For advice on open banking compliance, scheme governance obligations, or the regulatory implications of building on the UK's Smart Data framework, contact Rob Bratby at Bratby Law. Retail Banking Market Investigation Order 2017 Payment Services Regulations 2017 (SI 2017/752) Open Banking Limited JROC recommendations for the next phase of open banking (April 2023) JROC proposals for the design of the future entity (April 2024) Data (Use and Access) Act 2025

UK Open Banking Infrastructure: The Shared Rails Bratby Law

In short: The UK’s open banking advantage is an infrastructure advantage, not an interface one. A shared directory, a common dispute management system and a governed API standard, built out under the Retail Banking Market Investigation Order 2017, make the rails usable at scale. That infrastructure is the platform on which successor Smart Data regimes, enabled by Part 1 of the Data (Use and Access) Act 2025, will be built.

By Rob Bratby, Managing Partner, Bratby Law. Chambers UK Band 2 (Telecommunications). Legal 500 Leading UK Telecoms Partner. 30+ years in telecoms regulation, including Oftel and senior operator roles.

The open banking story told in the press is a story about licences and volumes. How many third party providers are authorised. How many active users. How many payments initiated. The more interesting story sits a layer down. The UK has built a piece of shared payments infrastructure that does something no single bank could do alone. It gives any authorised firm a trusted way to identify itself to any other, to be held to a published service level, and to have its disputes resolved through a common channel. The interface is the Payment Services Regulations 2017. The asset is the infrastructure.

The visible layer and the invisible layer

The UK’s open banking lead is an infrastructure lead, not an interface lead. Licences, user counts and payment volumes are output metrics. They are real, and they matter. The UK passed 16 million active open banking users in 2025 and has more than 600 regulated third party providers. But they measure what the infrastructure enables, not what the infrastructure is. The competitive asset built in the UK over the past eight years is not at the interface level, where other jurisdictions are catching up. It is at the infrastructure level, where the UK remains distinctive.

How the infrastructure came to exist

The UK open banking infrastructure was built under the Retail Banking Market Investigation Order 2017, made by the Competition and Markets Authority under the Enterprise Act 2002. The Order followed the CMA’s final report on retail banking, published in August 2016, which found weak competition in personal current accounts and small business banking, driven by low switching, limited price transparency and material informational advantages held by large incumbents. Article 10 of the Order required the nine largest UK retail banks, the CMA9, to adopt a common open API standard and to fund an Implementation Trustee to deliver it. The Open Banking Implementation Entity was established to carry out that role, and live services launched on 13 January 2018.

The UK route was unusual. Most comparable jurisdictions regulated what banks must make available, in the style of the Second Payment Services Directive, but left the infrastructure to the market. The UK mandated an infrastructure layer and funded it through the incumbents.

The directory

The directory is the authoritative source of identity for every regulated party in the UK open banking ecosystem. It records which firms are authorised by the Financial Conduct Authority as account information service providers (AISPs) or payment initiation service providers (PISPs), and it records the account servicing payment service providers (ASPSPs) in scope of the Order. When a third party calls a bank API, the directory is what tells the bank that the caller is permitted to make that call, on what basis, and in what capacity.

Without a central directory, every bank would operate its own identity and permissioning model. Each new third party would need to onboard separately with each bank. The directory abstracts that problem and solves it once, for the ecosystem as a whole. It is the single piece of infrastructure that turns a set of bilateral technical integrations into a market.

The dispute management system

The dispute management system gives authorised firms a shared operational channel to raise, record and track issues against each other through a common process with a known route to resolution. When a payment fails, a data call returns something unexpected, or a party believes another has breached the standards, the infrastructure provides a route to resolution.

This is not glamorous. It is load-bearing. Any real payments ecosystem generates exceptions at scale. Without a shared dispute system, exceptions escalate either to bilateral disputes or to the regulator. Both are expensive. A shared system is what lets the ecosystem operate commercially rather than as a rolling compliance problem.

Performance monitoring and standards

Open Banking Limited maintains and publishes the common API specification for UK open banking, with versioning and change control, and monitors participating banks against published service levels for availability, latency and successful call rates. Third party providers completed more than 2.08 billion API calls in October 2025 at a success rate of 99.39%. That headline number is only possible because there is a single standard to call against, a single body maintaining it, and a monitoring regime that holds the banks to it. Fragmented standards produce fragmented performance. A directory without governed standards is a list. A list is not a platform.

Why the infrastructure is the enduring asset

Licences are portable. Infrastructure is sticky. A third party provider licensing regime can be replicated in any jurisdiction where the policy will is there: authorise firms, publish scope rules, require banks to open APIs. That is what most comparable regimes have done. A shared directory, dispute management system and standards body are harder. They take years of regulatory pressure, commercial negotiation and funded delivery to build.

The UK’s lead is durable for that reason. It does not sit in the licensing framework. It sits in the shared operational layer built underneath it. When policymakers in other jurisdictions are asked how to replicate UK open banking, the honest answer is that the licences are the easy part.

The springboard

The Data (Use and Access) Act 2025 received Royal Assent on 19 June 2025. Part 1 creates the statutory power for the Secretary of State and HM Treasury to establish Smart Data schemes across further sectors, with access to customer and business data provided through specified third parties. Commencement of the relevant provisions began under SI 2025/904 on 20 August 2025.

The Joint Regulatory Oversight Committee, comprising HM Treasury, the Financial Conduct Authority, the Payment Systems Regulator and the Competition and Markets Authority, published its recommendations for the next phase of open banking in April 2023 and its proposals for the design of the future entity in April 2024. Successor regimes, when they arrive, will not rebuild the directory or the dispute system. They will extend them. That is why the infrastructure is worth describing in its own right, rather than as a footnote to whichever new service comes next. Firms advising on safeguarding, scheme governance and participant obligations should see the infrastructure layer as the substrate their commercial arrangements sit on. For a route into instruction on those arrangements, see our page on payments product, safeguarding and scheme governance.

Viewpoint

In our view, the UK’s open banking lead is a directory-and-trust lead. The policy argument that will matter most in the next phase is not scope or product design. It is who pays to maintain the infrastructure, and on what governance terms. Firms building on these rails should engage with that argument. Their operational resilience depends on the answer. A directory that is underfunded is a directory that fails. A dispute system that loses participant confidence stops being used. The commercial case for getting the funding model right is straightforward. Our wider commentary on UK payments regulation is on the Payments Regulation practice page.

Key sources

For advice on open banking compliance, scheme governance obligations, or the regulatory implications of building on the UK’s Smart Data framework, contact Rob Bratby at Bratby Law.

The Hidden Architecture of UK Open Banking: Why the Infrastructure Matters More Than the Interface

The visible layer and the invisible layer

How the infrastructure came to exist

The directory

The dispute management system

Performance monitoring and standards

Why the infrastructure is the enduring asset

The springboard

Viewpoint

Key sources

Mobile banking and payment: what consumers really want?

Rise of social media means that successful converged services must appeal to early adopters

Apple and Google go head to head for on-line subscription payments

Will integration of mobile payment with location based advertising kill Google?

Finally! Bidding starts in UK 4G auction

UK delays 800 MHz and 2.6 GHz spectrum auctions until late 2012

The visible layer and the invisible layer

How the infrastructure came to exist

The directory

The dispute management system

Performance monitoring and standards

Why the infrastructure is the enduring asset

The springboard

Viewpoint

Key sources

Similar Posts