The mandate. Why the US conversational- finance surface does not translate to Europe.

📊 Full opportunity report: The mandate. Why the US conversational- finance surface does not translate to Europe. on ThorstenMeyerAI.com — validation score, market gap, and execution plan.

TL;DR

The US launched its personal-finance surface permissionlessly, while Europe’s regulatory environment requires licensing and consent. This fundamental difference alters how financial surfaces are built and deployed in Europe, impacting market access and competition.

OpenAI launched its personal-finance surface in the United States on May 15, 2026, using a permissionless approach that requires no licensing or regulatory approval. In contrast, Europe’s regulatory environment mandates strict licensing, consent, and compliance procedures, making the European deployment fundamentally different and more complex.

In the US, the launch relied on a permissionless, aggregator-based model, where companies like OpenAI could connect accounts via APIs such as Plaid without prior regulatory approval. This approach treats account access as a free, unregulated activity, enabling rapid deployment and innovation.

Europe’s legal framework, rooted in PSD2 and its successors, classifies account access as a regulated activity requiring licenses and explicit user consent. The newer open-finance regulation (FIDA) extends this model beyond payments to investments, pensions, and loans, creating a licensing regime that is still being implemented, with operational dates around 2029-2030. The EU AI Act further complicates matters by classifying AI systems used for credit scoring as high-risk, under supervision by financial regulators like BaFin.

Consequently, a service that reads bank data in Europe must operate under a license, with consent dashboards, conformity assessments, and AI classification processes embedded into its architecture. This makes European market entry a licensing project rather than a simple API integration, fundamentally changing the product design and competitive landscape.

The Mandate — Thorsten Meyer AI
MANDATE
● DISPATCH / MAY 2026
THORSTEN MEYER AI · AGENTIC COMMERCE · § 03
AGENTIC COMMERCE · 03
EUROPE / MANDATE
Essay · Regulatory-Architecture Reading · 2026-05-26

The mandate.
Why the US conversational-
finance surface does not
translate to Europe.

In the US, account access is a product you buy and consent is a button you tap. In Europe, both are mandates you are licensed and supervised to fulfill.
The US surface shipped permissionlessly — connect via Plaid, 12,000+ institutions, read-only, no license. That rollout does not translate. In Europe every layer is a mandate. The foundation: PSD2 → PSD3/PSR (provisional agreement Nov 27 2025) makes account access a licensed, API-quality-supervised activity under a directly-applicable rulebook. The expansion: FIDA extends mandated access to investments, pensions, insurance, mortgages under a new FISP license — operational ~2029-2030, with a contested data-access fee at its core. The overlay: the EU AI Act classifies credit-scoring AI as high-risk (full obligations Aug 2 2026), supervised not by a tech regulator but by financial supervisors like BaFin. The structural argument: the US surface is built on a permissionless private substrate, and Europe has no permissionless substrate — it has a mandate at every layer. In the US compliance is an afterthought. In Europe, compliance is the architecture, and the conversational experience is the thin layer on top.
3
Overlapping mandates — payments,
data, AI — vs zero in the US build
7%
Of global turnover · the EU AI Act
maximum penalty
2029-30
When FIDA — the full-picture data
mandate — is likely operational
0
Permissionless routes to a European’s
bank data · it is a licensed activity
THE MANDATE· US SHIPPED PERMISSIONLESSLY · PLAID· EUROPE HAS A MANDATE AT EVERY LAYER· PSD2 MADE ACCESS A LICENSED ACTIVITY· PSD3/PSR · PROVISIONAL AGREEMENT NOV 27 2025· PSR DIRECTLY APPLICABLE ACROSS 27 STATES· MANDATORY API QUALITY · NO SCREEN-SCRAPING· FIDA · NEW FISP LICENSE· OPEN FINANCE · INVESTMENTS PENSIONS INSURANCE· DATA-ACCESS FEE THE CONTESTED CORE· EU AI ACT · CREDIT SCORING HIGH-RISK· FULL OBLIGATIONS AUG 2 2026· SUPERVISED BY BAFIN, NOT A TECH REGULATOR· CONSENT IS A DASHBOARD, NOT A BUTTON· COMPLIANCE IS THE ARCHITECTURE· THE MANDATE FAVORS THE LICENSED INCUMBENT· IN EUROPE YOU LICENSE A FINANCE SURFACE· THE MANDATE· US SHIPPED PERMISSIONLESSLY · PLAID· EUROPE HAS A MANDATE AT EVERY LAYER· PSD2 MADE ACCESS A LICENSED ACTIVITY· PSD3/PSR · PROVISIONAL AGREEMENT NOV 27 2025· PSR DIRECTLY APPLICABLE ACROSS 27 STATES· MANDATORY API QUALITY · NO SCREEN-SCRAPING· FIDA · NEW FISP LICENSE· OPEN FINANCE · INVESTMENTS PENSIONS INSURANCE· DATA-ACCESS FEE THE CONTESTED CORE· EU AI ACT · CREDIT SCORING HIGH-RISK· FULL OBLIGATIONS AUG 2 2026· SUPERVISED BY BAFIN, NOT A TECH REGULATOR· CONSENT IS A DASHBOARD, NOT A BUTTON· COMPLIANCE IS THE ARCHITECTURE· THE MANDATE FAVORS THE LICENSED INCUMBENT· IN EUROPE YOU LICENSE A FINANCE SURFACE·
FIG. 01 — THE SUBSTRATE · PRIVATE PRODUCT VS PUBLIC MANDATE
The US built account access privately and permissionlessly · Europe built it as public mandate
One architectural difference at the foundation propagates through the entire stack
United States
A product you buy
  • Access built by private aggregators — Plaid, Yodlee, MX, Finicity
  • No banking license required to read bank data
  • Read-only design sidesteps money-transmission rules
  • No single federal open-banking statute · the surface ships as a product
European Union
A mandate you fulfill
  • Access is a licensed activity — AISP / PISP under PSD2
  • Regulator authorization required; no permissionless route
  • Explicit, revocable, SCA-governed consent regime
  • A directly-applicable rulebook (PSR) · the surface must be licensed
The US surface shipped because the account-access layer it needed was already built, privately and permissionlessly, by Plaid — and because a read-only design kept it clear of the activities that trigger heavy regulation. That is the precise feature Europe does not share. Reading a European’s bank data without the right license is not a product — it is an unauthorized activity. The very first layer of the US build, the permissionless connect, is in Europe a regulatory authorization.
FIG. 02 — THE THREE-MANDATE STACK · WHAT THE SURFACE MUST SATISFY IN EUROPE
Payments, data, and AI — three overlapping regimes, all enforced by financial regulators
The US surface faced none of these at launch; the European surface faces all three at once
PSD3 / PSRPayments mandate
Account access is a licensed activity (AISP/PISP). PSR directly applicable across 27 states. Mandatory API quality, screen-scraping eliminated, IBAN-name checks, expanded fraud liability.
FIDAData mandate
Extends mandated access to investments, pensions, insurance, mortgages, loans under a new FISP license. Standardized APIs + consent dashboards. A contested data-access fee may make aggregation cost money.
EU AI ActAI mandate
Credit scoring + creditworthiness = high-risk (Annex III). Conformity assessment, documentation, human oversight. Supervised by financial regulators (BaFin, CSSF). Fines up to 7% of global turnover.
A finance surface in Europe must be licensed for payment-data access (or partner with someone who is), prepare for a FISP license to aggregate the full financial picture, and classify itself under the AI Act — where the most commercially attractive features (“what loan can I get?”) sit closest to the high-risk line. The AI that is “just a chatbot” in the US is, in Europe, a regulated system whose classification depends on exactly how useful it tries to be.
FIG. 03 — THE STAGGERED TIMELINE · A MOVING REGULATORY TARGET
The mandate is not one event but a sequence — and the staggering is a filter
The firms that win architect for the end-state mandate, not the current one
Aug 2025
EU AI Act · GPAI obligations live · the frontier models that power a finance surface already carry systemic-risk obligations
Live
Nov 27 2025
PSD3/PSR provisional agreement · Parliament and Council reach political agreement; final texts expected in the Official Journal in 2026
Agreed
Aug 2 2026
EU AI Act · high-risk obligations land · credit-scoring / creditworthiness Annex III duties apply (subject to Digital Omnibus)
Operative
2027
PSD3/PSR core obligations · directly-applicable conduct rules land across the year after the transition
Landing
~2029-2030
FIDA operational · the full-picture data mandate and FISP license arrive, in staggered sector-by-sector “waves”
Forming
Building for PSD3 today while FIDA and the AI Act high-risk regime are still settling means building for a target that is still moving — which favors firms with the regulatory-intelligence capacity to track it and the patience to build for 2030 rather than ship for 2026. The staggered timeline is itself a filter: it selects for regulatory endurance over launch speed.
FIG. 04 — THE CONSENT ARCHITECTURE · WHAT REPLACES THE “CONNECT” BUTTON
The single most optimized moment of the US product is the single most regulated moment of the European one
The European surface cannot inherit the US onboarding · it must build a different, regulated core
The US default — collect broadly, use later — is the European violation. The consent dashboard, the granular permission model, the revocation flows, the purpose-binding, the audit trail are not features bolted onto the conversational experience; they are the regulated core that the experience sits on top of. The European surface is, by regulation, higher-friction at exactly the moment the US surface optimized for frictionlessness.
FIG. 05 — WHO BUILDS THE EUROPEAN SURFACE · THE REDISTRIBUTION OF ADVANTAGE
The mandate does not just slow the US surface — it changes who wins
Advantage moves from permissionless speed to licensed position
Disadvantaged
The US winners
A frontier lab + permissionless aggregator. Their core competency — permissionless speed and reach — is exactly what the mandate removes. No AISP/FISP license, no BaFin relationship. Arrive needing a license stack they don’t have.
Advantaged
Licensed EU fintechs
Already authorized AISPs/PISPs, PSD3-compliant API fleets, consent-native. “The lab + a licensed European partner” — and the partner holds more leverage than Plaid, because the license is scarcer than an API.
Advantaged
Incumbent banks
Already hold the data, licenses, consent relationships, supervisory standing. The incumbent disintermediated in the US thesis is, in Europe, structurally protected — the mandate that gates the challenger does not gate the bank.
In the US, the advantage went to whoever integrated the permissionless layer fastest and built the best surface on top. In Europe, it goes to whoever holds the licenses, the supervisory relationships, and the consent architecture. The mandate redistributes the advantage from the permissionless aggregator-and-lab toward the licensed incumbent-and-specialist — and Europe’s regulation is, among other things, an incumbent-protection architecture, whether or not that is its intent.
The architecture diverges at the foundation: the American surface treats account access as a product you buy and consent as a button you tap, while Europe treats both as mandates you are licensed and supervised to fulfill. In the US, you ship a finance surface. In Europe, you license one.
Thorsten Meyer · The Mandate · Agentic Commerce 03

Impact of Regulatory Architecture on Market Entry

This difference in regulatory architecture means European firms must navigate a complex licensing and consent regime, which raises barriers to entry and favors established, licensed players. It shifts the market from permissionless innovation to a consent-driven, compliance-heavy environment, potentially slowing innovation but increasing consumer protection.

For US firms, this represents a significant barrier to deploying their American-style surfaces in Europe, likely favoring local incumbents and licensed specialists over permissionless aggregators. The architecture also influences product design, emphasizing compliance and consent management over rapid deployment.

Amazon

European banking API licensing solutions

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

European Regulatory Framework for Financial Data Access

Since 2018, PSD2 established account access as a regulated activity in Europe, requiring third-party providers to obtain licenses and adhere to strict standards. The upcoming PSD3 and Payment Services Regulation (PSR) aim to reinforce and expand these requirements, with final implementation expected in 2026-2027.

FIDA, the new open-finance regulation, extends these principles beyond payments to encompass investments, pensions, and loans, creating a new category of licensed providers. The EU AI Act, effective August 2026, classifies AI systems for credit scoring as high-risk, subject to supervision and compliance obligations, adding further layers of regulation.

Unlike the US, where account access is permissionless, Europe’s framework is built around licensing, consent, and compliance, making the architecture fundamentally different.

“The American AI-finance surface was possible because the United States built its open-banking layer privately and permissionlessly — Plaid, not a regulator, defined account access — while Europe built the same layer as public regulation.”

— Thorsten Meyer

Amazon

PSD2 compliant account access tools

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Unclear Impact on Consumer Outcomes and Competition

It remains uncertain whether Europe’s licensing and consent-driven approach will lead to better consumer protection and data security compared to the US permissionless model. The long-term effects on innovation, market competition, and consumer experience are still developing.

Additionally, it is not yet clear how quickly European firms will adapt to the new licensing regime and whether new entrants will emerge under the complex regulatory framework.

Principles Of Corporate Finance

Principles Of Corporate Finance

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Upcoming Regulatory Milestones and Market Adaptation

Key dates include the finalization of PSD3 and FIDA regulations in 2026-2027, which will define the operational landscape for open banking and open finance in Europe. Firms are expected to invest in compliance infrastructure, consent management, and AI classification systems to meet these standards.

European regulators will continue supervising high-risk AI systems, and enforcement actions may shape how firms approach AI deployment in financial services. US firms aiming to enter Europe will need to re-architect their products around licensing and consent, potentially delaying or altering their market strategies.

Ai In Finance: Shaping The Future Of Intelligent Automation And Financial Services (Computational Intelligence & Knowledge-based Systems: Models, Algorithms & Applications)

Ai In Finance: Shaping The Future Of Intelligent Automation And Financial Services (Computational Intelligence & Knowledge-based Systems: Models, Algorithms & Applications)

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Key Questions

Why does the US approach to open banking differ from Europe’s?

The US relies on a permissionless, private-sector-led model where API keys and aggregator platforms like Plaid enable account access without prior regulation. Europe, on the other hand, built its open banking layer through public regulation (PSD2 and successors), requiring licenses, consent, and compliance for account access.

How does the EU AI Act affect financial services?

The EU AI Act classifies AI systems used for credit scoring and assessment as high-risk, imposing strict obligations, supervision, and conformity assessments. This adds regulatory complexity and influences how AI is deployed in European financial products.

Will European firms be able to replicate US-style conversational finance surfaces?

Not easily. Due to the licensing and consent regime, European firms must build licensed, consent-driven platforms, which differ fundamentally from the permissionless US approach. US firms will need significant re-architecture to operate in Europe.

What are the main barriers for US firms entering Europe?

The primary barriers include obtaining licenses, implementing consent dashboards, conforming to API standards, and complying with AI regulations. These requirements increase costs and slow deployment compared to the US permissionless model.

Could Europe’s approach lead to better consumer protection?

It is possible. The licensing, consent, and AI classification regimes aim to enhance data security and consumer rights, but whether they achieve this in practice remains to be seen as the regulations are implemented and tested over time.

Source: ThorstenMeyerAI.com

You May Also Like

Live updates: Iran says it’s closing Strait of Hormuz over Lebanon fighting amid push to resume US talks

Iran states it will close the Strait of Hormuz due to ongoing fighting in Lebanon, escalating regional tensions. The move impacts global oil routes and security.

Are Polymarket Trading Bots Actually Profitable? The Math Behind 2026’s Prediction-Market Arbitrage Industry

An on-chain analysis reveals that only 0.51% of wallets profit over $1,000 on Polymarket in 2024-2025, with most retail bots losing money or breaking even in 2026.

YouTube Unveiled: Policies, Partnerships, and Future Developments

Lifting the curtain on YouTube's inner workings, uncover the policies, partnerships, and innovations shaping the future of online video.

Why National AI Strategies Now Matter More Than Product Launches

Opportunity arises now to shape AI’s future responsibly, ensuring it benefits society as a whole—discover why national strategies are more crucial than ever.