Is open banking legal in the UK?

News

Is open banking legal in the UK?

Yes, open banking is entirely legal in the UK. It was mandated by the Competition and Markets Authority (CMA) in 2016 and is governed by the Payment Services Regulations 2017. The Financial Conduct Authority (FCA) supervises all regulated open banking providers. It operates under a strict consent-based framework — your data can only be shared with your explicit permission.

What law governs open banking in the UK?

Open banking in the UK is primarily governed by the Payment Services Regulations 2017 (PSRs 2017), which implemented the EU’s PSD2 directive into UK law. Following Brexit, the UK retained these regulations and has been developing a tailored post-Brexit framework under the direction of the Joint Regulatory Oversight Committee (JROC), established in 2022.

Who regulates open banking providers in the UK?

The FCA is the primary regulator for open banking providers, known as Third Party Providers (TPPs). These include Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs). All must be registered on the FCA’s Financial Services Register. Open Banking Ltd has overseen the technical standards and API infrastructure since the CMA’s 2016 mandate.

Open Banking in Practice: The UK’s open banking regime is one of the most developed in the world, originating from the CMA’s 2016 mandate requiring the nine largest UK banks to share customer data via standardised APIs. The JROC published its 2023 roadmap for the next phase of open banking, with a focus on expanding to Variable Recurring Payments (VRPs). Read more about the UK regulatory framework on openfuture.world.

FAQ

Can banks refuse to implement open banking in the UK?

No — the nine largest UK banks are legally required by the CMA to provide open banking APIs to authorised third parties.

Is open banking the same as screen scraping?

No — open banking uses secure regulated APIs, while screen scraping involved apps accessing accounts using your login credentials directly.

Does post-Brexit law still support open banking in the UK?

Yes — the UK retained PSD2 regulations post-Brexit and is now developing its own enhanced open banking framework through JROC.