Open Banking API Standards: UK, EU, and Global Landscape

Open banking has moved from regulatory mandate to commercial infrastructure in the UK and EU, and is gaining traction globally as financial services ecosystems recognise the competitive and efficiency benefits of standardised data access. But the fragmented landscape of competing API standards — OBIE in the UK, Berlin Group NextGenPSD2 in the EU, FDX in the US, and various national implementations — creates a multi-standard compliance challenge for payment firms and fintechs operating across jurisdictions.

UK Open Banking: OBIE and the Post-OBIE Transition

The Open Banking Implementation Entity (OBIE) was established by the CMA in 2016 following the retail banking market investigation, mandating the nine largest UK banks (CMA9) to implement standardised APIs enabling third-party access to account data and payment initiation. The OBIE standards — now at version 3.1.x — define the API specifications for Account Information Services (AIS) and Payment Initiation Services (PIS) that all CMA9 banks must support.

The OBIE itself was wound down in 2023 and replaced by a new Joint Regulatory Oversight Committee (JROC) structure, with the FCA and PSR jointly overseeing open banking development. The transition has involved establishing a new long-term entity (the Future Entity) to govern the open banking ecosystem, including the API standards that participants must meet. The UK's open banking ecosystem has matured significantly: over 7 million consumers and businesses regularly use open banking-enabled services, and the technology is embedded in personal finance management, accountancy software, and payment initiation for both consumer and B2B applications.

For payment firms, the key change in the post-OBIE transition is a gradual movement toward Variable Recurring Payments (VRPs) as a payments mechanism — allowing pre-authorised recurring payments from bank accounts without requiring re-authentication for each transaction. VRPs have the potential to compete directly with Direct Debit and card-on-file for subscription and recurring payment use cases, but adoption has been slow due to limited commercial bank support beyond the CMA9.

Berlin Group NextGenPSD2

In the EU, the Berlin Group — a pan-European payments interoperability standards initiative — developed the NextGenPSD2 Framework as a common API standard for PSD2 implementation. Unlike the UK's approach of mandating a single standard (OBIE) for major banks, the EU allowed multiple standards implementations, resulting in NextGenPSD2, STET (primarily France), and Poland's PolishAPI coexisting in the market alongside numerous proprietary bank implementations.

The European Banking Authority (EBA) has pushed for greater standardisation, and the Berlin Group's NextGenPSD2 has emerged as the closest thing to a de facto EU standard, with wide adoption across German, Austrian, Dutch, and Nordic banks. The standard defines the XS2A (Access to Account) API for AIS and PIS, with implementation profile versions at 1.3.x and increasingly 2.x.

The EU's PSD3 (Payment Services Directive 3) and PSR (Payment Services Regulation) proposals — expected to be finalised in 2025-2026 — include provisions to mandate greater API standardisation and quality requirements, addressing the fragmentation that has hampered cross-border open banking development in the EU market.

FDX in the United States

The US open banking landscape has developed without regulatory mandate — unlike the EU and UK, there has been no legislative requirement for banks to provide open APIs. Instead, data access has largely been driven by screen scraping (where third parties access accounts using customer credentials) and bilateral data sharing agreements.

The Financial Data Exchange (FDX) has emerged as the leading industry-led standard for financial data APIs in the US, with over 200 member organisations including major banks, data aggregators, and fintech companies. FDX API standards cover account data, investment data, insurance data, and tax information, with the FDX 5.0 and subsequent releases progressively expanding scope and adoption.

The CFPB (Consumer Financial Protection Bureau) issued its final rule under Section 1033 of the Dodd-Frank Act in 2024, establishing a regulatory framework for consumer financial data access that effectively mandates banks to provide API-based access to consumer financial data. The rule references industry standards including FDX as implementation guidance, accelerating the transition from screen scraping to API-based data access in the US market.

API Quality Requirements

Across all open banking regimes, API quality is a persistent challenge. Banks that technically comply with API requirements but implement poorly performing, unreliable, or feature-incomplete interfaces frustrate TPPs (Third Party Providers) and undermine the open banking value proposition. The EBA's RTS on Strong Customer Authentication specifies that banks must ensure their dedicated PSD2 interfaces perform equivalently to the customer-facing banking interface, and the FCA's requirements for CMA9 open banking APIs set performance benchmarks that banks must meet.

For TPPs building products on open banking APIs, API quality affects both product performance and compliance posture. A TPP whose AIS product cannot reliably access account data because of API downtime may inadvertently deliver inaccurate account aggregation, creating potential liability. Monitoring API provider performance and building graceful degradation into product design is standard practice for experienced open banking developers.

Payment Initiation and Account Information Use Cases

The commercial value of open banking for payment firms lies primarily in two categories: payment initiation (replacing card payments with direct bank transfers) and account information (enabling data-driven credit, KYC, and financial management services). Payment initiation is particularly compelling for high-value B2B payments where card interchange costs are significant, and for recurring payment use cases where the open banking Variable Recurring Payment mechanism can reduce reliance on card-on-file. Account information services enable real-time verification of bank account ownership (reducing payment fraud), income and expenditure analysis (supporting credit decisions), and open banking-based KYC (replacing bank statement uploads with real-time data access).