Open Banking in 2026: PSD2, FDX, and the Global Data Sharing Revolution
The state of open banking worldwide: regulatory mandates, API standards, adoption metrics, and business models.
Open banking is reshaping how consumers and businesses interact with financial data. By requiring banks to share account information through standardized APIs, regulators worldwide are dismantling the data monopolies that traditional institutions have held for decades. In 2026, the movement has reached a turning point: the EU is finalizing PSD3, the US is navigating legal battles over its Section 1033 rule, Brazil has scaled to billions of monthly API calls, and India's Account Aggregator framework now covers nearly 3 billion financial accounts.
Yet adoption remains uneven. Regulatory mandates exist in over 60 countries, but actual usage lags far behind. Understanding where open banking stands today requires examining the regulations driving it, the API standards enabling it, the business models sustaining it, and the path toward a broader open finance ecosystem.
What Is Open Banking?
Open banking requires financial institutions to provide third-party access to customer account data and payment initiation capabilities through secure APIs, with the customer's explicit consent. Rather than screen-scraping bank websites (a fragile, insecure practice), authorized providers connect directly to bank infrastructure through standardized interfaces.
The model creates two regulated roles. Account Information Service Providers (AISPs) can read account data: balances, transaction history, and account details. Payment Initiation Service Providers (PISPs) can trigger payments directly from a customer's bank account, bypassing card networks entirely. Both require customer consent and regulatory authorization.
Why it matters: Open banking separates data access from data storage. You no longer need to bank with an institution to benefit from the financial data it holds about you. This enables competition on services rather than on data lock-in.
The Regulatory Landscape
Open banking regulation falls into two broad approaches: mandate-driven (regulators require banks to open APIs) and market-driven (industry builds standards voluntarily, sometimes with regulatory encouragement). The mandate approach dominates in the EU, UK, Brazil, and Australia. The US has attempted a regulatory path but faces significant legal obstacles.
EU: From PSD2 to PSD3
The EU's Payment Services Directive 2 (PSD2) took effect in January 2018, requiring all EU banks to provide API access to licensed third parties. PSD2 established the legal framework for AISPs and PISPs across the European Economic Area, but implementation varied significantly by country because member states transposed the directive into national law independently.
The successor legislation addresses this fragmentation. On 27 November 2025, the European Parliament and Council reached provisional agreement on PSD3 and the accompanying Payment Services Regulation (PSR). The agreed texts were published on 23 April 2026, with the Parliament's ECON Committee voting on 5 May 2026. Publication in the Official Journal is anticipated for mid-2026, with the PSR applying directly 21 months after publication and PSD3 requiring national transposition within 18 months.
The critical structural change: the PSR is a regulation, not a directive. It applies directly across all EU member states without national interpretation, eliminating the inconsistencies that plagued PSD2. PSD3 itself becomes a narrower directive governing authorization, licensing, and supervision. Together, they mandate higher API performance standards, introduce customer permission dashboards in banking apps, and eliminate screen-scraping fallback mechanisms.
UK: The Most Mature Market
The UK's approach predates PSD2. In 2016, the Competition and Markets Authority (CMA) ordered the nine largest current account providers to implement Open Banking standards (now at version 4.0.1, published March 2026). The Open Banking Implementation Entity, now Open Banking Limited (OBL), manages the standard, with oversight transitioning to the FCA.
Adoption numbers reflect genuine scale: 16.5 million user connections by December 2025 (up 36% year-over-year), 351 million payments processed in 2025 (up 57%), and 24 billion successful API calls across the year. Variable Recurring Payments (VRPs) now account for 16% of open banking transactions, with sweeping VRP volumes nearly doubling in 2025.
In April 2026, the FCA published its open finance roadmap through 2030, building on the Data Use and Access Act (DUAA) 2025. The roadmap extends data sharing beyond banking to savings, mortgages, insurance, investments, and pensions, with SME credit and mortgages as initial priorities.
US: Section 1033 and Legal Uncertainty
The CFPB finalized its Personal Financial Data Rights rule (implementing Section 1033 of the Dodd-Frank Act) in October 2024. The rule requires financial institutions to make consumer data available electronically through APIs, free of charge, to consumers and authorized third parties.
Implementation has stalled. The Bank Policy Institute and Kentucky Bankers Association filed suit immediately, and in October 2025, a federal court enjoined enforcement. The court found that the rule likely overstepped statutory authority and was arbitrary regarding data security requirements. Under new leadership, the CFPB has indicated it will issue an interim final rule rather than restart the full rulemaking process.
Despite the regulatory uncertainty, market-driven adoption continues. The CFPB recognized the Financial Data Exchange (FDX) as the first standard-setting body under Section 1033 in January 2025. Over 130 million consumer accounts already connect via the FDX API, and Plaid alone connects over 150 million accounts, powering data access for apps like Venmo, Robinhood, and Coinbase.
Brazil: The Scale Leader
Brazil's Open Finance ecosystem, regulated by the Central Bank, is the world's most comprehensive implementation. Launched in phases from February 2021, it expanded beyond banking in March 2022 to include pensions, foreign exchange, investments, and insurance.
The numbers are striking: 102 billion API calls in 2024 (up 96% year-over-year), 62 million active data-sharing consents as of January 2025, and over 800 participating institutions connecting more than 100 million customers. In 2026, Brazil is expanding further into corporate open finance and credit portability, with a production pilot involving 26 financial institutions launched in November 2025.
India: Account Aggregator Scale
India's Account Aggregator (AA) framework, governed by the RBI, reached 2.88 billion financial accounts enabled for data sharing by March 2026. The ecosystem includes 17 RBI-licensed Account Aggregators, 151 Financial Information Providers, and 435 Financial Information Users. Over $10 billion in loans have been disbursed using AA data since launch, demonstrating real economic impact for credit access.
Australia: The Reset
Australia's Consumer Data Right (CDR) is active in banking and energy, with over 100 accredited data recipients. However, adoption has been slow relative to expectations. The government announced a “reset” to reduce compliance costs, including cutting the data retention period from seven to two years. Non-bank lending obligations begin in July 2026, with telecoms expansion paused until the core banking and energy sectors mature.
Global Regulatory Comparison
| Jurisdiction | Framework | Approach | Status (2026) | Scope |
|---|---|---|---|---|
| EU | PSD2 / PSD3 + PSR | Mandate | PSD3 in final legislative stage | Payment accounts; FIDA extends to investments, insurance |
| UK | CMA Order + DUAA | Mandate | 16.5M users; open finance roadmap published | Current accounts; expanding to mortgages, pensions |
| US | CFPB Section 1033 | Mandate (enjoined) | Rule enjoined; interim rule pending | Consumer financial accounts |
| Brazil | BCB Open Finance | Mandate | 102B API calls/year; 800+ participants | Full open finance: banking, insurance, investments, pensions |
| India | RBI Account Aggregator | Mandate | 2.88B accounts enabled; 223M users | All regulated financial accounts |
| Australia | Consumer Data Right | Mandate | Active in banking/energy; reset underway | Banking, energy; non-bank lending from July 2026 |
API Standards: How the Pipes Work
Behind every open banking transaction is an API standard that defines how third parties authenticate, request data, and initiate payments. Three standards dominate globally, each reflecting the regulatory and market context where it emerged.
Berlin Group NextGenPSD2
The Berlin Group developed NextGenPSD2 as the standard API framework for PSD2 compliance across Europe. Approximately 3,600 banks across 24 countries have implemented it, covering over 75% of European banks. The specification defines endpoints for Account Information Services (AIS), Payment Initiation Services (PIS), and Confirmation of Funds, providing a common interface that third-party providers can use regardless of which bank they connect to.
Open Banking UK
The UK standard, maintained by Open Banking Limited, takes a more prescriptive approach than NextGenPSD2. Version 4.0.1 (March 2026) comprises five specification types: Read/Write APIs, Open Data APIs, Directory services, Dynamic Client Registration, and MI Reporting. The tighter specification contributed to the UK's higher API reliability: weighted availability above 99.50% throughout 2025, with average response times of 324 milliseconds.
Financial Data Exchange (FDX)
FDX is a non-profit consortium of over 200 member organizations operating primarily in North America. The FDX API (currently at version 6.5) focuses on secure, standardized data sharing and was the first standard recognized by the CFPB under Section 1033. Unlike the European standards, FDX emerged from industry collaboration rather than regulatory mandate, with member institutions including banks, fintechs, data aggregators, and consumer advocacy groups.
| Standard | Region | Coverage | Governance | Key Feature |
|---|---|---|---|---|
| NextGenPSD2 | EU | ~3,600 banks, 24 countries | Berlin Group (industry consortium) | Broad PSD2 compliance framework |
| Open Banking UK | UK | CMA9 + voluntary adopters | Open Banking Limited | Prescriptive spec; 99.5%+ uptime |
| FDX API | US / Canada | 130M+ accounts, 200+ members | Non-profit consortium | Market-driven; CFPB-recognized |
The fragmentation problem: A fintech operating across the EU, UK, and US must integrate with three different API standards. This is why middleware providers like Tink (Visa), Plaid, and Salt Edge exist: they abstract regional API differences behind a single integration layer.
Who Is Building on Open Banking?
The open banking ecosystem has matured beyond pure data aggregation into distinct business models, each capturing different value from API-driven financial data.
Payment Initiation: Pay by Bank
Account-to-account (A2A) payments initiated via open banking APIs bypass card networks, eliminating interchange fees that typically range from 1.5% to 3.5% of transaction value. In the UK, open banking payments grew 57% in 2025 to 351 million transactions. TrueLayer processed over $1 billion during Black Friday weekend alone. eBay launched Pay by Bank for UK buyers in February 2026, and Stripe rolled out Pay by Bank in France and Germany through TrueLayer.
Key players in payment initiation include TrueLayer (UK/EU), Token.io (EU infrastructure), Yapily (19 countries, 2,000+ banks), and GoCardless (acquired by Mollie in December 2025). The economics are compelling for merchants: lower fees, faster settlement, and reduced chargeback exposure compared to card rails.
Account Data and Credit Scoring
Account information APIs enable new approaches to credit underwriting. Experian launched its Cashflow Score in March 2025, using consumer-permissioned open banking data to deliver up to 25% improvement in predictive performance over conventional credit scores. The combined Credit + Cashflow Score, launched in November 2025, outperforms conventional models by over 40%.
This matters for financial inclusion. Borrowers with thin credit files but steady income patterns become visible to lenders through transaction data. India's Account Aggregator framework has enabled over $10 billion in loan disbursements, much of it to borrowers who would be invisible to traditional bureau-based scoring.
Variable Recurring Payments
VRPs allow third parties to initiate recurring payments from a consumer's bank account with pre-agreed parameters (maximum amount, frequency, duration). Unlike direct debits, VRPs give consumers granular control and real-time visibility. In the UK, sweeping VRP volumes nearly doubled in 2025 (+98% year-over-year). The UK Payments Initiative (UKPI), established by 31 firms in late 2025, is building a commercial VRP scheme for utilities, financial services, and government payments, with live transactions expected from early 2026.
Embedded Finance Aggregation
Embedded finance platforms use open banking APIs to integrate financial services into non-financial applications. Plaid, valued at $8 billion as of February 2026, connects over 150 million consumer accounts and reports $546 million in annual revenue. Tink (acquired by Visa for EUR 1.8 billion) provides a single API layer across European banks. Mastercard extended its open banking reach by acquiring Finicity (US) and Aiia (EU), enabling credit decisioning and scoring across both markets.
The middleware model creates a competitive dynamic: banking-as-a-service providers compete on coverage (how many banks they connect to), reliability (uptime and latency), and value-added features (fraud detection, identity verification, credit scoring on top of raw data).
Challenges and Limitations
Despite regulatory momentum, several structural problems persist.
Screen Scraping Survives
In the US, where the banking landscape includes thousands of institutions with varying technical capabilities, screen scraping remains a primary data access method. Aggregators parse bank website HTML to extract account data, a technique that requires users to share banking passwords with third parties, breaks when banks update their interfaces, and struggles with multi-factor authentication. PSD3 will mandate the eradication of screen-scraping fallbacks in the EU, but the US market lacks an equivalent prohibition.
The Premium API Debate
Under PSD2, banks must provide basic API access free of charge. But maintaining secure, reliable APIs carries real infrastructure costs. JP Morgan has signaled plans to charge third parties for API access, reigniting the debate. The EU's FIDA proposal attempts a middle ground: free access to basic account data (balances, transactions), with standardized pricing for premium or value-added data. This mirrors the tension in any platform market: whether data producers or data consumers should bear the cost of access.
Fragmented Standards
A fintech building for global coverage must integrate with NextGenPSD2 (EU), Open Banking UK, FDX (US/Canada), and various national standards in Brazil, India, Australia, and across Asia. No universal open banking standard exists, and none is likely to emerge. The middleware aggregator model (Plaid, Tink, Salt Edge) is the practical solution: absorb fragmentation at the infrastructure layer so application developers see a single API.
From Open Banking to Open Finance
The next evolution extends data sharing beyond payment accounts to the full spectrum of financial products: savings, investments, pensions, insurance, mortgages, and consumer credit. This shift from open banking to open finance is already underway in multiple jurisdictions.
EU: FIDA
The Financial Data Access (FIDA) framework proposes extending consent-driven data sharing to mortgages, loans, savings, investments, insurance, pensions, and crypto-assets. Trilogue negotiations began in April 2025, though a provisional agreement has slipped from the originally expected autumn 2025 timeline. If adopted mid-2026, implementation would proceed in phases from 2027 through 2030. A key political question: whether Big Tech companies should be permitted to participate in the FIDA ecosystem.
UK: Smart Data Roadmap
The FCA's April 2026 open finance roadmap builds on the Data Use and Access Act 2025 to extend data sharing across eight sectors: banking, energy, property, transport, road fuels, agrifood, and telecoms. TechSprints in 2026 will explore SME lending and mortgage use cases first, with a formal discussion paper on the first open finance scheme expected in Q4 2026.
Brazil: Already There
Brazil completed its transition to full Open Finance in April 2024, making it the world's first comprehensive open finance market. The ecosystem already covers banking, insurance, investments, pensions, and foreign exchange across 800+ institutions. The credit portability pilot (launched November 2025 with 26 financial institutions) lets consumers transfer loan obligations between providers using open finance data, with broader market launch in February 2026.
The Convergence: Data Portability Meets Money Portability
Open banking creates the data layer for modern finance: APIs that let consumers and businesses move their financial information between providers. But data portability alone is incomplete. Moving financial data across institutions means little if moving the money itself remains slow, expensive, and trapped in legacy clearing and settlement systems.
This is where stablecoin payment rails enter the picture. Stablecoins on networks like Spark create a complementary money portability layer: value that moves instantly, settles in seconds, and operates 24/7 without relying on correspondent banking, batch processing, or business-hour constraints. When USDB moves on Spark, it carries the same properties that open banking brings to data: permissionless access, API-first architecture, and user control.
Together, these layers form the architecture for a fully open financial stack. Open banking APIs provide the visibility (know where your money is, compare products, authorize data access). Stablecoin rails provide the movement (transfer value between any two parties, anywhere, at any time). The combination unlocks use cases that neither layer enables alone: instant credit decisions using real-time account data paired with instant disbursement via stablecoins, or real-time cross-border payments triggered by open banking payment initiation but settled on programmable rails rather than SWIFT.
The open financial stack: Open banking solves data portability. Stablecoin rails solve money portability. The convergence of both creates a financial system where consumers own their data, control their money, and can move either without institutional gatekeepers.
For developers building at this intersection, Spark provides the infrastructure layer. The Spark SDK enables applications to send and receive Bitcoin and stablecoins with the same API-first approach that open banking brings to financial data. General Bread is one example of a Spark-powered wallet that combines stablecoin payments with the kind of seamless user experience that open banking has trained consumers to expect.
What Comes Next
Several developments will shape open banking and open finance over the next 12 to 24 months:
- PSD3/PSR publication in the EU Official Journal (expected mid-2026) will set the clock on a 21-month implementation timeline, with full applicability by Q2/Q3 2028
- The CFPB's interim final rule on Section 1033 will either restart US open banking momentum or face further legal challenges
- Commercial VRPs in the UK will test whether open banking can capture recurring payment volumes currently dominated by direct debit and card-on-file
- FIDA negotiations will determine whether open finance in Europe extends to insurance, pensions, and investments on a reasonable timeline
- Brazil's credit portability rollout will demonstrate whether open finance can disrupt lending markets at scale
The trajectory is clear even if the timeline varies by jurisdiction: financial data is becoming portable, financial services are becoming composable, and the infrastructure for moving both data and money is converging around open, API-first standards. The institutions and protocols that position themselves at this intersection will define the next generation of financial services.
This article is for educational purposes only. It does not constitute financial or investment advice. Bitcoin and Layer 2 protocols involve technical and financial risk. Always do your own research and understand the tradeoffs before using any protocol.