EU-rammeverk for tilgang til finansielle data
BAKGRUNN (fra Kommisjonens pressemelding 28.6.2023)
The European Commission has today put forward proposals to bring payments and the wider financial sector into the digital age. Today's new rules will further improve consumer protection and competition in electronic payments, and will empower consumers to share their data in a secure way so that they can get a wider range of better and cheaper financial products and services. These proposals place consumers' interests, competition, security and trust at their centre.
The payment services market has changed significantly in recent years. Electronic payments in the EU have been constantly growing, reaching €240 trillion in value in 2021 (compared with €184.2 trillion in 2017). This trend was accelerated by the COVID-19 pandemic. New providers, enabled by digital technologies, have entered the market, in particular providing ‘open banking' services – i.e. securely sharing financial data between banks and financial technology firms (‘fintechs'). More sophisticated types of fraud have also emerged, putting consumers at risk and affecting trust.
In response to these developments, today's package seeks to ensure the EU's financial sector is fit for purpose and capable of adapting to the ongoing digital transformation, and the risks and opportunities it presents – in particular for consumers.
That is why the Commission has today proposed two sets of measures:
- Revising the Payment Services Directive:
Today's proposal will amend and modernise the current Payment Services Directive (PSD2) which will become PSD3 and establish, in addition, a Payment Services Regulation (PSR). It consists of a package of measures which:
- Combat and mitigate payment fraud, by enabling payment service providers to share fraud-related information between themselves, increasing consumers' awareness, strengthening customer authentication rules, extending refund rights of consumers who fall victim to fraud and making a system for checking alignment of payees' IBAN numbers with their account names mandatory for all credit transfers.
- Improve consumer rights, in cases for example where their funds are temporarily blocked, improve transparency on their account statements and provide more transparent information on ATM charges.
- Further levelling the playing field between banks and non-banks, in particular by allowing non-bank payment service providers access to all EU payment systems, with appropriate safeguards, and securing those providers' rights to a bank account.
- Improve the functioning of open banking, by removing remaining obstacles to providing open banking services and improving customers' control over their payment data, enabling new innovative services to enter the market.
- Improve the availability of cash in shops and via ATMs, by allowing retailers to provide cash services to customers without requiring a purchase and clarifying the rules for independent ATM operators.
- Strengthen harmonisation and enforcement, by enacting most payment rules in a directly applicable regulation and reinforcing provisions on implementation and penalties.
This proposal ensures consumers can continue to safely and securely make electronic payments and transactions in the EU, domestically or cross-border, in euro and non-euro. Whilst safeguarding the rights of customers, it also aims to provide greater choice of payment service providers on the market.
- Legislative proposal for a framework for Financial Data Access:
This proposal will establish clear rights and obligations to manage customer data sharing in the financial sector beyond payment accounts, namely:
- Possibility but no obligation for customers to share their data with data users (e.g. financial institutions or fintech firms) in secure machine-readable format to receive new, cheaper and better data-driven financial and information products and services (i.e. such as financial product comparison tools, personalised online advice)
- Obligation for customer data holders (e.g. financial institutions) to make this data available to data users (e.g. other financial institutions of fintech firms) by putting in place the required technical infrastructure and subject to customer permission.
- Full control by customers over who accesses their data and for what purpose to enhance trust in data sharing, facilitated by a requirement for dedicated permission dashboards and strengthened protection of customers' personal data in line with the General Data Protection Regulation (GDPR).
- Standardisation of customer data and the required technical interfaces as part of financial data sharing schemes, of which both data holders and data users must become members.
- Clear liability regimes for data breaches and dispute resolution mechanisms as part of financial data sharing schemes so that liability risks do not act as a disincentive for data holders to make data available.
- Additional incentives for data holders to put in place high-quality interfaces for data users through reasonable compensation from data users in line with the general principles of business-to-business (B2B) data sharing laid down in the Data Act proposal (and smaller firms will only have to pay compensation at cost).
In practice, this proposal will lead to more innovative financial products and services for users and it will stimulate competition in the financial sector. For example, consumers will benefit from improved personal finance management and advice. Previously burdensome processes such as comparison services or switching to a new product will become smoother and cheaper, including for example, automated processing of mortgage applications. SMEs would also be able to access a wider range of financial services and products, such as more competitive loans resulting from their creditworthiness data being more easily accessible.
Background and next steps
Today's proposal fulfils a key commitment in the Commission's 2020 Retail Payments Strategy, by ensuring the rules applicable to the EU retail payments industry remain fit for purpose, taking in account market developments, as well as promoting the development of instant payments in the EU. On that front, it complements the Commission's proposal from 2022 for a Regulation to make instant payments in euro available to all citizens and businesses holding a bank account in the EU and in EEA countries.
In parallel, the Financial Data Access proposal contributes to the commitment set out in the 2020 Digital Finance Strategy to put in place a European financial data space. Overall, this financial sector initiative fits into the broader European data strategy and builds upon the key principles for data access and processing set out in its accompanying initiatives, such as the Data Governance Act, the Digital Markets Act and the Data Act proposal.