The European Financial Data Space (EFDS)

What is the European Financial Data Space (EFDS)?

According to the European strategy for data (19.2.2020), the European Commission supports the establishment of nine common European data spaces, including the Common European financial data space, "to stimulate, through enhanced data sharing, innovation, market transparency, sustainable finance, as well as access to finance for European businesses and a more integrated market."

According to the Commission, in the financial sector, EU legislation requires financial institutions to disclose a significant amount of data products, transactions and financial results. Moreover, the revised Payment Services Directive marks an important step towards open banking, where innovative payment services can be offered to consumers and businesses on the basis of the access to their bank account data. Going forward, enhancing data sharing would contribute to stimulating innovation as well as achieving other important policy objectives at EU level.

The Commission further facilitates access to public disclosures of financial data or supervisory reporting data, currently mandated by law, for example by promoting the use of common pro-competitive technical standards. This would facilitate more efficient processing of such publicly accessible data to the benefit of a number of other policies of public interest, such as enhancing access to finance for European businesses through more integrated capital markets, improving market transparency and supporting sustainable finance in the EU.

What is the European Data Space?

The EU creates an attractive policy environment so that, by 2030, the EU’s share of the data economy – data stored, processed and put to valuable use in Europe - at least corresponds to its economic weight. The aim is to create a single European data space – a genuine single market for data, open to data from across the world – where personal as well as non-personal data, including sensitive business data, are secure and businesses also have easy access to an almost infinite amount of high-quality industrial data, boosting growth and creating value, while minimising the human carbon and environmental footprint.

It will be a space where EU law can be enforced effectively, and where all data-driven products and services comply with the relevant norms of the EU’s single market. To this end, the EU combines fit-for-purpose legislation and governance to ensure availability of data, with investments in standards, tools and infrastructures as well as competences for handling data.

While data is essential for all sectors of the economy and society, each domain has its own specificities and not all sectors are moving at the same speed. Therefore, cross-sectoral actions towards a European data space need to be accompanied by the development of sectoral data spaces in strategic areas such as manufacturing, agriculture, health, and finance.

Understanding the European Financial Data Space (EFDS)

Data has always been at the core of financial services and data-driven finance necessitates the use of varied datasets, such as publicly and privately held personal and non-personal data.

Financial data includes publicly disclosed company information and business registry data, as well as data reported by financial institutions to supervisory authorities.

Financial data also relates to data about individual savings, mortgages, consumer credit, investments, pensions and insurance. Furthermore, innovation in finance also increasingly relies on non-financial data. Therefore, to ensure interoperability, the European financial data space needs to be developed in close connection with data spaces in other sectors.

The European financial data space includes three main components.

First, digital access to publicly disclosed financial and sustainability related information. As part of its Capital Markets Union Action Plan, the Commission proposed, in November 2021, a regulation to set up a European Single Access Point (ESAP), which will be established by the European Securities and Markets Authority (ESMA).

The ESAP will be a common source of free public information about EU companies and investment products, regardless of where in the EU they are located or originated. It will interconnect various sources of publicly disclosed information. ESAP is expected to be operational from 2024 and will be gradually developed in a phased-in approach. In parallel with the ESAP regulation, the Commission has proposed amendments to EU financial services legislation requiring public disclosures to be made systematically available on ESAP and in a data extractable or machine-readable formats. ESAP will in that way contribute to the creation of the European financial data space and facilitate data sharing among various stakeholders.

It is expected that the availability of such high-value data will strengthen the use of technologies like artificial intelligence, machine-learning and natural-language processing in the near future. In addition, synergies with other initiatives are expected. Starting from 2022, the set-up of the ESAP will also be supported under DIGITAL, as announced in the DIGITAL Work Programme 2021-2022.

Second, easier reporting and sharing of supervisory data among EU and national supervisory authorities. The Commission has adopted a supervisory data strategy which aims to streamline EU-level supervisory reporting and facilitate data sharing between supervisory authorities at EU and national level, as well as making more information available to the industry.

The strategy envisages the development of a common data dictionary to ensure consistency and standardisation across the financial sector, making it easier to share and reuse data, and contributing to making reporting requirements machine-readable and executable. In addition, the Commission will continue the work in cooperation with the ESAP, in particular during the development of the technical standards for the ESAP.

The supervisory data strategy will help enable the use of innovative technologies, including regulatory technology (RegTech) tools for supervisory reporting by regulated entities and supervisory technology (SupTech) tools for supervision by authorities. The strategy was adopted in November 2021.

Third, the business-to-business and business-to-consumer data sharing and reuse in the EU financial sector (open finance). The revised Payment Services Directive (PSD2) led the way in opening up data sharing on payments accounts. Further steps towards enhanced data sharing and openness across and within the various types of financial services will enable the financial sector to fully embrace data-driven innovation, in full compliance with personal data protection and competition rules.

To ensure maximum coherence and synergies among these three elements of the European financial data space, the Commission will aim to use common governance structures to the extent possible. The objective is to help integrate European capital markets, channel investments into sustainable activities, support innovation and bring efficiencies for consumers, businesses and authorities alike.

The expert group on European financial data space

The Commission Expert Group on European Finance Data Space was set up in 2021 to provide advice on the technical aspects of establishing a common financial data space.

The common financial data space is the third priority area of the Digital Finance Strategy which aims to promote data-driven innovation in finance.

The group will provide advice and expertise to the DG Financial Stability and Capital Markets Union (FISMA) in relation to the preparation of legislative proposals and policy initiatives in the field of data sharing in the financial sector, to further the establishment of a common financial data space in the EU.

The group will also need to assess the need for any interaction with other data spaces and data-sharing beyond the financial sector.

As part of its deliberations, the group would also be expected to look into the relevant policy issues associated with such data-sharing, including data confidentiality, privacy, customer consent and potential impact on access to financial services and products, taking into account the ongoing work on the Data Act.

According to the Report on Open Finance, from the Expert Group on European financial data space, open finance refers to the sharing, access and reuse of personal and non-personal data for the purposes of providing a wide range of financial services.

The objective of open finance is to promote innovative financial products and services to the direct benefit of consumers and firms.

A key condition for open finance is strong consumer trust and confidence.

Further steps towards enhanced data openness across and within sectors will increase opportunities for data-driven innovation and support the creation of a broader single market for data.

To achieve its objective, open finance can only work based on strong customer trust and confidence in the sharing and reuse of data – including personal data. In this respect, a condition for open finance is to protect consumers and firms by addressing risks related to data access and use and reducing use issues, e.g.:

Risks related to consumers and firms – risks related to unfair use of data, mis-selling, fraud or a lack of expected protection from a service or product due to incorrect advice or incomplete information;

Exclusion risks - risks related to exclusion, discrimination or overcharging because of a customer’s risk profile;

Operational risks – risks related to complex data control & management because of increasing data sharing and reuse; cybersecurity risks that could affect the customer, the data holder, or the underlying open finance infrastructure; Including with regards to the protection of personal and non-personal data, trade secrets, intellectual property theft or industrial espionage.

Acts related to the European Financial Data Space (EFDS)

The Data Governance Act

The first instrument announced in the data strategy, the Data Governance Act (DGA), entered into force on 23 June 2022 and is applicable since 24 September 2023. The DGA strengthens trust in data sharing by regulating organisations that bring the demand and supply sides of the data market together. The Regulation is a key building block for the common European data spaces.

The DGA facilitates the development of common European data spaces through several mechanisms:

1. Recognised data altruism organisations support the emergence of sufficiently-sized data pools made available on the basis of data altruism in order to enable data analytics and machine learning, including across the Union.

2. Data intermediation services support the bilateral or multilateral sharing of data or the creation of platforms or databases enabling the sharing or joint use of data, as well as the establishment of specific infrastructure to connect data subjects and data holders with data users. As orchestrators of data-sharing ecosystems, data intermediaries open the market in the context of common European data spaces.

3. To help potential re-users find relevant information on what data is held by which public authorities, Member States are required to make a safe reuse of specific categories of public sector data possible. This is facilitated through the European register for protected data held by the public sector, available at – the official portal for European data. This complements the 2019 Open Data Directive, which does not cover the types of public sector data addressed by the DGA.

The European Data Innovation Board (EDIB), also established under the DGA, acts as an advisory body to the European Commission for all matters related to the implementation of the DGA and for horizontal issues pertaining to the common European data spaces.

It consists of Member State representatives from the competent authorities for data intermediation services and for the registration of data altruism organisations, the European Data Protection Board (EDPB), the European Data Protection Supervisor (EDPS), the EU Agency for Network and Information Security (ENISA), the SME envoys network, and other representatives of relevant bodies in specific sectors, as well as bodies with specific expertise.

To read more:

The European Data Governance Act (DGA)

The Data Act

The Data Act was proposed in February 2022 and entered into force on 11 January 2024. It applies from 12 September 2025. As the second key legislative initiative announced in the European data strategy, the Data Act complements the Data Governance Act by clarifying access and use rights on data with the objective of ensuring fairness in the data economy.

The main aim of the Data Act is to remove barriers to the access to high-quality data, particularly in the industrial context (currently 80% of this data is not used). It facilitates data sharing both in business-to-business (B2B) and business-to-consumer (B2C) situations while ensuring that data protection rules are respected when personal data is shared.

The Data Act is an ambitious measure aiming to facilitate the development of new products and services leveraging on Europe’s wealth of data. It does so by clarifying the rights and obligations of the different parties involved in the use of data from connected products, notably clarifying that lawful users of such products have full access and usage rights, as well as rights to control use by others.

Furthermore, it establishes a mechanism by which public sector bodies can request data from a business where there is an exceptional need and provides clear rules on how such requests should be made. An exceptional need can be, but is not limited to, a public emergency such as a pandemic or earthquake. It also includes measures to protect SMEs from unfair contractual terms imposed by stronger players and to increase the competitiveness of the European cloud market by removing legal, technical and financial obstacles to effective switching between cloud service providers.

In addition, the Data Act introduces safeguards on transferring non-personal data beyond the EU borders at the request of a third country government where that would create a conflict with Union law or the national law of the relevant Member State, or in exceptional cases where a data holder is highly likely to suffer serious economic damage from the disclosure of trade secrets.

Finally, it defines essential requirements regarding the interoperability of data spaces, and sets out interoperability provisions for providers of data processing services.

To learn more:

The European Data Act

The Digital Markets Act and the Digital Services Act

The Digital Markets Act (DMA) entered into force on 1 November 2022 and its implementing regulation was adopted on 14 April 2023, in view of the applicability of the DMA from 2 May 2023. The DMA applies to large digital platforms acting as important gateways for business users to reach consumers. The objective of this legislation is to ensure contestable and fair markets in the digital sector and to enable other companies to access these markets and compete on a balanced, even field.

There is a strong focus on data access and use in the DMA. For example, it introduces an obligation for gatekeepers not to use data they collected from the business users of their platforms to compete with those business users as well as an obligation not to combine personal data of consumers from two or more of their core platform services without consent in accordance with the GDPR.

The Digital Services Act (DSA) was presented as a complementary measure to the DMA, covering online content moderation, clarifying responsibilities and obligations of online intermediary services, hosting services and large online platforms. The DSA aims to increase democratic control and transparency of online content, in particular harmful content. More specifically, the DSA introduces a new transparency regime which will ensure access, under specific conditions, to data collected by very large online platforms with tens of millions of users in the European Union.

The DSA came into force in November 2022 after a long negotiation and intense discussion with industry representatives and civil society associations. It is applicable since July 2023 for very large platforms and from January 2024 for all other actors. An essential aspect of compliance is the establishment of a risk management system to identify and mitigate potential risks for society, like harmful content. In February 2024, EU Members had to appoint Digital Services Coordinators who oversee compliance.

To read more:

The Digital Services Act (DSA)

The Digital Markets Act (DMA)

Cyber Risk GmbH, some of our clients