PS20/13: Amendments to the open banking identification requirements (eIDAS certificate)

We outline feedback to CP20/18 and confirm near final rules to amend Article 34(1) of the UK-RTS, with minor changes to the proposal in CP20/18. 

PS20/13: Amendments to the open banking identification requirements (eIDAS certificate)

27 November 2020 update

The final rules to amend Article 34(1) of the UK-RTS have been published today alongside the rest of the UK-RTS.

See our Handbook. The final rules apply from 11pm on 31 December 2020. 

Why we are changing

We want to ensure that that the UK’s open banking ecosystem continues to serve over 2 million customers post Brexit.

Who this applies to

  • firms that provide and maintain a payment account with online access for a payer (ASPSPs) 
  • firms that provide online services that consolidate customers’ payment account data (AISPs) 
  • firms that provide online services that allow users to initiate payments (PISPs)
  • firms that provide services that initiate card-based payments from payment accounts held by an ASPSP (CBPIIs) 

Background to the amendments

The European Banking Authority (EBA) announced that eIDAS certificates of UK Third-Party Providers (TPPs) will be revoked when the transition period ends on 31 December 2020. Without intervention, UK-based TPPs will not be able to provide open banking services to consumers post Brexit. Our changes will permit UK-based TPPs to continue accessing customer data and initiating payments by using alternatives to eIDAS certificates.

Next steps

Firms must assess whether they need to make any changes and implement them as soon as possible. 

Page updates

18/01/2021: Link changed fixed broken link
27/11/2020: Information added 27 November 2020 update.