The European Commission is refining its approach to the Financial Data Access Regulation (FiDA), a key initiative to extend the open data framework established by the Payment Services Directive (PSD2). A recent non-paper dated May 16, 2025, outlines amendments to simplify FiDA’s implementation while addressing concerns about Big Tech’s access to sensitive financial data.
With trilogue negotiations set to resume on June 17, the stakes are high for shaping the future of open finance in Europe.
What is FiDA?
Introduced in June 2023, FiDA (Framework for Financial Data Access) is a proposed regulation by the European Commission that aims to introduce Open Finance by enlarging the scope of data that customers may be allowed to share (covering areas like investments and insurance, but excluding health insurance data).
FiDA’s objective is to enlarge the scope of data that customers may be allowed to share, while opening the door to new types of services and business models in the financial industry. It is expected to enhance financial data interoperability, streamline access, improve data accuracy, and facilitate compliance with regulatory standards.
Key elements of FiDA
Entities acting as data holders or data users under the Financial Data Access regulation. Customer data encompasses personal and non-personal data that financial institutions typically collect, store, and process as part of their normal interactions with customers.
Data holders must provide customers with a permissions dashboard to allow the latter to monitor and manage the permissions granted. Data holders and data users should become members of a financial data sharing system responsible for developing standards for customer data and access interfaces.
Understanding industry pushback to FiDA’s ambitious goals
Traditional financial institutions have resisted FiDA, citing high compliance costs and risks of sharing European citizens’ data with tech giants.
Florence Lustman, President of France Assureurs, called FiDA a “runaway train” in a 2024 Politico interview, while Daniel Baal of Crédit Mutuel labeled it a “Trojan horse” for Big Tech’s ambitions in finance.
In February 2025, the Commission briefly considered scrapping FiDA, influenced by France’s push for withdrawal. Ultimately, the regulation was retained, but the Commission’s latest proposals reflect a compromise to address these concerns.
Key amendments to simplify FiDA
- Excluding large corporations: The Commission suggests limiting FiDA’s scope to exclude large corporations, focusing only on individuals and SMEs. This could reduce compliance costs significantly—for instance, slashing the estimated €504 million cost for investment firms by €370 million, as it would exclude around 51,000 large companies.
- Limiting data scope: To further ease implementation, the Commission proposes excluding transaction data older than ten years (if not available online) and data from terminated contracts. Credit agencies and reinsurance firms may also be exempt, as their data is less relevant to individual consumers.
- Standardized data frameworks: To avoid fragmented data schemes, the Commission advocates for EU-wide data standards per category, developed by European standardization organizations. This could lower costs and streamline data use, though France has raised concerns about accommodating local financial instruments.
- Strong authentication via EU Digital Identity Wallet: The Commission pushes for the EU’s digital identity wallet, set for rollout by late 2026, to standardize strong customer authentication and prevent fragmentation.
Blocking Big Tech
A major sticking point has been the potential for Big Tech firms like Alphabet, Amazon, and Meta to exploit FiDA. The Commission’s response is clear: exclude “gatekeepers” under the Digital Markets Act from obtaining Financial Information Service Provider (FISP) licenses.
This move, which enjoys broad support, aims to protect European financial data from tech giants.
Harmonizing with PSD3 and beyond
To streamline compliance, the Commission proposes aligning FiDA with PSD2, PSD3, and the Payment Services Regulation (PSR). For instance, firms with Account Information Service Provider (AISP) licenses under PSD2 could access a simplified FISP licensing process, a relief for fintechs wary of redundant regulatory hurdles.
France’s pragmatic push
France, once a vocal opponent, now supports advancing FiDA but with a “demand-driven” approach. The French Treasury advocates for a case-by-case rollout based on proven market needs, ensuring financial institutions’ investments align with actual use cases.
Fanny Rodriguez of Afepame supports this but warns that without oversight from regulators like the ACPR, banks and insurers may resist data sharing.
However, critics like Martin Gylfe of Insurely argue this approach risks giving too much power to data holders, potentially stifling competition and innovation.
Germany’s support and timeline debates
Germany, previously skeptical, now backs the Commission’s proposals, though it suggests a shorter data history (starting at two years, extending to five) to ease compliance. The trilogue on June 17 will likely see debates over timelines.
While the Commission envisions an 18-month implementation period post-publication, France and Germany push for longer timelines (up to 24-30 months). Fintechs, however, are urging faster action, with France Fintech advocating for a maximum 24-month rollout to avoid disrupting their funding cycles.
Looking ahead at the FiDA timeline
With Denmark’s EU Council presidency starting July 1, 2025, there’s optimism for a progressive push to finalize FiDA by year-end. The exclusion of Big Tech and large corporates seems likely to pass, but debates over data scope, timelines, and local flexibility will shape the final text.
As Martin Gylfe notes, Denmark’s leadership could prioritize FiDA, especially as other financial initiatives like the Retail Investment Strategy face delays.
FiDA represents a bold step toward open finance, balancing consumer empowerment with industry concerns. The coming months will determine whether the EU can deliver a framework that fosters innovation without compromising data security or overburdening financial institutions.
Navigating FiDA compliance with confidence
As FiDA’s final framework takes shape, financial institutions face a complex balancing act: embracing open finance opportunities while maintaining robust data governance and compliance. The regulation’s emphasis on data security, customer control, and standardized frameworks underscores the critical need for trusted technology partners.
Axway’s independent approach to data privacy and sovereignty positions us uniquely to support organizations through this regulatory transition.
Our comprehensive data management solutions address the core challenges FiDA presents: secure data sharing frameworks, standardized API connectivity, and flexible compliance architectures that adapt as regulations evolve.
With proven expertise in regulatory compliance across multiple jurisdictions, Axway can help enterprises transform FiDA requirements from compliance burdens into competitive advantages.
A proudly independent software publisher with European roots, Axway provides a robust set of solutions to mitigate international data storage and processing concerns.