Digitalisation of the financial sector in transition: Key developments in 2026

FiDA Regulation: legal framework for open finance 

The Financial Data Access (FiDA) Regulation creates a uniform legal framework for the exchange of data between customers, financial institutions and financial information service providers beyond the scope of the PSD2 Directive. It is scheduled to come into force in mid 2026. The focus is on the principle of data control, according to which customers themselves are to determine who has access to their financial data. Financial institutions must provide a dashboard that allows customers to control access to their financial data and retrieve data in real time. Data users only receive the financial data after they have been approved by the customer. Financial institutions must join "Financial Data Sharing Schemes (FDSS)" in order to participate in data exchange. Uniform rules and technical standards are to apply. 

The scope is broad and is intended to include credit, payment, e-money and securities institutions as well as crypto service providers. Companies that wish to retrieve or process financial data within the framework of FiDA require official authorisation as financial information service providers. Large US corporations in particular should not benefit from FiDA and should be excluded from its scope. 

Violations of the FiDA requirements can have significant consequences for companies. Supervisory authorities are authorised to impose substantial sanctions, including heavy fines. 

ESAP Regulation: central database for financial and sustainability information 

The European Single Access Point (ESAP) is intended to create a central database for public financial and sustainability information. The aim is to make it easier for investors to access company data, to better integrate capital markets and to increase transparency. The plan is to gradually incorporate and provide the information and functions. No new information obligations will be introduced, but uniform requirements for the form of provision and the specification of certain metadata are envisaged. 

Digital euro – setting the course in 2026 

The Eurosystem is continuing to work on the introduction of a digital euro. The digital euro is intended to complement traditional cash – as digital central bank money issued by the European Central Bank (ECB). The digital euro is intended to create a secure, simple and efficient payment option alongside cash and existing electronic means of payment. At the same time, it aims to modernise payment transactions in the eurozone and strengthen the independence of the European payment system. 

With the completion of the preparatory phase, the Eurosystem moved on to the next phase of the digital euro project in November 2025. In addition to the technical preparatory work and cooperation with market participants in analysing the innovation potential of the digital euro, the EU is developing a legal framework for the digital euro based on the European Commission's initial legislative proposal from 2023. 

With the assistance of the Rulebook Development Group, a draft set of rules has been drawn up that establishes uniform rules, standards and procedures to ensure that the digital euro functions in the same way throughout the eurozone. This draft is currently being negotiated in both chambers – the Council of the European Union and the European Parliament. The European Parliament's Committee on Economic and Monetary Affairs (ECON) has set itself the goal of developing its own position by the second quarter of 2026. This will be followed by further negotiations in the "trilogue". Only after the EU legislature has enshrined the digital euro in law can the ECB decide to issue it. If the EU co-legislators adopt the regulation on the introduction of the digital euro in 2026, a pilot project and initial transactions could take place from mid-2027. The entire Eurosystem should then be ready for a potential first issue of the digital euro in 2029. Market participants should prepare for this development at an early stage. 

European monitoring of critical ICT third-party service providers under DORA 

A key element of the Digital Operational Resilience Act (DORA) is the introduction of a uniform European supervisory framework for critical ICT third-party service providers. This is the EU's response to the financial sector's growing dependence on external IT service providers, whose failings can have a significant impact on the stability of the financial market. 

In future, oversight will be the responsibility of one of the European supervisory authorities (EBA, ESMA or EIOPA), but only for providers that are classified as critical due to their market position or importance for key financial services. The European Commission will designate these providers 

on the basis of objective criteria, such as the number and type of regulated financial companies that use their services and the potential impact of a disruption on financial stability. Which supervisory authority is responsible will depend on the sector in question (banks, investment firms or insurance companies). 

The supervisory authorities will be given extensive powers to inspect, audit and order measures. In the event of continued violations, they may recommend that the regulated financial institutions terminate their contractual relationships with non-compliant providers. In addition, penalties may be imposed to ensure compliance with orders. These can amount to up to 1 % of the average daily global turnover of the previous financial year for each day of non-compliance.