a man typing on the computer

The Open Finance API & the requirement for eIDAS Certificates and Qualified Signature Creation Devices

In our earlier article – The Open Finance Ecosystem & the Standards for Secure Identification & Sharing of Data – we provided an update from The Berlin Group1 announcing that they will be commencing work on a full OpenFinance API Framework. This will leverage the NextGenPSD2 API Framework technology and infrastructure investments, adding standardised extensions beyond the regulatory PSD2 scope.  

The Open Finance API Framework

Open Finance is not driven by regulators but by technologies such as open APIs. An Open API is a publicly available application programming interface with programmatic access to a proprietary software application or web service – a set of requirements that control how one application communicates and interacts with another. 

The OpenFinance API  differs from the Open Banking core XS2A interface in several dimensions:

  • The extended services might not rely anymore solely on PSD2.  
  • Other important regulatory frameworks which apply are e.g. GDPR.
  • The extended services might require contracts between the access client and the ASPSP.
  • The Open Finance API can address different types of API Clients as access clients, e.g. TPPs regulated by an NCA according to PSD2, or corporates not regulated by an NCA.
  • While the client identification at the Open Finance API can still be based on eIDAS certificates, they do not need to be necessarily PSD2 compliant eIDAS certificates.
  • The extended services might require e.g. the direct involvement of the access client's bank for KYC processes.

 And access models are followed by this framework:

Chart open finance API framework

Source: The Berlin Group  - Berlin Group openFinance API Framework Workplan 2021


  • PSU - Payment Service Use
  • PISP - Payment Initiation Service Provider
  • AISP - Account Information Service Provider
  • PIISP - Payment Instrument Issuing Service Provider

Open Banking vs Open Finance API and the requirement for Qualified Certificates and Signature Creation Devices

Open Banking vs Open Finance API

Note: Qualified certificate profiles need to conform to ETSI EN 319 411-2



As development towards Open Finance standards is now taking place across the finance sector, sandbox environments are now underway. This means that first stage testing with synthetic data  is likely to run to the first quarter of 2022 after which live customer data will be used in a beta testing phase until mid-year 2022.  This represents an important step in bringing Open Finance standards for the sharing of savings, investment and pensions data in line with Open Banking, especially when it comes to security and transparency of data and user experience.

To provide the best security and protection of eIDAS certificates and private keys, Utimaco provides Qualified Signature/ Seal Creation Device HSMs for the purpose of protecting a certificate issuing infrastructure within an Open Finance environment.

1 The Berlin Group is a pan-European payments interoperability standards and harmonization initiative, consisting of almost 40 banks and financial service institutions from across the EU, with the primary object of defining open and common scheme- and processor-independant standards in the interbanking domain between Creditor Bank (Acquirer) and Debtor Bank (Issuer), complementing the work carried out by e.g. the European Payments Council. As such, the Berlin Group has been established as a pure technical standardization body, focusing on detailed technical and organizational requirements to achieve this primary objective.

 Blog post by Dawn Illing. 



Verwandte Produkte

Verwandte Produkte

To find more press releases related with below topics, click on one of the keywords:

Wie können wir Ihnen helfen?

Sprechen Sie mit einem unserer Spezialisten und erfahren Sie, wie Utimaco Sie unterstützen kann.
Sie haben zwei verschiedene Arten von Downloads ausgewählt, so dass Sie verschiedene Formulare absenden müssen, die Sie über die beiden Tabs auswählen können.

Ihre Download-Sammlung:

    Direkt nach dem Absenden des Formulars erhalten Sie die Links zu den von Ihnen ausgewählten Downloads.

    Ihre Download-Sammlung:

      Für diese Art von Dokumenten muss Ihre E-Mail Adresse verifiziert werden. Sie erhalten die Links für die von Ihnen ausgewählten Downloads per E-Mail, nachdem Sie das unten stehende Formular abgeschickt haben.

      Downloads von Utimaco

      Besuchen Sie unseren Download-Bereich und wählen Sie aus: Broschüren, Datenblätter, White-Papers und vieles mehr. 

      Fast alle können Sie direkt ansehen und speichern (indem Sie auf den Download-Button klicken).

      Für einige Dokumente muss zunächst Ihre E-Mail-Adresse verifiziert werden. Der Button enthält dann ein E-Mail-Symbol.

      Download via e-mail


      Der Klick auf einen solchen Button öffnet ein Online-Formular, das Sie bitte ausfüllen und abschicken. Sie können mehrere Downloads dieser Art sammeln und die Links per E-Mail erhalten, indem Sie nur ein Formular für alle gewählten Downloads ausfüllen. Ihre aktuelle Sammlung ist leer.