From Chatbots to Payment Automation, digitalisation impacts all aspects of the modern day financial industry
On one hand digitalisation can improve consumer choice, transparency and efficiency, as well as innovation of the finance sector.
On the other hand, digitalisation can also lead to poorer service, more risk of criminality and increased worker surveillance and exploitation.
NFU believes, that through timely and adequate training and upskilling, finance employees can continue to play an important role in using the increasingly sophisticated digital tools of the sector to improve productivity and efficiency, provide new and appropriate products to customers and act as part of the shield guarding against cyber-crime.
Current legislation deal with the many different aspects of digitalisation of the sector. From regulating the crypto assets markets to the AI Act, NFU provides expert input through consultations, position papers and lobby efforts.
Policy priorities and legislative files
The EU AI Act aims to establish a comprehensive regulatory framework for AI systems within the EU. Its primary purpose is to safeguard fundamental human rights, ensure public safety, and foster innovation in AI technology. The Act adopts a risk-based approach, categorising AI systems into different risk levels and imposing corresponding obligations on developers, providers, and users. The Act assigns applications to three risk categories.
First, applications that create an unacceptable risk are banned. Second, high-risk applications, such as a CV-scanning tool, are subject to specific legal requirements. Lastly, applications not explicitly banned or listed as high-risk are left mainly unregulated. The legislation has significant extraterritorial reach, affecting organisations worldwide that deploy AI for use in the EU.
An AI Act Compliance Checker has been developed to help SMEs and startups understand whether they have any legal obligations under the Act. Ultimately, the Act seeks to set a global standard for responsible AI development and deployment.
The EU's proposed Payment Services Directive III (PSD3), introduced in June 2023, aims to modernise the payment services landscape by enhancing consumer protection and competition. It seeks to address the evolving digital market by allowing non-bank payment service providers access to EU payment systems and improving the functionality of open banking. Key features include measures to combat payment fraud, enhance consumer rights, and ensure transaction transparency. The proposal also reinforces the enforcement capabilities of national authorities and is expected to take effect in 2026, following legislative negotiations and adaptations by EU member states.
The PSD3 proposal is closely linked to the Open Finance initiative, which aims to broaden access to financial data beyond traditional banking. While PSD3 enhances open banking by improving data sharing and security for payment services, the Open Finance framework (FIDA) extends these principles to various financial products, promoting innovation and consumer control over their financial data.
The EU Markets in Crypto-Assets (MiCA) Regulation aims to establish a comprehensive regulatory framework for crypto-assets and related services across the European Union, which are not currently regulated by existing financial services legislation. Its primary purposes are to:
MiCA introduces licensing requirements, disclosure obligations, and operational standards for crypto businesses operating in the EU. It covers various types of crypto-assets not previously regulated by EU financial laws, including stablecoins. By creating a standardised approach, MiCA seeks to foster the development of the crypto industry while safeguarding consumers and the broader financial system. The regulation entered into force in June 2023 and will enter into application within a 12-to-18-month deadline.
The EU Digital Operational Resilience Act (DORA) aims to enhance the digital resilience of financial entities across the European Union by establishing a comprehensive regulatory framework for managing information and communication technology (ICT) risks. Effective from January 17, 2025, DORA requires financial institutions, such as banks and insurance companies, to implement stringent ICT risk management, incident reporting, and resilience testing protocols. It also mandates oversight of third-party ICT service providers to ensure they meet resilience standards.
The framework also includes an oversight mechanism on service providers, such as Big Techs, which provide cloud computing services to financial institutions. By harmonising these requirements, DORA seeks to protect the financial sector from severe operational disruptions and cyber threats, thereby safeguarding the stability of the EU's financial system.
Find some of our publications on the topic of digitalisation below
Meet the NFU Secretariat and learn about their areas of expertise