EU lawmakers are inching in to greenlighting a massive data shakeup worth €11bn a year in savings, reducing paperwork. For better or worse, European banks stand to win a measure of reprieve from American competition. Meanwhile, US-based Big Tech companies are sweating new rules that force them to play by Brussels’ playbook.
The European Parliament’s economic affairs committee voted overwhelmingly on 24 September 2025 to endorse the Better Data Sharing Regulation (BDSR), a sweeping reform designed to streamline financial reporting while curbing the dominance of foreign tech giants in Europe’s data economy. While the regulation affects a number of Europe’s economy sectors, the banking impact is by far the most explosive.
The 52-3 vote signals broad political consensus, paving the way for final approval at October’s plenary session. The BDSR aims to eliminate redundant reporting obligations for banks and financial firms, saving an estimated €11bn annually in compliance costs, while funneling data-sharing transactions through EU-certified intermediaries.
Report once
At the regulation’s core is a ‘report-once‘ principle, requiring EU authorities to share data internally rather than duplicating requests to firms. For example, if the European Banking Authority (EBA) holds loan portfolio data from a bank, the European Securities and Markets Authority (ESMA) must retrieve it from the EBA—not demand it directly from the institution.
This rule applies even to processed datasets, sparing firms from redundant cleaning and standardisation efforts. The rules bind all EU-level watchdogs, including the EBA, ESMA, the European Central Bank (ECB), and the new Anti-Money Laundering Authority (AMLA).
You might be interested
A key concession in the BDSR has drawn criticism: national financial regulators, such as Germany’s BaFin or France’s ACPR, remain outside its scope. While EU authorities must share data proactively, national bodies can only participate voluntarily. Critics argue this perpetuates fragmentation, as firms still face dual reporting requirements—streamlined for EU agencies but unchanged for national ones. A 2025 Commission impact assessment estimated that full inclusion of national authorities could have doubled administrative savings.
National authorities excluded
Proponents defend the carve-out as necessary to secure member-state buy-in, given longstanding resistance to centralised data governance. The regulation tasks the European supervisory authorities with developing a cross-sectoral roadmap for integrated reporting, including harmonising definitions (standardising thresholds for “high-risk” transactions, for one) and pruning obsolete requirements like physical document submissions. Additionally, the BDSR promotes data reuse for research and innovation, granting academics and fintechs access to anonymised datasets. The Commission projects this could unlock €4.2bn in annual research investments by 2030.
Excluding foreign tech giants is critical to nurturing a resilient European digital finance ecosystem. — German government’s position paper on BDSR
The BDSR aligns with the EU’s broader push for “digital sovereignty,” prioritising control over critical data infrastructure. By mandating that data intermediaries meet strict EU certification standards, the regulation complicates operations for non-European tech firms. US giants like Google and Meta will now have to route financial data through EU-approved third parties, incurring higher compliance costs. The rules also enforce interoperability protocols that diverge from global norms, favoring European-designed systems.
These measures complement the Financial Data Access Regulation (FiDA), which restricts open banking data to EU-regulated entities. Together, they form a regulatory pincer against Big Tech’s financial ambitions. German policymakers have spearheaded efforts to exclude foreign firms, arguing the rules “protect consumers from exploitative data harvesting.” U.S. industry groups, however, decry them as protectionist.
Transatlantic friction
The BDSR’s success hinges on coordination among EU authorities, many of which operate incompatible IT systems. The ECB’s Athena platform, for instance, uses different metadata standards than ESMA’s Data Warehouse, complicating data sharing. The newly created European Data Innovation Board (EDIB) will oversee technical harmoniseon and mediate disputes, but critics question its capacity to enforce compliance.
Transatlantic tensions further cloud the outlook. US President Donald Trump has threatened retaliatory tariffs over “discriminatory” EU tech rules, though Brussels insists the regulations apply equally to all firms. Behind closed doors, EU diplomats acknowledge the geopolitical stakes. A leaked German position paper argues that excluding foreign tech giants is critical to “nurturing a resilient European digital finance ecosystem”. This stance finds support in EU banks being wary of Big Tech’s encroachment into payments and lending.
Enforcement remains another hurdle. The EDIB, tasked with certifying data intermediaries and resolving disputes, faces pressure to act swiftly. Harmonising standards across 27 member states—each with varying digital infrastructure and regulatory cultures—could slow progress. Smaller nations like Estonia and Malta, reliant on third-party tech providers, fear being sidelined by France and Germany’s preference for homegrown solutions.
Legislative timeline
European fintechs like Revolut and N26 applaud the streamlined reporting, which could cut onboarding costs for new customers by 30 per cent. Larger banks highlight the potential to reallocate compliance staff to customer-facing roles. Conversely, US tech giants are exploring legal challenges. Meta recently warned investors that the BDSR and FiDA could “materially impair” its ability to monetise EU financial data.
Penalties for non-compliance are steep: fines of up to four per cent of global revenue for repeated breaches. Certification costs for intermediaries risk pricing out startups, contradicting the EU’s goal of fostering competition. The Commission has signaled openness to expanding the regulation’s scope post-2027, contingent on early successes.
The BDSR is all but guaranteed to pass October’s plenary vote uncontested, with implementation beginning in late 2026. The EDIB faces pressure to finalise technical standards swiftly, but delays are likely given the complexity of reconciling disparate systems. Long-term success hinges on balancing innovation with control—a tightrope Brussels must walk carefully.
Global impact
For Brussels, the regulation represents a strategic bid to assert Europe’s independence in the digital economy. By centralising data governance and sidelining non-EU tech firms, policymakers aim to foster homegrown alternatives. However, critics warn that overly rigid rules could stifle competition, leaving EU banks reliant on legacy systems while global rivals advance AI-driven solutions.
The BDSR is already influencing debates beyond Europe. Lawmakers in Brazil and India have cited it as a model for balancing data sovereignty with financial innovation. Conversely, US officials argue that fragmented global standards will raise costs for multinational firms.
The BDSR is expected to clear October’s plenary vote comfortably, entering force 20 days after publication in the EU Official Journal. Member states will then have 12 months to transpose it into national law. The EDIB faces a tight deadline to finalise technical standards for data intermediaries by mid-2026. The Commission has pledged to review the BDSR’s impact by 2028, with adjustments possible if compliance costs exceed projections or interoperability issues persist.
