PSD2 / Open Banking AI Compliance Template

Payment Service Directive 2 (PSD2) and the UK Open Banking regime enable third-party providers to access customer bank accounts with consent. AI-powered fintech products using Open Banking APIs must comply with PSD2, UK Open Banking standards, and GDPR.

Quick Answer

Fintech products using Open Banking APIs must be FCA/NCA-registered as AISP or PISP. Strong Customer Authentication is mandatory for account access and payment initiation. GDPR consent must be explicit and purpose-limited. AI-driven financial recommendations built on account data trigger EU AI Act High Risk classification.

Compliance Checklist (8 items)

Obtain authorisation from the FCA (UK) or relevant NCA (EU) as an AISP (Account Information Service Provider) or PISP (Payment Initiation Service Provider)
Implement Strong Customer Authentication (SCA) compliant with RTS on SCA — dynamic linking for payment initiation
Obtain explicit GDPR consent before accessing account data — consent must be specific, informed, and revocable
Use data only for the purpose consented — do not profile customers from transactional data without separate consent
Connect to banks via regulated Open Banking APIs (UK: OBIE standards; EU: Berlin Group NextGenPSD2)
Implement secure communication using eIDAS certificates for API authentication
Publish clear disclosures on data use, retention periods, and how customers can revoke access
Apply AI Act requirements if you use AI to make credit or financial recommendations from account data

Penalty if not compliant

Operating as an unregistered AISP/PISP: FCA enforcement, unlimited fines, and prohibition. GDPR violations for misuse of financial data: up to €20M / 4% turnover. PSD2 SCA failures: FCA fines and liability for fraudulent transactions.

Need this turned into a real document?

Our compliance sprint service delivers production-ready documents tailored to your organisation in 5–15 business days. A senior compliance specialist reviews every document before delivery.

Get Expert Help →Browse All Templates

PSD2 complianceOpen Banking complianceAISP PISP authorisationStrong Customer Authenticationfintech GDPROpen Banking AI