The mandate. Why the US conversational- finance surface does not translate to Europe.

📊 Full opportunity report: The mandate. Why the US conversational- finance surface does not translate to Europe. on ThorstenMeyerAI.com — validation score, market gap, and execution plan.

TL;DR

The US rolled out a permissionless, API-based personal finance surface in May 2026. Europe, however, faces a regulatory environment where such a surface must be built around licensing, consent, and AI compliance, preventing a direct port of the US model.

On May 15, 2026, OpenAI launched its personal-finance surface in the United States, offering permissionless access to financial data through APIs. In contrast, Europe’s regulatory environment prevents such a permissionless rollout, requiring licensed, consent-based architectures governed by multiple overlapping regulations. This fundamental difference means the US model cannot simply be exported to Europe, impacting the development and competitive landscape of conversational finance across the Atlantic.

The US launch of OpenAI’s personal-finance surface was permissionless, relying on API access without prior licensing or regulation, enabled by the country’s open banking infrastructure built by private entities like Plaid. Conversely, Europe’s approach is rooted in a tightly regulated environment, where account access is a licensed activity under PSD2, and the expansion into open finance is governed by the upcoming FIDA regulation, which extends licensing to investment, pensions, insurance, and loans. These frameworks impose compliance requirements such as consent dashboards, conformity assessments, and licensing, making a direct US-style launch impossible.

Furthermore, the European AI Act classifies AI systems used for credit scoring and financial assessments as high-risk, subjecting them to stringent obligations and supervision by financial regulators like BaFin in Germany. This layered regulatory environment transforms the architecture of financial data access from a permissionless product to a license-and-consent-driven system, where compliance is embedded into the core architecture rather than an afterthought. As a result, European firms that can navigate this complex regulatory landscape are likely to dominate the market, favoring incumbents and licensed specialists over permissionless aggregators common in the US.

The Mandate — Thorsten Meyer AI
MANDATE
● DISPATCH / MAY 2026
THORSTEN MEYER AI · AGENTIC COMMERCE · § 03
AGENTIC COMMERCE · 03
EUROPE / MANDATE
Essay · Regulatory-Architecture Reading · 2026-05-26

The mandate.
Why the US conversational-
finance surface does not
translate to Europe.

In the US, account access is a product you buy and consent is a button you tap. In Europe, both are mandates you are licensed and supervised to fulfill.
The US surface shipped permissionlessly — connect via Plaid, 12,000+ institutions, read-only, no license. That rollout does not translate. In Europe every layer is a mandate. The foundation: PSD2 → PSD3/PSR (provisional agreement Nov 27 2025) makes account access a licensed, API-quality-supervised activity under a directly-applicable rulebook. The expansion: FIDA extends mandated access to investments, pensions, insurance, mortgages under a new FISP license — operational ~2029-2030, with a contested data-access fee at its core. The overlay: the EU AI Act classifies credit-scoring AI as high-risk (full obligations Aug 2 2026), supervised not by a tech regulator but by financial supervisors like BaFin. The structural argument: the US surface is built on a permissionless private substrate, and Europe has no permissionless substrate — it has a mandate at every layer. In the US compliance is an afterthought. In Europe, compliance is the architecture, and the conversational experience is the thin layer on top.
3
Overlapping mandates — payments,
data, AI — vs zero in the US build
7%
Of global turnover · the EU AI Act
maximum penalty
2029-30
When FIDA — the full-picture data
mandate — is likely operational
0
Permissionless routes to a European’s
bank data · it is a licensed activity
THE MANDATE· US SHIPPED PERMISSIONLESSLY · PLAID· EUROPE HAS A MANDATE AT EVERY LAYER· PSD2 MADE ACCESS A LICENSED ACTIVITY· PSD3/PSR · PROVISIONAL AGREEMENT NOV 27 2025· PSR DIRECTLY APPLICABLE ACROSS 27 STATES· MANDATORY API QUALITY · NO SCREEN-SCRAPING· FIDA · NEW FISP LICENSE· OPEN FINANCE · INVESTMENTS PENSIONS INSURANCE· DATA-ACCESS FEE THE CONTESTED CORE· EU AI ACT · CREDIT SCORING HIGH-RISK· FULL OBLIGATIONS AUG 2 2026· SUPERVISED BY BAFIN, NOT A TECH REGULATOR· CONSENT IS A DASHBOARD, NOT A BUTTON· COMPLIANCE IS THE ARCHITECTURE· THE MANDATE FAVORS THE LICENSED INCUMBENT· IN EUROPE YOU LICENSE A FINANCE SURFACE· THE MANDATE· US SHIPPED PERMISSIONLESSLY · PLAID· EUROPE HAS A MANDATE AT EVERY LAYER· PSD2 MADE ACCESS A LICENSED ACTIVITY· PSD3/PSR · PROVISIONAL AGREEMENT NOV 27 2025· PSR DIRECTLY APPLICABLE ACROSS 27 STATES· MANDATORY API QUALITY · NO SCREEN-SCRAPING· FIDA · NEW FISP LICENSE· OPEN FINANCE · INVESTMENTS PENSIONS INSURANCE· DATA-ACCESS FEE THE CONTESTED CORE· EU AI ACT · CREDIT SCORING HIGH-RISK· FULL OBLIGATIONS AUG 2 2026· SUPERVISED BY BAFIN, NOT A TECH REGULATOR· CONSENT IS A DASHBOARD, NOT A BUTTON· COMPLIANCE IS THE ARCHITECTURE· THE MANDATE FAVORS THE LICENSED INCUMBENT· IN EUROPE YOU LICENSE A FINANCE SURFACE·
FIG. 01 — THE SUBSTRATE · PRIVATE PRODUCT VS PUBLIC MANDATE
The US built account access privately and permissionlessly · Europe built it as public mandate
One architectural difference at the foundation propagates through the entire stack
United States
A product you buy
  • Access built by private aggregators — Plaid, Yodlee, MX, Finicity
  • No banking license required to read bank data
  • Read-only design sidesteps money-transmission rules
  • No single federal open-banking statute · the surface ships as a product
European Union
A mandate you fulfill
  • Access is a licensed activity — AISP / PISP under PSD2
  • Regulator authorization required; no permissionless route
  • Explicit, revocable, SCA-governed consent regime
  • A directly-applicable rulebook (PSR) · the surface must be licensed
The US surface shipped because the account-access layer it needed was already built, privately and permissionlessly, by Plaid — and because a read-only design kept it clear of the activities that trigger heavy regulation. That is the precise feature Europe does not share. Reading a European’s bank data without the right license is not a product — it is an unauthorized activity. The very first layer of the US build, the permissionless connect, is in Europe a regulatory authorization.
FIG. 02 — THE THREE-MANDATE STACK · WHAT THE SURFACE MUST SATISFY IN EUROPE
Payments, data, and AI — three overlapping regimes, all enforced by financial regulators
The US surface faced none of these at launch; the European surface faces all three at once
PSD3 / PSRPayments mandate
Account access is a licensed activity (AISP/PISP). PSR directly applicable across 27 states. Mandatory API quality, screen-scraping eliminated, IBAN-name checks, expanded fraud liability.
FIDAData mandate
Extends mandated access to investments, pensions, insurance, mortgages, loans under a new FISP license. Standardized APIs + consent dashboards. A contested data-access fee may make aggregation cost money.
EU AI ActAI mandate
Credit scoring + creditworthiness = high-risk (Annex III). Conformity assessment, documentation, human oversight. Supervised by financial regulators (BaFin, CSSF). Fines up to 7% of global turnover.
A finance surface in Europe must be licensed for payment-data access (or partner with someone who is), prepare for a FISP license to aggregate the full financial picture, and classify itself under the AI Act — where the most commercially attractive features (“what loan can I get?”) sit closest to the high-risk line. The AI that is “just a chatbot” in the US is, in Europe, a regulated system whose classification depends on exactly how useful it tries to be.
FIG. 03 — THE STAGGERED TIMELINE · A MOVING REGULATORY TARGET
The mandate is not one event but a sequence — and the staggering is a filter
The firms that win architect for the end-state mandate, not the current one
Aug 2025
EU AI Act · GPAI obligations live · the frontier models that power a finance surface already carry systemic-risk obligations
Live
Nov 27 2025
PSD3/PSR provisional agreement · Parliament and Council reach political agreement; final texts expected in the Official Journal in 2026
Agreed
Aug 2 2026
EU AI Act · high-risk obligations land · credit-scoring / creditworthiness Annex III duties apply (subject to Digital Omnibus)
Operative
2027
PSD3/PSR core obligations · directly-applicable conduct rules land across the year after the transition
Landing
~2029-2030
FIDA operational · the full-picture data mandate and FISP license arrive, in staggered sector-by-sector “waves”
Forming
Building for PSD3 today while FIDA and the AI Act high-risk regime are still settling means building for a target that is still moving — which favors firms with the regulatory-intelligence capacity to track it and the patience to build for 2030 rather than ship for 2026. The staggered timeline is itself a filter: it selects for regulatory endurance over launch speed.
FIG. 04 — THE CONSENT ARCHITECTURE · WHAT REPLACES THE “CONNECT” BUTTON
The single most optimized moment of the US product is the single most regulated moment of the European one
The European surface cannot inherit the US onboarding · it must build a different, regulated core
The US default — collect broadly, use later — is the European violation. The consent dashboard, the granular permission model, the revocation flows, the purpose-binding, the audit trail are not features bolted onto the conversational experience; they are the regulated core that the experience sits on top of. The European surface is, by regulation, higher-friction at exactly the moment the US surface optimized for frictionlessness.
FIG. 05 — WHO BUILDS THE EUROPEAN SURFACE · THE REDISTRIBUTION OF ADVANTAGE
The mandate does not just slow the US surface — it changes who wins
Advantage moves from permissionless speed to licensed position
Disadvantaged
The US winners
A frontier lab + permissionless aggregator. Their core competency — permissionless speed and reach — is exactly what the mandate removes. No AISP/FISP license, no BaFin relationship. Arrive needing a license stack they don’t have.
Advantaged
Licensed EU fintechs
Already authorized AISPs/PISPs, PSD3-compliant API fleets, consent-native. “The lab + a licensed European partner” — and the partner holds more leverage than Plaid, because the license is scarcer than an API.
Advantaged
Incumbent banks
Already hold the data, licenses, consent relationships, supervisory standing. The incumbent disintermediated in the US thesis is, in Europe, structurally protected — the mandate that gates the challenger does not gate the bank.
In the US, the advantage went to whoever integrated the permissionless layer fastest and built the best surface on top. In Europe, it goes to whoever holds the licenses, the supervisory relationships, and the consent architecture. The mandate redistributes the advantage from the permissionless aggregator-and-lab toward the licensed incumbent-and-specialist — and Europe’s regulation is, among other things, an incumbent-protection architecture, whether or not that is its intent.
The architecture diverges at the foundation: the American surface treats account access as a product you buy and consent as a button you tap, while Europe treats both as mandates you are licensed and supervised to fulfill. In the US, you ship a finance surface. In Europe, you license one.
Thorsten Meyer · The Mandate · Agentic Commerce 03

Impacts of Regulatory Architecture on Market Structure

The divergence in regulatory approaches shapes the competitive landscape of conversational finance. In the US, permissionless data aggregation fosters rapid innovation and new entrants, while Europe’s licensing and compliance requirements create high barriers to entry, favoring established firms. This difference may lead to a more concentrated market in Europe, with implications for consumer choice, innovation speed, and data privacy. Understanding these structural distinctions is vital for firms planning cross-Atlantic expansion and for policymakers considering future regulation. Learn more about the unbundling of the budget app.
Personal Finance for Dummies

Personal Finance for Dummies

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Legal and Technical Foundations of US and European Data Access

The US’s permissionless approach to financial data access was enabled by private-sector initiatives like Plaid, which developed API-based data aggregation without regulatory mandates. This model allowed rapid deployment of personal-finance surfaces, with compliance considered secondary. In Europe, the legal foundation is built on PSD2, which made account access a regulated activity in 2018, and the upcoming FIDA regulation aims to expand open banking into open finance, creating a new licensing regime. The AI Act further complicates the landscape by classifying AI systems in high-risk categories, requiring supervision by financial regulators. These layered regulations fundamentally alter how financial data services are built and operated in Europe, contrasting sharply with the US permissionless model.

“The US permissionless surface is built on a private API layer, whereas Europe’s is a mandated, licensed architecture. This difference in foundational design determines how each market can develop.”

— Thorsten Meyer

Express Schedule Free Employee Scheduling Software [PC/Mac Download]

Express Schedule Free Employee Scheduling Software [PC/Mac Download]

Simple shift planning via an easy drag & drop interface

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Unclear Outcomes of Regulatory Divergence

It remains uncertain how these regulatory differences will influence innovation, market concentration, and consumer outcomes over the next few years. While the US model promotes rapid deployment and new entrants, Europe’s licensing regime may favor incumbents and slow innovation. The long-term impact on consumer privacy, data security, and financial inclusion is still being observed, and regulatory developments could further evolve, affecting the competitive landscape.

Amazon

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Expected Developments in European Financial Regulation

Regulatory agencies in Europe are expected to finalize the FIDA regulation in 2026-2027, establishing detailed licensing and consent frameworks for open finance. Simultaneously, the AI Act’s obligations for high-risk AI systems will come into force, shaping how AI-driven financial services are developed and supervised. Firms aiming to build European equivalents of US permissionless surfaces will need to navigate these layered, compliance-driven architectures, likely leading to increased market consolidation and a focus on licensed, regulated providers. Observers should watch for regulatory updates and market entries from incumbents with existing licenses.

Why and How to Create Effective AI Prompts for Regulatory Compliance: Governing AI Interaction in Financial Institutions (Responsible Regulatory Compliance)

Why and How to Create Effective AI Prompts for Regulatory Compliance: Governing AI Interaction in Financial Institutions (Responsible Regulatory Compliance)

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Key Questions

Why can’t the US permissionless finance surface be directly implemented in Europe?

Because Europe’s legal framework treats account access as a regulated activity requiring licenses and compliance with strict data and AI standards, unlike the US permissionless API approach.

What are the main regulatory frameworks affecting European open finance?

PSD2, the upcoming FIDA regulation, and the AI Act are the key legal regimes shaping data access, licensing, and AI use in European financial services.

How does the European approach impact innovation compared to the US?

European regulation may slow the pace of innovation and favor established, licensed firms, whereas the US permissionless model enables faster deployment and a broader range of entrants.

Who is best positioned to build the European financial surface?

Licensed incumbents and specialized firms that can navigate the complex regulatory environment are better positioned than permissionless aggregators.

Will the regulatory environment in Europe change to allow permissionless models?

Currently, there are no indications that the core licensing and consent regimes will be replaced; future changes depend on regulatory reforms and policy debates.

Source: ThorstenMeyerAI.com

Nothing in this article is financial or investment advice. Cryptocurrency and precious-metal investments carry significant risk — do your own research and consider a licensed advisor.
You May Also Like

The labor share. Is value really moving from labor to capital? The data isn’t on anyone’s side yet.

Analyzing whether AI is truly reallocating income from labor to capital, with current data showing stable aggregate labor share but rising marginal signals.

The CFO’s new operating system. Anthropic, OpenAI, and the consulting margin that just got compressed.

AI labs Anthropic and OpenAI are moving from model sales to deploying vertical-specific AI operating systems integrated into enterprise workflows, disrupting consulting margins.

The Gulf: Own the Capital

Gulf states are investing heavily in AI infrastructure, using sovereign wealth funds to own the next economy, transforming traditional resource wealth into technological capital.

After the Paycheck: The Book I Wrote Because Nobody Else Would Tell the Truth About AI and Your Income

Author Thorsten Meyer releases ‘After the Paycheck,’ analyzing AI’s impact on jobs, ownership, and society, emphasizing realistic responses to technological change.