The mandate. Why the US conversational- finance surface does not translate to Europe.

📊 Full opportunity report: The mandate. Why the US conversational- finance surface does not translate to Europe. on ThorstenMeyerAI.com — validation score, market gap, and execution plan.

TL;DR

The US launched a permissionless, API-based personal finance surface in May 2026, while Europe’s regulatory framework requires licensing, consent, and compliance, fundamentally changing the architecture. This impacts market access and who can build these services.

OpenAI launched its personal-finance surface in the US on May 15, 2026, using a permissionless, API-driven model that requires no licenses or regulatory approval. In contrast, Europe’s regulatory environment mandates licensing, consent, and compliance, preventing a direct US-style rollout.

In the US, the launch was permissionless: connecting accounts via Plaid, a private aggregator, was enough to offer the service. No regulatory approval was required, and the product was shipped as a simple API integration.

In Europe, however, the same approach is impossible due to a complex regulatory framework. The EU’s open-banking regime, established by PSD2 in 2018, requires licensed third-party providers to access bank data through regulated APIs. The newer FIDA regulation extends this to investments, pensions, and loans, creating a new licensed category, the Financial Information Service Provider, with operational dates expected around 2029-2030.

Additionally, the EU AI Act classifies AI systems used for credit scoring as high-risk, with obligations that come into effect in August 2026, supervised by financial regulators like Germany’s BaFin. This layered regulatory environment means that a US-style permissionless surface cannot simply be ported to Europe; it must be re-architected around licensing, consent, and compliance regimes.

The Mandate — Thorsten Meyer AI
MANDATE
● DISPATCH / MAY 2026
THORSTEN MEYER AI · AGENTIC COMMERCE · § 03
AGENTIC COMMERCE · 03
EUROPE / MANDATE
Essay · Regulatory-Architecture Reading · 2026-05-26

The mandate.
Why the US conversational-
finance surface does not
translate to Europe.

In the US, account access is a product you buy and consent is a button you tap. In Europe, both are mandates you are licensed and supervised to fulfill.
The US surface shipped permissionlessly — connect via Plaid, 12,000+ institutions, read-only, no license. That rollout does not translate. In Europe every layer is a mandate. The foundation: PSD2 → PSD3/PSR (provisional agreement Nov 27 2025) makes account access a licensed, API-quality-supervised activity under a directly-applicable rulebook. The expansion: FIDA extends mandated access to investments, pensions, insurance, mortgages under a new FISP license — operational ~2029-2030, with a contested data-access fee at its core. The overlay: the EU AI Act classifies credit-scoring AI as high-risk (full obligations Aug 2 2026), supervised not by a tech regulator but by financial supervisors like BaFin. The structural argument: the US surface is built on a permissionless private substrate, and Europe has no permissionless substrate — it has a mandate at every layer. In the US compliance is an afterthought. In Europe, compliance is the architecture, and the conversational experience is the thin layer on top.
3
Overlapping mandates — payments,
data, AI — vs zero in the US build
7%
Of global turnover · the EU AI Act
maximum penalty
2029-30
When FIDA — the full-picture data
mandate — is likely operational
0
Permissionless routes to a European’s
bank data · it is a licensed activity
THE MANDATE· US SHIPPED PERMISSIONLESSLY · PLAID· EUROPE HAS A MANDATE AT EVERY LAYER· PSD2 MADE ACCESS A LICENSED ACTIVITY· PSD3/PSR · PROVISIONAL AGREEMENT NOV 27 2025· PSR DIRECTLY APPLICABLE ACROSS 27 STATES· MANDATORY API QUALITY · NO SCREEN-SCRAPING· FIDA · NEW FISP LICENSE· OPEN FINANCE · INVESTMENTS PENSIONS INSURANCE· DATA-ACCESS FEE THE CONTESTED CORE· EU AI ACT · CREDIT SCORING HIGH-RISK· FULL OBLIGATIONS AUG 2 2026· SUPERVISED BY BAFIN, NOT A TECH REGULATOR· CONSENT IS A DASHBOARD, NOT A BUTTON· COMPLIANCE IS THE ARCHITECTURE· THE MANDATE FAVORS THE LICENSED INCUMBENT· IN EUROPE YOU LICENSE A FINANCE SURFACE· THE MANDATE· US SHIPPED PERMISSIONLESSLY · PLAID· EUROPE HAS A MANDATE AT EVERY LAYER· PSD2 MADE ACCESS A LICENSED ACTIVITY· PSD3/PSR · PROVISIONAL AGREEMENT NOV 27 2025· PSR DIRECTLY APPLICABLE ACROSS 27 STATES· MANDATORY API QUALITY · NO SCREEN-SCRAPING· FIDA · NEW FISP LICENSE· OPEN FINANCE · INVESTMENTS PENSIONS INSURANCE· DATA-ACCESS FEE THE CONTESTED CORE· EU AI ACT · CREDIT SCORING HIGH-RISK· FULL OBLIGATIONS AUG 2 2026· SUPERVISED BY BAFIN, NOT A TECH REGULATOR· CONSENT IS A DASHBOARD, NOT A BUTTON· COMPLIANCE IS THE ARCHITECTURE· THE MANDATE FAVORS THE LICENSED INCUMBENT· IN EUROPE YOU LICENSE A FINANCE SURFACE·
FIG. 01 — THE SUBSTRATE · PRIVATE PRODUCT VS PUBLIC MANDATE
The US built account access privately and permissionlessly · Europe built it as public mandate
One architectural difference at the foundation propagates through the entire stack
United States
A product you buy
  • Access built by private aggregators — Plaid, Yodlee, MX, Finicity
  • No banking license required to read bank data
  • Read-only design sidesteps money-transmission rules
  • No single federal open-banking statute · the surface ships as a product
European Union
A mandate you fulfill
  • Access is a licensed activity — AISP / PISP under PSD2
  • Regulator authorization required; no permissionless route
  • Explicit, revocable, SCA-governed consent regime
  • A directly-applicable rulebook (PSR) · the surface must be licensed
The US surface shipped because the account-access layer it needed was already built, privately and permissionlessly, by Plaid — and because a read-only design kept it clear of the activities that trigger heavy regulation. That is the precise feature Europe does not share. Reading a European’s bank data without the right license is not a product — it is an unauthorized activity. The very first layer of the US build, the permissionless connect, is in Europe a regulatory authorization.
FIG. 02 — THE THREE-MANDATE STACK · WHAT THE SURFACE MUST SATISFY IN EUROPE
Payments, data, and AI — three overlapping regimes, all enforced by financial regulators
The US surface faced none of these at launch; the European surface faces all three at once
PSD3 / PSRPayments mandate
Account access is a licensed activity (AISP/PISP). PSR directly applicable across 27 states. Mandatory API quality, screen-scraping eliminated, IBAN-name checks, expanded fraud liability.
FIDAData mandate
Extends mandated access to investments, pensions, insurance, mortgages, loans under a new FISP license. Standardized APIs + consent dashboards. A contested data-access fee may make aggregation cost money.
EU AI ActAI mandate
Credit scoring + creditworthiness = high-risk (Annex III). Conformity assessment, documentation, human oversight. Supervised by financial regulators (BaFin, CSSF). Fines up to 7% of global turnover.
A finance surface in Europe must be licensed for payment-data access (or partner with someone who is), prepare for a FISP license to aggregate the full financial picture, and classify itself under the AI Act — where the most commercially attractive features (“what loan can I get?”) sit closest to the high-risk line. The AI that is “just a chatbot” in the US is, in Europe, a regulated system whose classification depends on exactly how useful it tries to be.
FIG. 03 — THE STAGGERED TIMELINE · A MOVING REGULATORY TARGET
The mandate is not one event but a sequence — and the staggering is a filter
The firms that win architect for the end-state mandate, not the current one
Aug 2025
EU AI Act · GPAI obligations live · the frontier models that power a finance surface already carry systemic-risk obligations
Live
Nov 27 2025
PSD3/PSR provisional agreement · Parliament and Council reach political agreement; final texts expected in the Official Journal in 2026
Agreed
Aug 2 2026
EU AI Act · high-risk obligations land · credit-scoring / creditworthiness Annex III duties apply (subject to Digital Omnibus)
Operative
2027
PSD3/PSR core obligations · directly-applicable conduct rules land across the year after the transition
Landing
~2029-2030
FIDA operational · the full-picture data mandate and FISP license arrive, in staggered sector-by-sector “waves”
Forming
Building for PSD3 today while FIDA and the AI Act high-risk regime are still settling means building for a target that is still moving — which favors firms with the regulatory-intelligence capacity to track it and the patience to build for 2030 rather than ship for 2026. The staggered timeline is itself a filter: it selects for regulatory endurance over launch speed.
FIG. 04 — THE CONSENT ARCHITECTURE · WHAT REPLACES THE “CONNECT” BUTTON
The single most optimized moment of the US product is the single most regulated moment of the European one
The European surface cannot inherit the US onboarding · it must build a different, regulated core
The US default — collect broadly, use later — is the European violation. The consent dashboard, the granular permission model, the revocation flows, the purpose-binding, the audit trail are not features bolted onto the conversational experience; they are the regulated core that the experience sits on top of. The European surface is, by regulation, higher-friction at exactly the moment the US surface optimized for frictionlessness.
FIG. 05 — WHO BUILDS THE EUROPEAN SURFACE · THE REDISTRIBUTION OF ADVANTAGE
The mandate does not just slow the US surface — it changes who wins
Advantage moves from permissionless speed to licensed position
Disadvantaged
The US winners
A frontier lab + permissionless aggregator. Their core competency — permissionless speed and reach — is exactly what the mandate removes. No AISP/FISP license, no BaFin relationship. Arrive needing a license stack they don’t have.
Advantaged
Licensed EU fintechs
Already authorized AISPs/PISPs, PSD3-compliant API fleets, consent-native. “The lab + a licensed European partner” — and the partner holds more leverage than Plaid, because the license is scarcer than an API.
Advantaged
Incumbent banks
Already hold the data, licenses, consent relationships, supervisory standing. The incumbent disintermediated in the US thesis is, in Europe, structurally protected — the mandate that gates the challenger does not gate the bank.
In the US, the advantage went to whoever integrated the permissionless layer fastest and built the best surface on top. In Europe, it goes to whoever holds the licenses, the supervisory relationships, and the consent architecture. The mandate redistributes the advantage from the permissionless aggregator-and-lab toward the licensed incumbent-and-specialist — and Europe’s regulation is, among other things, an incumbent-protection architecture, whether or not that is its intent.
The architecture diverges at the foundation: the American surface treats account access as a product you buy and consent as a button you tap, while Europe treats both as mandates you are licensed and supervised to fulfill. In the US, you ship a finance surface. In Europe, you license one.
Thorsten Meyer · The Mandate · Agentic Commerce 03

Implications of Regulatory Architecture on Market Entry

This difference in architecture means European firms must navigate a licensing and consent-based environment, raising barriers to entry and favoring incumbents with existing licenses. It shifts the competitive landscape, making the European market more concentrated and potentially affecting consumer choice and innovation.

For US firms, this creates a different strategic environment—where building a compliant, licensed product is necessary—potentially limiting the agility seen in the US permissionless model. The regulatory approach also influences the type of companies that can succeed in Europe, favoring those with existing licenses and regulatory relationships.

Amazon

API-based personal finance management tools

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Regulatory Foundations Shaping European Financial Data Access

The US’s permissionless model relies on private companies like Plaid, which built a permissionless API layer for account access, enabling rapid product deployment. Europe’s model is rooted in regulation: PSD2, enacted in 2018, made account access a licensed activity, requiring third-party providers to operate under strict rules.

The EU’s open-finance initiative, FIDA, expands this concept beyond payments to other financial data, but its implementation is still in progress, with operational dates around 2029-2030. Meanwhile, the AI Act, effective August 2026, introduces high-risk classifications for AI systems used in credit assessments, adding another layer of compliance for European products.

These layered regulations create a fundamentally different environment from the US permissionless approach, where compliance is integrated into the product rather than embedded in licensing and consent architecture.

“The US permissionless surface is built on a substrate that Europe cannot simply replicate; it requires a complete re-architecture around licensing, consent, and compliance.”

— Thorsten Meyer

Amazon

PSD2 compliant banking APIs

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Unclear Impact on Consumer Outcomes and Innovation

It remains uncertain whether Europe’s more regulated, license-based approach will lead to better consumer protection, or whether it will slow innovation and concentrate market power among incumbents. The long-term effects of this architectural difference are still being observed.

Amazon

European open banking API solutions

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Future Developments in European Financial Regulation and Market Entry

Regulatory bodies are expected to finalize the FIDA regulation around 2029-2030, which will shape the open-finance landscape. European firms and international companies are preparing to adapt their strategies to this mandate-based architecture. The implementation of the AI Act will further influence product design and compliance requirements. Observers will watch how these regulations impact innovation, competition, and consumer choice in Europe.

POS Software – All in One Retail Point of Sale Software - Credit Card Processing – Store Management Features, 90 Days Money Back, Free Updates/e-mail Support/video Tutorials

POS Software – All in One Retail Point of Sale Software – Credit Card Processing – Store Management Features, 90 Days Money Back, Free Updates/e-mail Support/video Tutorials

Affordable POS Software

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Key Questions

Why can’t US permissionless finance models be directly applied in Europe?

Because Europe’s regulatory framework mandates licensing, consent, and compliance at every layer, unlike the US permissionless model that relies on private APIs and minimal regulation.

How does the EU’s open-finance regulation differ from US approaches?

EU regulation extends open banking to investments, pensions, and loans via licensing regimes, creating a structured, consent-based environment that requires firms to be licensed and compliant.

What are the implications for US firms wanting to operate in Europe?

US firms must adapt to a licensing and consent architecture, which may raise entry barriers and favor incumbents with existing licenses, contrasting with the US’s permissionless approach.

Will Europe’s approach lead to better consumer protection?

This remains uncertain. The regulatory environment prioritizes safety and compliance, but whether it results in improved consumer outcomes compared to the US model is still under assessment.

When will the European open-finance and AI regulations be fully in effect?

The FIDA regulation is expected to be operational around 2029-2030, and the AI Act obligations come into force on August 2, 2026, with supervision by financial regulators like BaFin.

Source: ThorstenMeyerAI.com

Nothing in this article is financial or investment advice. Cryptocurrency and precious-metal investments carry significant risk — do your own research and consider a licensed advisor.
You May Also Like

The Bottleneck Moved: Inside Anthropic’s Expansion of Project Glasswing

Anthropic is expanding Project Glasswing from 50 to 200 partners, shifting focus from vulnerability detection to fixing and deploying patches in critical software systems.

Best Quiet CPU Coolers for Sustained AI/Compute Loads

Discover the best quiet CPU coolers for long AI and compute tasks, including air and liquid options, tailored for high-performance, always-on workstations.

ChannelHelm: One Video, Every Platform

ChannelHelm automates multi-platform content generation from a single video, reducing manual effort and enabling broader reach for creators and businesses.

CTOs Are Escaping

Senior CTOs and technical leaders are leaving traditional SaaS firms to join Anthropic in technical roles focused on AI model development and experimentation.