Open Banking for the Mittelstand: What is already possible before PSD3
6 Min. Read Time
Providers’ pitches promise 15 percent lower financing costs through Open Banking. The honest answer for medium-sized businesses in 2026: Most of it is still a proposal, not yet a law. What already works today is still more than most businesses utilize.
Key Takeaways
PSD3 is not yet a law: The proposal has been up for approval since April 2026 and is expected to come into effect in 2027 after a transitional period. Waiting for it means missing out on two years.
Open Banking is already here: PSD2 is sufficient to productively use account data APIs and automated liquidity analyses. The technology doesn’t wait for the legislator.
FIDA is the real lever: The planned Financial-Data-Access Regulation opens up much more than just payment accounts, but is still in the trilogue. Setting up a clean data foundation now pays off as soon as it takes effect.
What’s already in effect in 2026 and what’s still a draft
The key distinction is rarely mentioned in sales materials. Open Banking in the legal sense currently operates under PSD2, the Payment Services Directive from 2018. It is in effect, and licensed third-party providers can access account data with your consent, which is the basis for automated creditworthiness and liquidity analyses. MiCA, the regulation for crypto-assets that has been in effect since 2024, comes into play only when e-money tokens or crypto-based payments are added.
PSD3 and the accompanying Payment Services Regulation, on the other hand, have not yet come into force. The text was submitted to national representatives for approval in April 2026, and the political agreement was reached in November 2025. Realistically, the package will not take effect until 2027, after a transition period of around 21 months. It will then replace PSD2 and the E-Money Directive EMD2, and will tighten up fraud prevention, liability, and API access.
The crucial component for data access is actually called FIDA, Financial Data Access. This regulation would extend Open Banking beyond payment accounts to include loans, mortgages, insurance, and old-age provision. It is still in the trilogue between the Commission, Parliament, and Council in spring 2026. So, anyone looking for a specific date for the major opening will not get a serious answer.
What does this mean in practice? A company that aggregates its account movements across multiple banks via API sees its liquidity in real-time instead of on a monthly basis. This data basis changes financing discussions. When presenting current, verified numbers to the lender instead of a three-month-old statement, you negotiate from a different position. This is already possible today with PSD2 and does not wait for the next regulation.
Regulatory Roadmap
Today
PSD2 and MiCA are in effect. Account data APIs and third-party provider access are available.
2026
PSD3 and PSR pending adoption, publication in the Official Journal expected.
FIDA
Still in trilogue. Extends data access beyond payment accounts.
2027
Expected entry into force of PSD3 and PSR after transition period.
Three steps medium-sized businesses can take now
The good news for practice: You don’t need PSD3 to get started. The building blocks are in place. The effort lies in the clean implementation, waiting for Brussels only costs time. Three steps put a medium-sized business in a position where later regulatory changes are an advantage rather than a strain.
Three steps to implementation
1
Check API availability with your house bank. Not every bank provides productive PSD2 interfaces of the same quality. Clarify data scope, availability, and whether a licensed aggregator needs to be interposed.
2
Connect to your own financial software. The benefit only arises when account data flows into ERP, DATEV, or the treasury tool. This is where it is decided whether the API access becomes an automated liquidity view or just another dashboard.
3
Document consent and data protection. Every access requires verifiable consent and clean deletion logic. This is not formalism, but exactly the part that regulators will examine more strictly under PSD3.
Step two stands out. In two out of three connection projects I’ve seen, the problem was never with the bank API. It was with the missing connection behind it. The data arrived and remained unused.
The three implementation steps at a glance. Image: AI-generated
Build yourself or use a service provider: the honest assessment
The next decision separates theory from project reality. A proprietary API connection provides maximum control but ties up developer capacity and legal review. A specialized Open Banking service provider is faster to connect but shifts part of the data sovereignty to the outside. Both are justifiable, depending on size and IT maturity.
Proprietary connection
Full data sovereignty and control over licensing
Higher initial and maintenance effort
Worth it with your own IT team and multiple bank connections
Service provider
Fast connection, one license covers many banks
Dependence on provider’s roadmap and pricing model
Suitable for lean teams without in-house payment expertise
Important with the service provider option is a contract clause for data portability. If you can’t take your connections with you without rebuilding, you’re trading one dependency for another.
What Matters When Preparing for PSD3 and FIDA
Those who set up properly today won’t need to rebuild in 2027. Three things are crucial for this. Consent management should be granular from the start, as PSD3 increases the requirements for demonstrable consent. The data models should be in place so that a later FIDA extension to credit or insurance data can be seamlessly integrated. And contracts with service providers need exit clauses before dependency grows.
The 15 percent mentioned in sales materials cannot be guaranteed seriously. Only one thing can be guaranteed: a head start. Businesses that make their financial data interoperable now make financing decisions based on better data and can negotiate terms instead of accepting them. This is the leverage that works before any law change.
Frequently Asked Questions
Is PSD3 already in effect, and do I need to act now?
No. PSD3 is a proposal that is expected to be adopted in 2026 and will likely come into effect in 2027 after a transitional period. However, it’s still worth acting now, as Open Banking is already available through PSD2 and MiCA.
What is the difference between PSD3 and FIDA?
PSD3 regulates payment services and replaces PSD2. FIDA, the Financial Data Access Regulation, would extend data access beyond payment accounts to include loans, insurance, and retirement savings. FIDA is still in the trilogue phase as of early 2026.
What role does MiCA play for medium-sized businesses?
MiCA is the EU regulation for crypto-assets. It is relevant when e-money tokens or crypto-based payments are involved, and the PSD3 package deliberately delineates responsibilities against MiCA to avoid double regulation.
Is a direct API connection or a service provider worthwhile?
A direct connection is worthwhile with an in-house IT team and multiple bank connections. Lean teams can move faster with a licensed service provider but should ensure data portability in the contract to avoid future dependency.
Does Open Banking really reduce financing costs?
Blanket percentage promises are not credible. The real effect comes from a better data basis: Those who can automatically demonstrate liquidity and creditworthiness negotiate terms from a stronger position. The extent depends on creditworthiness, bank, and negotiation.
You are currently viewing a placeholder content from Turnstile. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
You are currently viewing a placeholder content from Facebook. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
You are currently viewing a placeholder content from Hubspot Embedded Content. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
You are currently viewing a placeholder content from HubSpot. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
You are currently viewing a placeholder content from Hubspot Meetings. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
You are currently viewing a placeholder content from Instagram. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
You are currently viewing a placeholder content from Newsletter2Go. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
You are currently viewing a placeholder content from X. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
