National Bank of Ukraine confirmed The Open Banking Regulation is a new regulatory framework that regulates digital interaction between banks, financial technology companies and users. From August 1, a system that allows you to transfer information about customer accounts or initiate payments through API software interfaces, but only with the customer’s consent, has been operating in Ukraine. This decision brings Ukraine closer to European standards and completes the implementation of PSD2 Directive provisions into national legislation.
Open banking is a fundamentally new model for organizing the financial environment that allows third-party players, such as fintech companies, to gain controlled access to user accounts, view balances, transaction history, and initiate payments. All actions are possible only after voluntary user authorization.
The National Bank emphasizes that the implementation of this system is not just a technological update, but part of Ukraine’s strategic course for financial integration with the European Union. It is also a mandatory condition for joining SEPA – the Single Euro Payments Area. The corresponding package of draft laws, necessary for the harmonization of Ukrainian legislation with EU norms, has already been approved by the Cabinet of Ministers. After the full launch, Ukrainian users will be able to make transfers in euros to 36 SEPA member countries without additional fees and in compliance with uniform standards similar to SWIFT.
The new model of open banking covers four main groups of participants:
— ASPSPs (banks or other payment service providers) that maintain customer accounts and provide API access to them;
— PISP / AISP — third-party service providers that, after obtaining permission from the NBU, can access accounts or initiate payments;
— Users are individuals and legal entities who consent to the processing of their data;
— Technological operators who are responsible for technical implementation and ensure safe transmission of information.
The regulation also establishes procedures for granting and withdrawing customer consent, rules for interaction between all market participants, API security requirements, standards for authentication, transaction accounting, and personal data protection.
A transition period is provided for banks and payment institutions: they are required to fully adapt their activities to the new requirements by the end of 2025. Until then, all market participants must implement technical solutions for secure information exchange and ensure compliance with regulatory requirements.
