Understanding FIDA: The new regulation explained

From theory to reality.

The Financial Data Access (FIDA) regulation is no longer just a concept; it’s officially in motion. The first trilogue between the European Parliament, Council, and Commission took place in April 2025, setting the tone for how open finance will be implemented across the EU.

With broad political backing and a clear legislative timeline, financial institutions are now facing more than just future speculation. The regulation is taking shape, and those who wait risk falling behind.

At its core, FIDA will require banks, insurers, and other financial players to open up consumer financial data, just as PSD2 did for payments. This time, it’s broader. It includes pensions, investments, mortgages, insurance and beyond.

For forward-thinking financial players, this is a window of opportunity, not a compliance checkbox.

FIDA is about empowering consumers by giving them control and transparency over their financial data. FIDA facilitates consumer access to their personal financial data across networks. FIDA will empower all consumers because it will establish a digital framework that allows them to better understand their financial situation, enabling them to make informed decisions.

What are the current data sharing issues that FIDA aims to resolve?

FIDA seeks to address the challenge of accessing and reusing consumer data to promote better access to financial information and unlock opportunities for consumers to benefit from better financial products and services.

Consumers are willing to share their data when they receive good services in return. However, currently they hesitate to do so due to lack of trust. This is because:

There are no rules and tools to manage data-sharing permissions.
Consumers feel that they are not able to control how their data is being used.
They are concerned about cybersecurity risks and the protection of their data and privacy when sharing information.
At the same time, the current lack of authorisation and supervision of the activity of the data users creates risks for customers, underscoring the need for enhanced oversight and regulation in this area.

The absence of standardisation in both the type of data and the technical infrastructure increases the cost of data-sharing, leading to significant divergence between data types.

Timeline and scope.

The Financial Data Access (FIDA) regulation is actively progressing through the EU legislative process. With the first trilogue having taken place in April 2025 and continued negotiations underway, the regulation is on track for formal adoption later this year. A phased implementation is expected to begin in 2026, giving financial institutions time to adapt to the new obligations.

While the exact scope is still being defined, FIDA is designed to expand data access far beyond the boundaries set by PSD2. It introduces regulated sharing of financial data across a wide range of product types—not only payment accounts, but also areas such as insurance, pensions, investments, and credit products. The overarching aim is to give consumers more control over their financial information and to enable more transparent, personalized, and competitive services across the financial ecosystem.

As the details are finalized in Brussels, financial players should prepare for a regulatory framework that will reshape how data is accessed, shared, and governed across Europe.

Why FIDA matters now.

Over the past year, FIDA has moved from high-level ambition to legislative reality. It is no longer a policy proposal in early stages—it’s now a structured roadmap with clear political backing, a legislative timetable, and market-wide implications. The first trilogue took place in April 2025, confirming the EU’s commitment to accelerating open finance.

At the same time, consumer expectations have evolved. People now expect to access their financial data in real time, compare and switch between products effortlessly, and manage their financial lives digitally—across banking, insurance, pensions, and investments. FIDA responds to this shift, setting the foundation for a regulated data-sharing framework that meets these demands securely and transparently.

FIDA data schemes.

Financial Data Sharing Schemes essentially refer to the coalition of data holders/users that need to determine how financial data sharing should work between themselves, for a specific scope of data/accounts. While FIDA lays the foundation for financial data sharing within the articles on Scope and Definitions, FIDA does not provide many of the details related to how this should actually be done in practice; leaving many of those decisions up to the schemes and their participants (data holders and users).

As deployers of practical use cases, we know that data sharing is difficult. Period. It requires that different parties agree on common standards, formats, protocols, among many other things. This can be even more difficult when large financial institutions (i.e. data holders) are required to get together and decide how things should be done; each institution is powerful and set in their ways. This is a big ask for FIDA to place on data holders, and for this to be successful several things should be added to schemes: strong and independent governance, a fair balance of power between all members, clear procedures and defined processes, and strong deadlines; all determined by the central body asking for data sharing to occur. Without this added structure, it may be difficult for data holders to know where to begin.

How can schemes work in practice?

First let's establish that the majority of complexity within data sharing typically has to do with setting common data standards for data holders to agree to and abide by. Two approaches can be taken to solve this:

Data Holders do the work: In the approach, which is currently proposed within FIDA, all data holders get together in a scheme and decide how to structure the data they need to share. Typically in these scenarios, the use case is very clear, the participants required to standardize the data are well defined, and there is a well defined governance structure in place to help the parties come to compromises. In this scenario, the data holders are essentially doing all of the hard work, and data users then have a very easy job in accessing/using the data made available by data holders. Historical precedent shows that this effort takes many years to work on. For example, an industry wide standardization effort by the EMA and its IDMP program has taken 10+ years, even though it was supported by pre-defined ISO standards. A good example of powerful data holders dragging their feet on a standardization effort which was meant to last 3-5 years.

Data Users do the work: This scenario comprises the flipside of scenario 1; data schemes are optionally formed. Data holders have one basic responsibility, make the data available in whatever format they have, and on whatever real time interface they prefer (e.g. MyPages, customer App, API, etc), as long as data users can access it. Then data users are responsible for taking the data from each data holder and finding a way to standardize it so it works for their use case. The data users spend the effort in this scenario.

Are long term data holder driven schemes possible in the future?

Short answer: Absolutely. At Insurely, we see a future where data holders form schemes, probably for specific use cases, which results in the data holders providing high quality APIs in a common data format. These will most likely occur for the most popular use cases, and in situations where there is a clear incentive to do so. For example, if data holders are also primary data users for a certain use case, then they could drive market costs down significantly by making a scheme API available with standardized data. Then the data standardization costs/efforts would not be needed by the data users, as the data they will get will already be standardized. This is a much more realistic grounds for data holders to stand on and decide how much a service should cost; versus just guessing - as would be seen in scenario 1.

What is the FIDA permission dashboard?

The FIDA Permission Dashboard is one of the most important tools mandated by the regulation. It is a user-centric interface that allows individuals to manage their data-sharing permissions across different financial institutions and third-party providers.

Through this dashboard, consumers can view which companies have access to their data, revoke access at any time, and even set limits on how long their data can be shared. This puts the control squarely in the hands of the consumer, enhancing trust in digital financial services. Moreover, the dashboard will help to track data usage and ensure compliance, making it easier for consumers to safeguard their personal information.

What is a permission dashboard?

Each data holder will be responsible for developing and operating consumer permissions dashboards to help their customers manage the data they have chosen to share. For example, the dashboards should allow a customer to get an overview of whom they have shared data with, which data points were shared, and also allowing them to revoke the data receiver’s access to that data

Frequently asked questions.

FIDA covers a wide range of financial data. Any data that financial institutions hold about its customers and could be shared for the provision of financial services falls under the scope of FID. This includes data like personal and non personal data about a customer, all data collected about a customer during their onboarding, and all processed data created during a normal course of business with a customer.

A wide range of companies and entities will have to share data under FIDA. They include insurance and reinsurance companies, insurance brokers, pension providers, investment firms and fund managers, credit and payment institutions, credit rating agencies, and crypto firms.

FIDA covers a wide range of accounts, including;

-Mortgage credit agreements and loans

-Savings accounts

-Investment accounts

-Crypto accounts

-Occupational pensions and personal pensions

-Non-life insurance products (excluding sickness and health)

-Data required for credit ratings.

Data will be shared digitally in real time, digitally, after a consumer has initiated a data collection. Compliance will be mandatory for affected entities.

Both FIDA and PSD3 are pivotal in promoting financial transparency and customer empowerment.

The main difference is their scope: while FIDA focuses on the broader financial data across various institutions, PSD3 specifically targets payment services, revolutionizing the way transactions are made. Therefore, payments accounts, and its associated data, are not included in scope for FIDA’s data sharing regulation.

Examples of customer data categories covered by FIDA are, non-life insurance (excluding medical and health), pensions, savings, loans, and mortgages. FIDA gives a consumer access to their customer data for these types of accounts, allowing them to take control of their personal and non-personal data that is collected, stored and otherwise processed by a financial institution as part of their normal course of business with customers; which covers both data provided by a customer and data generated as a result of customer interaction with the financial institution.

FIDA and PSD3 share common ground in that they will both increase consumer access to their financial data, resulting in an empowered EU citizen. Additionally, both take steps to protect the consumer and give them greater control through data sharing permission dashboards; enable the consumer to easily see who they have shared their financial data with, what data was shared, and empower them to revoke access to that data.

Data privacy is very important to us, and our data is always safe to collect and use. We do not collect any data without explicit consent from the consumer, which can be given in several ways. In single sign on markets, we use digital authentication for consumers (for example throughBankID in Sweden). In non-single sign on markets, consumers authenticate themselves with the username and password, and as they are part of the authentication process themselves they will also get a potential second factor authentication and are able to enter it themselves.

Incentivization is a key topic to make data sharing work. First and foremost, the core incentive should be to empower EU citizens to make more financially literate decisions through the use of open data. As FIDA states in Article 4, this should be free for consumers. Secondly, cost/fees should be proportional to the workload put in by the party. In our proposed approach, data holders are now carrying out minimal effort to comply with FIDA; they are required to make data available, much of which is already available in real time on a User Interface (e.g. MyPages, customer App, etc) via a Web API. The majority of the effort will be on data users or on FISPs (third party providers) to standardize all of the data in different formats from the data holders. FISPs can charge their customers, data users, a free market based fee for these services. This approach lets market forces hone in on the optimal rate for providing these services.

Why FIDA matters now: The regulation explained.

How can schemes work in practice?

Are long term data holder driven schemes possible in the future?

What is a permission dashboard?

Frequently asked questions.