EC Consults on PSD2 and Open Finance; EU Reaches Agreement on DORA

Public consultation on PSD2 and open finance. The purpose of the public consultation is to gather evidence on the application and impact of the revised PSD2, and to inform EC’s work on open finance. With respect to PSD2, the consultation includes questions related to payment methods used physically and online, innovations in payments market, new payment service providers, digital payments, and payment fraud, among others. With respect to open finance, the consultation includes questions related to data sharing with other financial or third-party service providers, security and/or privacy risks in sharing data with other service providers, and dedicated technical infrastructure for exchanging data between different service providers, among others. The consultation is open for comments until August 02, 2022.

Targeted consultation on PSD2. This consultation will inform EC on the application and impact of PSD2, taking into consideration, among others, developments in the payments market, payment needs of users, and the need for possible amendments. The consultation will allow the stakeholders with more in-depth and technical knowledge to share their views and support the assessment as well as to enable EC to decide whether European Union-coordinated action and/or policy measures are warranted. The consultation is open for comments until July 05, 2022.

Targeted consultation on open finance framework. The objective of this targeted consultation is to gather evidence and stakeholder views on various aspects related to the state of play and further development of open finance in the European Union and effective customer protection. The consultation seeks stakeholder views on the use of aggregated supervisory data for research and innovation and on broader questions of data sharing among financial firms for risk monitoring or compliance purposes. This targeted consultation also covers certain additional data-sharing issues beyond open finance. It seeks views on the need to enhance legal certainty about the possibility to make supervisory data available more extensively for research and innovation and about the possibility for financial institutions to exchange information and data to improve risk monitoring or compliance, while protecting data confidentiality. The consultation is open for comments until July 05, 2022.

Provisional agreement on DORA. DORA sets uniform requirements for the security of network and information systems of companies and organizations operating in the financial sector as well as critical third parties that provide information communication technologies (ICT)-related services, such as cloud platforms or data analytics services, to these companies and organizations. Under the provisional agreement, the new rules will constitute a robust framework that boosts the information technology security of the financial sector. Auditors will not be subject to DORA but will be part of a future review of the regulation, where a possible revision of the rules may be explored. Regarding the oversight framework, the co-legislators agreed to opt for an additional joint oversight network, which will strengthen coordination, between the European Supervisory Authorities, on this cross-sectoral topic. Regarding the interaction of DORA with the Network and Information Security (NIS) Directive, under the provisional agreement, financial entities will have full clarity on the different rules on digital operational resilience they need to comply with.

Related Links

• Public Consultation on PSD2 and Open Finance
• Targeted Consultation on PSD2
• Targeted Consultation on Open Finance Framework
• Press Release on Provisional Agreement on DORA

Keywords: Europe, EU, Banking, PSD 2, Third-Party Service Providers, Open Finance, Data Sharing, DORA, Regtech, Operational Risk, Cyber Risk, Operational Resilience, European Council, EC, API, API Standardization, Open Banking, Cloud Service Providers, Headline