European open banking has spent the past two years inside a regulatory rewrite. The proposed Payment Services Directive 3, the parallel Payment Services Regulation, and the Financial Data Access framework are collectively the most substantial piece of work the European Commission has done on the file since PSD2 came into force. The shape of the second-act framework is now reasonably clear, and large parts of it address the structural complaints that have dogged open banking since its first version.
What the new framework has not yet done is move the headline adoption numbers. Active user counts, transaction volumes through licensed third parties, and the share of payments running through account-to-account rails remain modest across most member states. The gap between the regulatory ambition and the market behaviour is where the interesting questions sit.
What the framework is trying to fix
PSD2 left a long list of operational complaints from third-party providers. Bank APIs varied widely in quality, downtime, and feature completeness. Authentication flows were inconsistent and often clumsy enough to drop a meaningful share of users mid-transaction. Liability allocation between banks and third parties remained contested, with disputes pulling in national regulators on a case-by-case basis. Commercial models were unclear, with banks providing API access on regulatory grounds but pricing additional services in ways that third parties argued were anti-competitive.
The second-act framework addresses most of these directly. Performance standards for bank APIs are tighter, with explicit availability requirements and clearer remedies when banks fall short. Authentication and consent flows are subject to more prescriptive rules designed to reduce drop-off and improve the user experience. Liability allocation is more clearly written into the regulation rather than left to interpretation. Commercial models, particularly for the broader financial-data scope under FIDA, allow regulated pricing rather than the mandatory-free model of basic PSD2 access.
These are substantial improvements. They are also, taken together, the kind of regulatory tidy-up that addresses operational friction without necessarily changing the underlying commercial dynamics that have kept open banking adoption flat.
Why adoption has stayed muted
The honest reading of European adoption data is that open banking has found a real but narrow market and has not yet broken into mass-market consumer finance. The categories where adoption has been strongest, including account aggregation for personal finance applications, lending decisioning, and certain B2B payment flows, were already in growth before the regulatory tidying began. The categories where adoption has been weakest, including consumer point-of-sale payments and recurring consumer billing, remain stuck in the same patterns that the original PSD2 framework did not dislodge.
Several factors explain this. Card networks have continued to invest in their own product surface, narrowing the experience gap that was supposed to be open banking's lever. The user benefit of paying by bank transfer rather than by card is modest in most consumer scenarios, and the marginal economic incentive for merchants to push customers toward account-to-account payments has not been large enough to overcome card-network inertia in most markets.
Trust patterns also matter. European consumers have generally been willing to authorise third-party access to financial data when the value exchange is clear, whether getting a better mortgage rate, consolidating account views, or qualifying for credit, and reluctant when it is not. That is a reasonable consumer response. It also caps the addressable market for open banking products that try to scale on convenience rather than concrete financial benefit.
Where the FIDA expansion changes the math
The Financial Data Access framework expands the scope of regulated data sharing beyond payments into a much broader set of financial categories: pensions, insurance, investment accounts, mortgage data, certain non-life products. This is a meaningful enlargement of the regulatory surface, and the commercial possibilities differ from open-payments banking in several ways.
The use cases tend to be more clearly aligned with consumer financial benefit. Pension consolidation, switching analysis for insurance products, and consolidated views of investment positions are services where the value to the end user is more direct than in payments, and where the existing market provision is often poor enough that a well-built third-party product can compete on something other than price.
The commercial models also differ. FIDA contemplates regulated pricing for data sharing rather than mandatory-free access, which gives data holders a viable commercial proposition for participating constructively rather than treating the obligation as a cost centre to minimise. Early signals from the industry suggest that this changes the politics of API quality in useful ways: a bank or insurer that earns revenue from data sharing has different incentives than one that does not.
What FIDA does not solve is the build-out problem. Each new category of financial data brings its own technical standards work, governance work, and dispute-resolution work. The pace at which usable APIs become available across the full FIDA scope will determine whether the expansion translates into actual product launches over the next three years or whether it remains largely on paper for longer.
What banks and third parties are doing differently
The behaviour of incumbent banks toward open banking has shifted noticeably in the past eighteen months. The defensive posture of the early PSD2 years has softened in most large institutions, replaced by a more pragmatic position that treats open banking as both a regulatory obligation and a commercial channel. Several large European banks now run dedicated open banking businesses with their own profit and loss responsibility, selling premium API access, identity products, and value-added data services to third parties. The shift reflects a recognition that the framework is not going away and that there is meaningful revenue to be earned at the data-provider layer rather than only the data-consumer layer.
Third parties have evolved in parallel. The thinning out of the early open banking startup landscape, through acquisitions, consolidations, and a smaller number of failures, has left a more defined set of players with clearer product propositions. The market is less crowded than it was two years ago, and the survivors are generally those that found a specific commercial wedge rather than those pursuing platform plays.
What to watch as the second act unfolds
Three things will determine whether the second-act framework moves the adoption numbers or simply makes the existing market more efficient. The first is the practical quality of the new API standards as they come into force. Specifications that look strong on paper need to translate into reliable, well-documented, low-friction integration on the ground. The early track record on this has been mixed across member states.
The second is enforcement. The new framework includes stronger powers for national regulators to address bank performance issues, and the political willingness to use those powers will vary by jurisdiction. The countries where regulators move actively on enforcement are likely to see meaningfully different open banking outcomes than those where the response is more passive.
The third is what happens at the consumer experience layer. The framework can fix the plumbing, but the products that get built on top of it have to be good enough to win mainstream consumer attention. The candidates currently visible across the European market are stronger than the equivalent generation two years ago, but the breakthrough product that pushes account-to-account payments or financial-data products into mass adoption has not yet appeared. Whether it does will determine whether the second act delivers more than the first.
