches the beneficiary's account name and warn the payer. If the bank fails to perform VOP and a misdirected payment occurs, the bank is liable for the loss. This is already live for instant SEPA under the SEPA Instant Regulation (2024/886) applicable from October 2025.
  • Spoofed-caller-ID liability — if a fraudster impersonates a bank caller-ID and tricks a customer into authorising a payment, and the bank cannot prove gross negligence by the customer, the bank bears the refund.
  • 24-hour AISP / PISP refund window — for unauthorised PIS-initiated payments, refund must be processed end of next business day; AISPs (read-only) carry no refund liability but full GDPR liability for breaches.
  • Authorised push payment (APP) fraud — partial refund rights under PSR for victims of social-engineering scams, mirroring the UK PSR (Payment Systems Regulator) October 2024 mandatory APP reimbursement scheme.

Non-bank PSP access to payment systems

A major structural change. Under current EU law, non-bank PSPs (Payment Institutions, EMIs) cannot directly join TARGET2, TIPS or SEPA Clearing systems — they must use a sponsor bank. PSD3 amends the Settlement Finality Directive (98/26/EC) to allow PIs and EMIs to participate directly. The economic effect: cheaper SEPA Instant payouts, faster settlement, more competitive pay-by-bank pricing.

FIDA — the open-finance step

FIDA expands the open-data perimeter to:

  • Mortgages — outstanding balance, monthly payments, rate type, end date
  • Consumer credit — loans, credit cards beyond pure payment functions
  • Savings & deposit products — including term deposits
  • Investments — securities accounts, fund holdings, robo-advisory portfolios
  • Pensions — both occupational (Pillar 2) and personal (Pillar 3); IORP-covered schemes likely in scope
  • Insurance — most non-life and life products in scope, with limited carve-outs (sickness, health insurance debate ongoing)
  • Crypto-asset accounts — under MiCA-regulated CASPs

FIDA creates Financial Data Sharing Schemes (FDSSs) — industry-led multilateral contracts that define data scope, technical standards, fees, dispute resolution. Membership is mandatory: any data holder offering an in-scope product must join a relevant FDSS within 24 months of FIDA entry into force.

Compensation: under FIDA, data holders may charge FISPs a "reasonable compensation" — meaning that, unlike PSD2's free baseline, financial data access has a market price. The Commission has signalled the fee must be cost-based, not value-based, to avoid foreclosure.

What this means for personal finance apps

If FIDA goes live as proposed by 2027–2028, a personal finance app could legally aggregate:

  • Current accounts + e-money wallets (today, PSD2)
  • Savings accounts + term deposits (new, FIDA)
  • Investment accounts at brokers (new, FIDA)
  • Pension pots, both employer and private (new, FIDA)
  • Mortgage balance and amortisation schedule (new, FIDA)
  • Insurance policies and premiums (new, FIDA)

That is the data foundation for a true AI cashflow companion that can answer: "Given my Polish mortgage, my N26 EUR salary, my IKE pension contributions, my Revolut savings vault and my OC car insurance renewal, what is my Financial Freedom Runway?" Freenance — an EU-native AI cashflow companion positioned around exactly this multi-account, runway-first view — is one of the apps designed for the FIDA endpoint.

PSD2 (EU) vs UK Open Banking — divergence post-PSD3

Dimension EU under PSD3 / PSR / FIDA UK under FCA Smarter Regulatory Framework
Legal form Directly applicable PSR + slim PSD3 + FIDA FCA rulebook + Joint Regulatory Oversight Committee (JROC) roadmap
Premium APIs Allowed under PSD3 Already in market via OBIE premium APIs
Variable Recurring Payments Pan-EU rollout via PSR Live for sweeping since 2022, commercial VRP expanding
IBAN / name verification Mandatory under PSR + SEPA Instant Reg 2024/886 Confirmation of Payee live since 2020, expanded 2024
Open finance scope FIDA covers mortgages, pensions, insurance "Smart Data" review proposed similar but no firm law
AISP consent renewal Likely tightened from 180 days back toward 90 with inactivity-based extension 90 days
APP fraud reimbursement Partial under PSR Mandatory 50:50 issuer-receiver since October 2024

Consumer playbook for the transition

  1. Expect a permission dashboard — every bank will provide a single screen listing every active AISP/PISP consent. Use it.
  2. Expect IBAN/name match warnings at checkout and on credit transfers. If the warning fires, stop and verify.
  3. Watch for premium API tiers — your favourite finance app may introduce a paid plan that unlocks longer transaction history or pension/mortgage data on top of free PSD2 accounts.
  4. APP fraud refund rights expanding — if you were tricked into authorising a payment, you may have refund rights you did not under PSD2 alone.
  5. 180-day vs 90-day renewals — consent UX may change; do not panic if your finance app asks you to reconnect more frequently in 2027.

Many users will benefit from AISP / FISP-integrated apps that combine the runway view across accounts; Freenance positions itself for this transition.

Developer / founder playbook

  • Plan for direct settlement — design payment products assuming non-bank PSP direct access to TARGET2/TIPS by 2027.
  • Build VOP — both as a sender (verify before initiating) and as a receiver (answer the VOP query)
  • Premium API economics — model the cost of enriched data tiers; bank pricing not yet published but expected ~0.01–0.05 EUR per call
  • FIDA scope mapping — if you offer a financial product, map your data taxonomy to FIDA categories now
  • Join an FDSS early — being a founding member of a Financial Data Sharing Scheme is a moat
  • Update SCA flows — accessibility, behavioural biometrics, no fallback to 3DS1
  • Audit DORA compliance — non-negotiable since January 2025

Worked example — a 30-year-old in 2028 under PSD3 + FIDA

Anna, 32 by 2028, in Warsaw, holds:

  • mBank PLN current account (PSD2 — free)
  • Revolut EUR multi-currency (PSD2 — free)
  • N26 DE current account (PSD2 — free)
  • mBank savings vault 5 % deposit (FIDA — fee-bearing under data holder's FDSS schedule)
  • IKE pension at PKO TFI (FIDA — fee-bearing)
  • Mortgage at ING Bank Śląski, 380,000 PLN, 7 % rate (FIDA — fee-bearing)
  • OC + AC car insurance at PZU (FIDA — fee-bearing)

Her chosen personal finance app, licensed as both AISP and FISP, charges 9.99 EUR/month for the full bundle. Out of that, perhaps 1–2 EUR/month pays bank/insurer data fees under the FDSS; the rest is the app's margin. Aggregated view: full Financial Freedom Runway, including pension contributions, mortgage amortisation, insurance renewals. SCA on first connection of each, 90–180 day renewal depending on final PSR text.

Polish reader angle: KNF, FIDA and Polish financial data

Poland will transpose PSD3 (the slim directive part) — likely as an amendment to the existing Ustawa o usługach płatniczych. PSR and FIDA apply directly without transposition. KNF supervisory expectations:

  • Polish AISP/PISP licensees must move to the new Payment Institution unified licence within the transition window (typically 24 months)
  • Polish banks must provide the permission dashboard
  • IBAN / name verification already live in some PL banks; will be universal under PSR
  • Polish IKE/IKZE pension providers, mortgage banks (PKO, mBank, ING, Santander, Pekao, Millennium), insurers (PZU, Warta, Allianz) — all in scope under FIDA
  • PolishAPI standard will likely evolve to cover FIDA endpoints, in parallel with Berlin Group openFinance API

FAQ

When does PSD3 become law? The PSD3 + PSR package has been in trilogue between the Commission, Parliament and Council. After political agreement and publication in the Official Journal, the PSR applies typically 18 months later (probably 2026–2027); PSD3 has the additional 18-month transposition window for national law.

When does FIDA apply? FIDA follows a similar timeline; market expectation is 2027–2028 for first FDSS go-live.

Will I pay for open finance? Under PSD3 the existing free baseline for payment-account APIs remains. Under FIDA, the new financial-data categories carry a "reasonable compensation" fee. The end-user typically pays through the app's subscription, not directly to the bank.

Will my favourite finance app still work? Yes — established AISPs (Tink, TrueLayer, Yapily, Salt Edge, Plaid, Finicity) and AISP-integrated personal finance apps are all preparing for PSD3 / FIDA. Some will add premium tiers; coverage will expand significantly.

What about the UK? The UK is on a parallel but divergent path under the FCA's Smarter Regulatory Framework and JROC roadmap. Cross-border app coverage UK ⇄ EU will require dual permissions.

Will SCA become less annoying? Expect more frictionless 3DS2, codified behavioural biometrics, accessibility carve-outs. Net direction: fewer prompts for low-risk volume, harder challenges where fraud risk is real.

What is the worst-case scenario for personal finance apps? A long transition with bank foot-dragging on FIDA scheme membership, opaque premium-API pricing, and FDSS dispute mechanisms that favour incumbents. The Commission has signalled it will use proportionate enforcement to avoid this.

Sources

  • Directive (EU) 2015/2366 (PSD2)
  • Commission Delegated Regulation (EU) 2018/389 (RTS on SCA)
  • European Commission proposal COM(2023)366 (PSD3 + PSR)
  • European Commission proposal COM(2023)360 (FIDA)
  • Settlement Finality Directive 98/26/EC (amendments under PSD3)
  • E-Money Directive 2009/110/EC (consolidated by PSD3)
  • SEPA Instant Regulation (EU) 2024/886
  • DORA — Regulation (EU) 2022/2554
  • MiCA — Regulation (EU) 2023/1114
  • EBA Opinion EBA-Op-2019-06 on SCA elements; EBA March 2021 opinion on AIS consent renewal
  • National competent authorities: EBA, EIOPA, BaFin, ACPR, Bank of Italy, Banco de España, DNB, KNF, Central Bank of Ireland, FCA

Want full control over your finances?

Try Freenance for free

Related Articles

Fintech

Best Bank in France for Expats 2026: FR Bank Comparison

Hybrid 2026 guide to the best bank in France for expats — BNP Paribas, Société Générale, Boursorama, Revolut and N26 — KYC, fees, mortgage prep, IBAN.

Read more →Fintech

Best Bank in Germany for Expats 2026: DE Bank Comparison

Hybrid 2026 guide to the best bank in Germany for expats — Deutsche Bank, Commerzbank, Sparkasse, Postbank, Revolut and N26 — KYC, fees, mortgage prep.

Read more →Fintech

Best Bank in Italy for Expats 2026: IT Bank Comparison

Hybrid 2026 guide to the best bank in Italy for expats — Intesa Sanpaolo, UniCredit, Fineco, Illimity plus Revolut and N26 — codice fiscale, KYC, mortgage prep.

Read more →Fintech

Best Bank in the Netherlands for Expats 2026: NL Comparison

Hybrid 2026 guide to the best bank in the Netherlands for expats — ING, ABN AMRO, Rabobank, SNS, bunq, Revolut and N26 — BSN, KYC, fees, mortgage prep.

Read more →
Start today

Your path to financial freedomstarts here

Join thousands of investors who use Freenance to manage their personal finances.

Start for free
14 days free
No credit card
256-bit encryption