Introduction to EU’s Financial Data Access (FiDA) proposal

If you operate in finance or insurance—and fall into one of the categories below—you cannot afford to ignore the EU’s Financial Data Access (FiDA) proposal.

1. Credit institution
2. Payment institution
3. Electronic money institution
4. Investment firm
5. Crypto-asset service provider
6. Issuer of asset-referenced tokens
7. Manager of alternative investment funds
8. Management company of undertakings for collective investment in transferable securities
9. Insurance undertaking
10. Insurance intermediary or ancillary insurance intermediary
11. Institution for occupational retirement provision
12. Credit rating agency
13. Crowdfunding service provider
14. PEPP provider

In summer 2023, the European Commission proposed a framework to bring financial sector into the digital age.

As you can see from the list above, FiDA aims to cover nearly all EU-regulated financial services.

The proposal seeks to establish clear rights and obligations for managing customer data sharing across the financial sector—beyond just payment accounts. This includes insurance and pensions.

Under FiDA, individuals and businesses (including SMEs) could choose—but are not obliged—to share their data (collected, stored, and processed by financial institutions during regular interactions) with third-party data users in a secure, machine-readable format.

The goal is to enable access to newer, cheaper, and better data-driven financial and information products and services—while acknowledging that risks such as ICT vulnerabilities, cybersecurity, and data protection must be carefully managed.

Key components of the FiDA framework include:

• Possibility but no obligation for customers to share their data with data users (e.g. financial institutions, insurtech or fintech firms) in secure machine-readable format to receive new, cheaper and better data-driven financial and information products and services (i.e. such as financial product comparison tools, personalised online advice).
• Obligation for customer data holders (e.g. financial institutions) to make data available to data users (e.g. other financial institutions or fintech firms) by putting in place the required technical infrastructure and subject to customer permission.
• Full control by customers over who accesses their data and for what purpose to enhance trust in data sharing, facilitated by a requirement for dedicated permission dashboards and strengthened protection of customers' personal data in line with the General Data Protection Regulation (GDPR).
• Standardisation of customer data and the required technical interfaces as part of financial data sharing schemes, of which both data holders and data users must become members.
• Clear liability regimes for data breaches and dispute resolution mechanisms as part of financial data sharing schemes so that liability risks do not act as a disincentive for data holders to make data available.
• Additional incentives for data holders to put in place high-quality interfaces for data users through reasonable compensation from data users in line with the general principles of business-to-business (B2B) data sharing laid down in the Data Act (and smaller firms will only have to pay compensation at cost).

Where are we in the negotiation process?

On 4 December 2024, the Council of the EU reached agreement on its position regarding the proposed FiDA framework, which aims to enable mutual access to customer data among financial institutions.

The first trilogue took place in early April 2025, with further trilogue discussions likely continuing into May.

This is an ideal time to get up to speed with the FiDA proposal, its current status, and its potential impact on your business. If you need help with that see here how we can work together and feel free to reach out to me directly.