Products
© Fiskil 2026. All rights reserved.
Regulatory Comparison
Updated 30 January 2026
Australia's Consumer Data Right (CDR) and the UK's Open Banking framework are two of the world's most advanced open banking implementations. While both enable consumers to share their financial data with third parties, they differ significantly in scope, governance, technical implementation, and regulatory approach. This comparison examines both frameworks across key dimensions.
Australia's economy-wide data portability framework, launched for banking in 2020 and energy in 2022.
Official SourceThe UK's banking-specific open data framework, launched in 2018 by the Competition and Markets Authority.
Official SourceScope: CDR is economy-wide (banking, energy, future sectors) while UK OB is banking-only
Accreditation: CDR requires rigorous ACCC accreditation; UK OB has lighter enrollment
Governance: CDR is government-led; UK OB is industry-led through OBIE
Security: CDR mandates newer FAPI 2.0; UK OB uses FAPI 1.0 Advanced
Payment Initiation: UK OB includes PISPs; CDR is read-only (write access planned)
Consent Duration: CDR allows 12-month consent; UK OB uses 90-day rolling consent
Launch Timeline: UK OB launched 2018; CDR banking 2020, energy 2022
Criterion | CDR | UK OB |
|---|---|---|
Launch Date | July 2020 (Banking), November 2022 (Energy) | January 2018 |
→ UK Open Banking launched earlier but CDR has broader sector scope. | ||
Sectoral Scope | Economy-wide framework: Banking, Energy, Telecommunications (planned) | Banking sector only |
→ CDR is designed as an economy-wide right, while UK OB is banking-specific. | ||
Mandatory Participation | Major banks and energy retailers designated by regulation | Nine largest UK banks (CMA9) mandated |
→ Both require large institutions to participate; smaller institutions can opt in. | ||
Accreditation Requirements | Three tiers: Unrestricted, Restricted, Trusted Adviser. ACCC accreditation required. | OBIE enrollment. Lighter-touch compared to CDR. |
→ CDR accreditation is more rigorous with higher compliance requirements. | ||
Technical Standards | Consumer Data Standards (CDS) mandated. FAPI 2.0 security profile required. | Open Banking UK Standards. FAPI 1.0 Advanced profile. |
→ CDR uses newer FAPI 2.0 providing enhanced security. Both use OAuth 2.0. | ||
Data Included | Account data, transactions, direct debits, payees, product info (banking). Usage data, billing, metering (energy). | Account data, transactions, direct debits, standing orders, product info. |
→ Similar banking data coverage. CDR extends to energy data. | ||
Consent Duration | Maximum 12 months, renewable | Maximum 90 days ongoing consent (renewable indefinitely) |
→ CDR allows longer initial consent periods. | ||
Write Access | Payment initiation not yet implemented (planned) | Payment Initiation Service Providers (PISPs) supported |
→ UK OB includes payment initiation; CDR currently read-only. | ||
Governance | Government-led: ACCC, OAIC, Data Standards Body, Treasury | Industry-led: Open Banking Implementation Entity (OBIE) |
→ CDR is government-controlled while UK OB has industry governance. | ||
Authentication | OAuth 2.0 with PKCE, FAPI 2.0, mTLS required | OAuth 2.0, FAPI 1.0 Advanced, mTLS required |
→ Both use strong authentication; CDR implements newer FAPI version. | ||
Data Holder Obligations | Must provide APIs, manage consents, provide dashboards, report to ACCC | Must provide APIs to CMA9 standards, manage consents |
→ CDR has more extensive reporting and governance requirements. | ||
Consumer Protections | Privacy Act 1988, CDR Rules, strict liability for data breaches | GDPR, Data Protection Act 2018, liability through regulation |
→ Both have strong consumer protections; CDR includes specific breach liability. | ||
Both use OAuth 2.0 with FAPI security profiles for authentication
Both require mutual TLS (mTLS) for API security
Both mandate participation for large institutions
Both provide consumer consent dashboards and revocation rights
Both include account data, transactions, direct debits, and product information
Both have strong consumer protection and privacy frameworks
Both enable third-party innovation through standardized APIs
Australia's CDR and UK Open Banking represent two successful but distinct approaches to open banking. UK Open Banking launched earlier and includes payment initiation, making it more mature for transactional use cases. CDR takes a broader economy-wide approach with more rigorous accreditation and newer security standards (FAPI 2.0), positioning it for long-term expansion beyond banking. Organisations operating in both jurisdictions must understand these differences to ensure compliance and optimise their implementations.
Regulatory Comparison
Australia's Consumer Data Right (CDR) and Europe's Payment Services Directive 2 (PSD2) represent two different regulatory approaches to open banking. PSD2, implemented across the European Union, focuses on payment services and competition in financial services. CDR, Australia's economy-wide framework, takes a broader data portability approach. This comparison examines both frameworks across regulatory, technical, and implementation dimensions.
Regulatory Comparison
Australia's Consumer Data Right (CDR) and the United States' Section 1033 (CFPB final rule) represent two distinct approaches to consumer financial data access. While both enable consumers to share their data with third parties, they differ significantly in regulatory philosophy, technical prescriptiveness, and implementation approach. This comparison examines both frameworks to help organisations understand compliance requirements in each jurisdiction.
Technical Comparison
For years, screen scraping (using consumer credentials to log into bank websites) was the primary method for third parties to access financial data. Open banking APIs represent a fundamental shift, providing authorized, secure access without credential sharing. This comparison examines both approaches across technical, security, and business dimensions to understand why regulatory frameworks worldwide are phasing out screen scraping.
Our team can help you navigate regulatory compliance and determine what you need to meet your open banking obligations.
Products
© Fiskil 2026. All rights reserved.