The EU’s Financial Data Access (FiDA) regulation is designed to expand open finance in the EU beyond payment accounts, creating standardized rules for how financial institutions share customer-permissioned data, explicitly including crypto assets.
For fintechs, banks, and market infrastructure providers, FiDA is less about “more APIs” and more about operating a compliant data-access model across products, entities, and jurisdictions.
Data sharing obligations for financial institutions: who does what under FiDA
FiDA sits inside a broader EU push to create a single market for data, alongside initiatives like the European data strategy and digital finance strategy. It complements the EU Data Act and builds on the direction set by PSD2 and PSD3, but with a wider scope than payment account data.
How sharing is organized: Financial Data Sharing Schemes (FDSS)
Under the proposal, data sharing is governed through Financial Data Sharing Schemes (FDSS), which are framework agreements among data holders, data users, and representative customer/consumer organizations. The intent is to standardize how members manage access, interfaces, and operational rules, while keeping the model industry-led.
Obligations of data holders
A data holder must make requested customer data available to the customer electronically, without undue delay, free of charge, on an ongoing basis, and in real time. When sharing with an authorized data user, the holder must provide data in a standardized format at the same quality as the holder’s own access, maintain secure communication, ensure the data user can prove it has the customer’s permission, and provide an authorization management dashboard so the customer can monitor, renew, and revoke permissions.
Obligations of data users
A data user must use data only for the specific purposes tied to the service the customer explicitly requested, respect trade secrets and IP rights, implement adequate security measures for storing and transmitting nonpersonal data, and not use customer data for advertising except where permitted by EU and national law.
How this connects to payments and stablecoin rails
For payments leaders, the practical implication is that financial data increasingly spans onboarding and suitability data, product holdings and performance, and crypto-asset-related data. That affects how payment providers, stablecoin issuers, custodians, and platforms design consent flows, dashboards, and downstream data controls.
Scope of regulated data (including crypto assets)
FiDA’s proposal requires data accessibility across multiple product categories and explicitly names crypto assets, placing crypto data on the same regulatory footing as traditional financial products. In-scope categories include mortgages, loans, and accounts; savings and investments including crypto assets; retirement products; non-life insurance products; and creditworthiness assessment data.
Why crypto assets in scope matters operationally
By naming crypto assets directly, FiDA moves crypto-related data sharing from an implicit edge case to a regulated data category. For institutions, that raises three design questions: data mapping (which systems are the system of record for crypto holdings and transfers), consent and purpose limitation enforcement, and security model for personal vs. nonpersonal datasets.
Open finance in the EU: objectives and the compliance baseline
FiDA targets long-standing friction in financial data access: data users have struggled to obtain data from institutions that hold it, access has not been consistently regulated, and interfaces have created cyber risk. FiDA is not just a product requirement — it is a cross-functional program spanning legal, security, data governance, and platform engineering. Non-compliance can trigger material sanctions, including financial penalties, public enforcement actions, and potential restrictions on regulated activity.
Financial information service providers (FISPs): a new regulated actor
FiDA introduces financial information service providers (FISPs), which are entities that can access customer data if authorized by a competent authority in an EU member state. FISPs operating outside the EU can access EU financial data without establishing an EU entity, but must appoint a legal representative in an EU member state from which they intend to access data.
Impact on the financial services industry
FiDA’s impact is likely to be most visible in product design and competitive dynamics: more product variety through third-party access to shared data, more personalized services, more competition with lower barriers for non-incumbents, and higher stakes for security and privacy requiring strong controls and operational resilience compliance.
Timelines for implementation
FiDA would generally take effect 24 months after it becomes law. Provisions on FDSS and FISP authorization requirements would take effect 18 months after it becomes law, with implementation staggered by product category over 24, 36, and 48 months. For large institutions, that timeline is short once you account for procurement, architecture changes, security reviews, and multi-country rollout planning.
Conclusion
FiDA formalizes open finance in the EU across a broader set of financial products and it explicitly includes crypto assets as a required data category.
The practical takeaway for enterprise teams is to treat FiDA as a data-access operating model: consent, purpose limitation, secure interfaces, and auditable controls across internal systems and third parties.
Where blockchain fits: if your payments or treasury stack touches tokenized money or tokenized assets, you’ll want clean system boundaries between onchain activity, offchain customer data, and consent-driven data sharing — all of which a chain like Polygon supports so you can meet EU expectations without slowing down settlement and reconciliation.
What is the EU Financial Data Access (FiDA) regulation?
FiDA is an EU regulation designed to expand open finance beyond payment accounts by standardizing how customer-permissioned financial data is shared across sectors. Unlike PSD2, FiDA explicitly includes investment products, insurance, and crypto assets, placing them under the same data-access and consent framework. This matters for platforms handling tokenized money or stablecoins, where clean separation between onchain activity and customer data becomes a compliance requirement.
How is FiDA different from PSD2 and PSD3?
PSD2 and PSD3 focus primarily on payment account data, while FiDA covers a much broader range of financial data, including savings, investments, insurance, and crypto assets. FiDA also introduces Financial Data Sharing Schemes (FDSS) to standardize access models across markets. For payment and crypto infrastructure providers, this shifts the challenge from “building APIs” to operating auditable consent, purpose limitation, and secure data access at scale.
Does FiDA apply to crypto assets and stablecoins?
Yes. FiDA explicitly names crypto assets as in-scope financial data, meaning customer data related to crypto holdings, transactions, and suitability assessments must be shareable with authorized parties under customer consent. For teams building stablecoin or tokenized payment flows, this reinforces the need for clear system boundaries between onchain settlement layers (for example, Polygon) and offchain customer data systems used for compliance and reporting.
What does FiDA mean for payments and blockchain-based finance?
FiDA treats financial data access as an operating model, not a feature. For payment providers and platforms using stablecoins or tokenized assets, it means designing consent dashboards, authorization controls, and auditable data flows alongside fast settlement. Blockchain networks like Polygon can handle the onchain settlement layer efficiently, but FiDA compliance depends on how offchain customer data, permissions, and downstream data sharing are implemented around that infrastructure.