A Key Piece in the European Competitiveness Puzzle
6
By Alexandra Maniati, Senior Director, Innovation & Cybersecurity, European Banking Federation (EBF)
More than a year ago, former ECB (European Central Bank) President Mario Draghi diagnosed Europe with a critical weakness: a widening productivity gap that undermines its global competitiveness. His call to action—underpinned by an increasingly volatile geopolitical environment—triggered a wave of initiatives in the European Union (EU) aimed at boosting productivity, investment and regulatory efficiency. Yet, as Draghi himself recently underlined, progress has been slower than expected, despite the EU’s increasing investment needs, now estimated at €1.2 trillion between 2025 and 2031 compared with €800 billion a year earlier. Its ability to mobilise capital to support European households and businesses, as well as its agility to stimulate innovation and reclaim competitiveness, will largely determine whether Europe can meet this challenge.
The overarching challenge is to ensure that well-intentioned regulation does not stifle innovation or unnecessarily complicate cyber-resilience efforts by placing disproportionate burdens on a sector that drives Europe’s growth.
Among the many areas in which the EU’s competitiveness agenda must accelerate, simplifying digital-finance regulation stands out as both urgent and strategic. A resilient, innovative and competitive banking sector is a precondition for Europe’s economic strength, and digital finance sits at the heart of the sector’s transformation. The overarching challenge is to ensure that well-intentioned regulation does not stifle innovation or unnecessarily complicate cyber-resilience efforts by placing disproportionate burdens on the sector that plays a major role in driving Europe’s growth.
A complex and rapidly expanding regulatory landscape
In recent years, the European Union has made significant strides in shaping the framework governing the digital-finance ecosystem. From open finance and the digital euro to cybersecurity, artificial intelligence (AI) and fraud prevention, legislative activity has been intense. During the legislative cycle that ended in 2024, the European Banking Federation (EBF) engaged with more than 15 key legislative files, both at level 1 and at the level of regulatory technical standards and guidelines (level 2). These ranged from the EU Data Act and the Digital Markets Act (DMA) to DORA (Digital Operational Resilience Act), the AI Act (Artificial Intelligence Act), the proposed regulation on a digital euro, the PSD2 review (PSD3/PSR—Revised Payment Services Directive 3/Payment Services Regulation), the Financial Data Access (FiDA) proposal, eIDAS (electronic IDentification, Authentication and trust Services), crypto regulations and others.
The ambition to safeguard consumer protection in the face of new risks and to ensure consumers have diverse options is commendable. Yet, the cumulative effect of overlapping horizontal and sector-specific rules has created a regulatory maze. Financial institutions, which are already among the most regulated entities in the EU, face growing complexity, heavier compliance burdens and, at times, duplicating obligations. This diverts resources away from innovation and cyber resilience, adding hurdles for Europe in the global race for digital leadership.
In digital finance, banks are positioned at the intersection of (digital) financial regulation and horizontal digital policies. At the same time, according to ENISA (European Union Agency for Cybersecurity), banking ranks among Europe’s top three cyber-mature, highly critical sectors. That explains why, very often, what starts as a horizontal policy intended for multiple sectors “hits” on something similar that already exists in banking-sector policies. This, coupled with the—by default—inability of horizontal policies to capture sector-specific idiosyncrasies, leads to duplications, legal uncertainties and higher compliance costs that distort the level playing field and do not lead to enhanced consumer protection. Better regulatory coherence would not only improve supervisory outcomes but also strengthen the sector’s capacity to innovate and compete internationally.
With the European Commission (EC) expected to present its Digital Simplification Package at the end of November, there is a real opportunity to restore structure and coherence to this regulatory landscape. Below are some examples of key areas in which simplification can have a decisive positive impact on European banks.
Artificial intelligence
The AI Act will shape the way artificial intelligence is developed and deployed in Europe. From the viewpoint of banking and, more specifically, creditworthiness assessment, the treatment of logistic regression is especially important, as it is a long-standing, widely used statistical method, and its wrongful inclusion within the scope of the AI Act would pose major issues for all entities involved in lending. The Commission’s guidelines clarify that logistic regression is not considered an AI system, but the phrasing leaves space for diverging interpretations by national authorities. This uncertainty is likely to lead to inconsistent implementations across member states.
The Commission can help by clearly and unambiguously confirming that logistic regression is excluded from the definition of AI systems. Such well-established, low-risk methods used in creditworthiness assessments are already subject to strict regulatory oversight. Aligning with the ECB’s Opinion on this matter would avoid the unnecessary classification of such techniques as high risk, thereby imposing redundant additional obligations.
Equally important is the way the AI Act will be implemented and supervised. If overly strict or inconsistent approaches emerge, European banks (and Europe as a whole) would be placed at a competitive disadvantage compared to institutions and businesses in other regions. Proportionality and coordination between national financial supervisors and the European AI Office, alongside a continuous dialogue with the industry, are essential to prevent regulatory overlaps and ensure legal certainty.
Open finance
The EU’s vision of a data-driven economy has been reflected in a proliferating legislative agenda, including PSD2, the Data Act, the Data Governance Act (DGA), the Digital Markets Act and the proposal for the Financial Data Access (FiDA) Regulation. FiDA in particular aims to create a framework for secure customer-data sharing and is designed to foster innovation and give consumers more control over their financial information.
However, the current proposal raises significant concerns. Its scope is extremely broad, encompassing almost all customer data held by financial institutions (banks, investment firms, asset managers, insurance companies, etc.), while its implementation deadlines are short and the costs potentially very high. These costs would be incurred without clear evidence of corresponding market demand. Notably, non-EU jurisdictions that have tried such data sharing before Europe—for example, Australia—have shown poor uptake, disproportionate to the relevant investments.
In addition, geopolitical developments have changed considerably since FiDA was first tabled more than two years ago. In this sense, it is crucial that FiDA be reassessed through the combined viewpoints of competitiveness, simplification, digital sovereignty and strategic autonomy. Policymakers need to take a hard look at the scope and feasibility of the proposal, adjust it where necessary and remain open to fundamental changes wherever the current design does not support the EU’s strategic goals.
Digital euro
Achieving strategic autonomy in retail payments is a shared priority for EU institutions, central banks and private-sector actors. A digital euro could strengthen Europe’s sovereignty by adding a public payment option to complement private and non-European solutions, but only if financial stability is guaranteed and the digital euro does not unfairly compete with or unnecessarily duplicate the many existing and private payment solutions that leverage the Instant Payments Regulation (IPR). Today, European consumers and businesses already have access to a variety of well-functioning methods and instruments to cover their different payment needs.
In terms of implementation, such a large-scale and unprecedented project is complex and could be very costly if synergies are not sought. According to a recent study by PwC, the digital euro as currently designed could cost the banking sector in the euro area around €18 billion over the first four years of its deployment, excluding running costs and additional features such as an offline function. The study is based on a set of assumptions, as several key aspects of the project remain unclear. In any case, these figures highlight the need for a thorough cost-benefit analysis that fully considers the project’s impact on European banks’ innovation capacity, competitiveness and resilience.
To mitigate this impact, a balanced and sustainable model based on a partnership between the public and private sectors is essential. Leveraging existing and expanding European payment infrastructures and private-sector initiatives for home-grown cross-border instant payments (e.g., European Payments Initiative [EPI], European Payments Alliance [EuroPA]) and re-using processes and industry standards already in place could help achieve the goal of payment sovereignty while avoiding unnecessary duplication of investments and operational challenges.
Fraud that ends in an authorised payment
After the introduction of strong customer authentication (SCA) measures, fraud in unauthorised payments was reduced dramatically. This led criminals to shift their focus more to defrauding citizens and businesses through social engineering. Fraudulent SMSs, spoofed websites, fake investment advertisements on social-media platforms and fake product-selling on online marketplaces are massively used to trick people into making authorised payments to fraudsters. This is undoubtedly a serious problem with far-reaching social impact, and, as such, it requires a holistic approach in which all actors in the “fraud chain” are part of the solution.
Unfortunately, the Payment Services Regulation (PSR), currently under discussion, proposes placing the sole responsibility of reimbursing victims of bank-employee impersonation fraud on banks. This not only misses the fact that fraud occurs beyond banks’ reach, but it also fails to engage in a meaningful way the only actors that could protect citizens before they are victimised—i.e., telecommunications (telecom) companies, social media and online platforms. Moreover, it risks leading to lower consumer vigilance, making them more vulnerable in the long run. Under the Digital Services Act (DSA), platforms and telecom providers already have obligations to detect and remove illegal content and protect users. The PSR should reflect this shared responsibility, which is essential to maintaining consumer trust and ensuring a level playing field between banks and other stakeholders.
Cybersecurity and resilience
Banks have long been at the forefront of cyber-risk management, as they have always been targeted by criminals (both for their money and their data). As mentioned earlier, they are one of the top three cyber-mature sectors in Europe. The entry into force of the Digital Operational Resilience Act (DORA) earlier this year marked a significant step towards a harmonised and robust regulatory framework with an ecosystem approach. Moreover, for the first time, the siloed-sector approach has been broadened to introduce oversight of ICT (information and communications technology) third-party providers that are critical to the sound functioning of banks. At the moment, the whole financial sector is heavily engaged in implementing DORA.
However, the forthcoming Cyber Resilience Act (CRA), although rightly aiming to ensure that products with digital elements sold in the EU are secure throughout their lifecycles, risks creating a significant overlap with DORA, as it does not explicitly exempt financial services. Duplicating obligations would increase compliance costs without delivering additional benefits to consumers or strengthening security.
The European Commission should clarify that CRA is not applicable to banking products and services – as already covered by DORA -, allowing institutions to concentrate their resources on protecting against real threats rather than managing unnecessary regulatory complexity. This is especially important in an environment in which cyber and hybrid threats are increasing amidst ongoing geopolitical volatility.
Conclusion
Digital finance sits at the crossroads of technology and finance. Regulating it effectively requires a deep understanding of both dimensions and a close alignment of all relevant policymakers and supervisors.
Digital finance sits at the crossroads of technology and finance. Regulating it effectively requires a deep understanding of both dimensions and a close alignment of all relevant policymakers and supervisors.
Europe’s banking sector is more than a service provider. It is a pillar of the continent’s economic resilience, sovereignty and competitiveness. Simplifying the digital-finance regulatory framework is an urgent and strategic priority to achieve these objectives. This includes aligning and streamlining existing and upcoming rules, reducing overlaps, ensuring proportionality and taking a deep look into the costs/risks and benefits of each legislative proposal.
Supervision should also extend beyond banks to encompass the broader ecosystem of financial-services providers, ensuring a level playing field. Above all, sustained and structured dialogue between regulators, supervisors and industry participants remains essential. In a rapidly evolving technological and geopolitical landscape, only coordinated and pragmatic approaches can deliver a framework that supports innovation, strengthens competitiveness and upholds Europe’s strategic autonomy.
Editor’s note: This article originally included an illustration from the European Banking Federation’s “Simply Competitive” report (July 2025), which outlines the EBF’s proposals for simplification and includes a section on digital finance expanding on the themes discussed here. The report is available on the European Banking Federation’s website.
ABOUT THE AUTHOR
Alexandra Maniati is Senior Director of Innovation & Cybersecurity at the European Banking Federation (EBF). Her main priorities include the digital euro, open finance, payments, cybersecurity and digital operational resilience and artificial intelligence. Working closely with bank associations throughout Europe, she is responsible for the EBF digital innovation and cybersecurity strategy, positioning on policymaking processes, and relations with EU and international institutions. A banking industry professional for over 25 years, before joining the EBF, Alexandra was the Director of the Hellenic Banking Institute of the Hellenic Bank Association, holding leadership roles in European organisations within the banking sector focused on professional training, skills development and financial literacy.
link
