If you've moved money inside a budgeting app, seen your salary appear in Revolut from another bank, or clicked "pay by bank" at an EU checkout in the past 18 months, you've used open banking. You probably didn't notice — and that's exactly the point. The most consequential change to European retail finance since SEPA Instant has rolled out without ceremony, app-store updates, or a single billboard.
Here's what's actually changing in 2025, what it unlocks for everyday readers, and where the trade-offs are hiding.
A two-minute refresher on PSD2
The EU's PSD2 directive, fully in force since 2019, forced banks to publish APIs that let licensed third parties read account data and initiate payments — but only with the customer's explicit consent. In practice, that meant tools like budgeting apps (Emma, Lunchmoney), challenger banks (Revolut, N26) and merchant-facing payment services could plug into your bank.
Six years later, those APIs have matured. Coverage across major EU banks is approaching universal, latency has dropped, and authentication has standardised on EU eIDAS-aligned biometrics.
What this actually unlocks in 2025
- One-click multi-bank views. Tools like Revolut Connect, Lunchmoney, and your bank's own app can pull live balances from every account you hold across the EU into a single dashboard.
- Account-to-account payments at checkout. Retailers like Klarna, GoCardless and Trustly can move money directly from your bank account, bypassing card networks and saving merchants on interchange.
- Smarter credit decisions. Lenders can verify income and spending patterns in seconds without forcing you to email bank statements as PDFs.
- Better budgeting categories. Apps no longer guess what's a "grocery" expense — they read the merchant code straight from your bank.
The catch nobody mentions on marketing pages
"Every connection is a relationship. Every relationship has an expiry. And in open banking, that expiry is usually 90 days — after which you'll have to re-authenticate or your nice multi-bank dashboard goes dark."
The 90-day re-authentication rule is one of the most common reader complaints we receive. Regulators introduced it for security reasons, but the EBA has signalled that it will be relaxed in the upcoming Payment Services Regulation (PSR) — possibly to 180 days or with risk-based exemptions.
FIDA: the upgrade most readers haven't heard of
The Financial Data Access Regulation (FIDA), making its way through EU institutions, extends the open banking idea beyond payments — into pensions, investment accounts, mortgages and insurance. If it lands as currently drafted, EU residents will be able to consent to share data from any regulated financial product, not just a current account.
The implication for personal finance apps is significant. Tools like Plum, Yolt-style aggregators and challenger banks could finally show your entire net worth in one place — accurately, in real time, without manual CSV uploads.
Three risks to keep in your peripheral vision
- Consent fatigue. If every app asks for read access to your bank, you'll click through faster — and accidentally grant more than intended.
- Data brokering. Some "free" budgeting tools monetise aggregated, anonymised transaction data. Read the privacy policy before connecting, not after.
- Liability gaps. If a third-party app is hacked and your bank balance disappears, EU rules give you strong recourse — but the dispute still takes weeks. Treat your primary current account like a vault, not a sandbox.
How to use open banking smartly in 2025
Our editors' shared default looks like this:
- Use one trusted aggregator (your primary bank or a regulated PFM app) for the dashboard view.
- Connect only to apps with clear, EU-based licenses and explicit data-retention policies.
- Reauthorise quarterly and revoke any connection you haven't used in 30 days.
- Pay by bank at checkout where you want to avoid card fraud — but keep card payments for higher-risk merchants where Section 75 / chargeback protection still matters.
