The opinions expressed here are those of the authors. They do not necessarily reflect the views or positions of UK Finance or its members.

This blog is co-written by Claire Harrop, Partner, Freshfields LLP, London, David Sewell, Partner, Freshfields LLP, New York, Daniel Klingenbrunn, Principal Associate, Freshfields LLP, Frankfurt, and Christopher Bernard, Senior Knowledge Lawyer, Freshfields LLP, London

However, for open banking to be a success, it must be commercially viable, and a number of other considerations need to be addressed. 

In a recent webinar, a panel of senior lawyers from Freshfields LLP—Claire Harrop in London, Daniel Klingenbrunn in Frankfurt, and David Sewell in New York—discussed how the future of open banking is unfolding in their respective jurisdictions. They were joined by Rob Driver from UK Finance, who explained the industry’s role in helping to develop a sustainable commercial model in the UK. In this blog post, we summarise the current position in the EU and the US.

The EU: from open banking to open finance

The EU first introduced the framework for open banking with the adoption of the second Payment Services Directive (PSD2) in 2015 and is now seeking to bolster its rollout through further changes to the Payment Services Directive (PSD3), accompanied by a new Payment Services Regulation (PSR), as well as a proposed new regulation on financial data access (FIDA). 

The legislative package is intended to make open banking work better in the EU by facilitating the sharing of data by financial institutions and giving customers more control over their data. The PSR would require account servicing payment service providers (ASPSPs) to put in place a dedicated data access interface, as well as a dashboard to enable users to manage data access permissions.

FIDA would go even further, enabling the sharing of a broader set of data beyond payment accounts by a wider range of institutions (such as credit institutions, investment firms, insurance companies and asset management companies). If adopted, it would likely require a significant investment by the financial sector in the IT infrastructure needed to allow real-time data sharing in accordance with new market standards. 

There were rumours earlier this year that the European Commission was going to withdraw the FIDA proposal as part of its deregulatory drive, but the regulation was included in the Commission’s 2025 work programme. Trilogue negotiations are expected to continue into the second half of the year. 

The US: an uncertain future for open banking

The US has been slower to endorse open banking than other jurisdictions. Even though the Dodd-Frank Act of 2010 envisaged the creation of an open banking framework, it was not until October 2024 that the Consumer Financial Protection Bureau (CFPB) finalised a rule to put open banking into practice.  

The CFPB’s rule requires many types of financial institutions—most notably banks and payments providers—to make consumer data available on request and without charge to the consumer or an authorised third party, and to establish and maintain interfaces to receive and respond to requests for covered data. It also establishes a process for industry standard-setting bodies to promulgate data security and privacy standards governing the regime.

The rule took effect in January 2025 and set up a tiered compliance schedule, with larger institutions required to comply beginning in April 2026 and full implementation envisaged by April 2030.

However, the CFPB’s rule has encountered resistance from the financial services industry. Unlike other jurisdictions, the rule does not apportion or limit liability for data breaches and/or fraud, and setting up APIs so that consumers or authorised third parties can access data would entail a significant cost that data holders are not allowed to charge for. There are also concerns around data privacy. 

The rule was immediately challenged by a lawsuit in federal court, alleging that the CFPB had exceeded its statutory authority. Following the inauguration of President Trump, the lawsuit was stayed to allow time for a new leader of the CFPB to be endorsed by the US Senate. The CFPB also agreed to toll the compliance deadlines.  

John McKernan, the president’s nominee to be the new CFPB head, is a critic of overregulation and has expressed his disapproval of the open banking rule. While he would not have the unilateral power to revoke the rule, he could commence a formal recission process. The Republican-led Congress could also use the Congressional Review Act (CRA) to revoke the rule, which was adopted during the last 60 working days of the previous Congress and therefore falls within the CRA’s lookback window.

As a result, the future of open banking in the US is very uncertain, though it should become clearer over the course of 2025.