#openbanking

Introduction

The terms “open banking” and “Account Aggregator” are frequently used interchangeably in Indian fintech discussions. They are not the same thing. The differences are not merely technical; they reflect different regulatory philosophies, data governance models, and levels of individual control over financial data.

Understanding the distinction matters practically: institutions building data infrastructure on the assumption that India has adopted an “open banking” model similar to the UK’s PSD2 framework will find that the AA framework operates on fundamentally different principles in several important ways. To ground this comparison, here’s what account aggregator is in India.

What Is Open Banking? The PSD2 Model

Open banking, as implemented in the European Union under the Payment Services Directive 2 (PSD2) and in the UK under the Open Banking Standard, requires banks to open their API infrastructure to regulated third parties, enabling those third parties to access customer account data and initiate payments with customer consent.

The PSD2 model is bank-centric: regulators require banks to build and maintain open APIs. Third parties access these APIs directly with customer permission, forming an API-driven financial data ecosystem. This concept becomes more meaningful when viewed in the context of digital lending and account aggregator, where data access directly impacts lending workflows.

Key features of the PSD2 model: regulators mandate API standards and timelines. The framework mainly covers bank account data, not insurance, pensions, or securities. Third-party interfaces manage consent instead of a centralized consent manager. The model prioritizes data portability as its primary objective.

How India’s Account Aggregator Framework Differs

India’s AA framework shares the same high-level goal—enabling financial data to flow with individual consent but differs significantly in architecture, governance, and execution.

Consent management is centralized: unlike PSD2, where each third party manages consent independently, India’s AA framework routes all consents through a licensed intermediary.

Coverage is broader: the AA framework spans banking, securities, insurance, and pensions, making it a cross-sector financial data infrastructure.

The AA does not store data: it only routes encrypted data between institutions, ensuring no intermediary has visibility into the actual financial information.

The privacy model is stronger: end-to-end encryption ensures that only the receiving institution can decrypt the data.

This framework is governed by the Reserve Bank of India, making it a regulated financial system component.

The AA ecosystem also relies on interoperable technical standards. These standards are defined within the Sahamati AA ecosystem documentation.

Additionally, the consent-driven design aligns with modern data protection principles. This aligns with the Digital Personal Data Protection Act, 2023.

To understand how consent, FIP–FIU roles, and data flow work together in practice, here’s how account aggregator works step-by-step.

Data Coverage Comparison

PSD2 / Open Banking: Bank account data, savings, current, and credit cards. Payment initiation capability. No coverage of insurance, pensions, or securities.

India’s AA Framework: Bank account data (savings, current, FDs) via RBI-regulated FIPs. Securities and mutual fund data via SEBI-regulated FIPs. Insurance data via IRDAI-regulated FIPs. Pension data via PFRDA-regulated FIPs. No payment initiation currently (though this may evolve).

The AA framework’s broader coverage means a lender in India can, with a single consent flow, access a borrower’s bank accounts, mutual fund holdings, and insurance policies, enabling a genuinely complete financial picture that open banking frameworks in other jurisdictions cannot match.

Consent Architecture Comparison

Open Banking (PSD2): The customer authorizes a third party directly on the third party’s platform. Each third party manages its own consent database. The customer must visit each third party’s interface to revoke access. There is no centralized consent management.

India’s AA framework centralizes consent management through the AA interface. Customers can view active consents, data access, and timelines and revoke them anytime. The system records each consent as a cryptographically signed artefact with a full audit trail.

The AA’s centralized consent model better protects privacy and simplifies managing multiple data relationships. However, it creates dependency. If an AA fails or is deregistered, managed consents are disrupted.

Key Differences Between Open Banking and AA

The difference between these frameworks is most visible in how data is accessed and shared.

Open banking relies on direct API access between banks and third parties, while the AA framework introduces a consent-managed intermediary layer. These infrastructure differences fundamentally change how trust, control, and compliance are implemented.

This is where account aggregator vs bank statement PDF becomes relevant, as it highlights how data sourcing and reliability differ across financial data systems.

Which Model Better Serves India?

The AA framework’s design choices reflect India’s specific context: a large, diverse population with varying financial literacy; a multi-sector financial system that needed a cross-regulator data framework; and a regulatory preference for centralized accountability over distributed responsibility.

For lending use cases, which are the primary commercial application of AA data in India, the AA framework’s superior consent design, broader data coverage, and stronger privacy model make it better suited than a PSD2-style open banking implementation would have been.

The AA framework is not without challenges: the centralized consent model creates operational dependency on AA operators, and multi-regulator coordination adds complexity to ecosystem development. But for India’s scale and context, these trade-offs appear to have been appropriate.

Key Takeaways

Open banking (PSD2 model) and India’s AA framework share the same goal, financial data portability with consent, but differ in architecture, coverage, and privacy model.

India’s AA framework is broader (covering banking, securities, insurance, and pensions) and more privacy-protective (end-to-end encryption, centralized consent management) than PSD2-style open banking.

The AA does not store underlying financial data, a structural privacy protection not present in most open banking implementations.

Centralized consent management through the AA gives individuals a single interface to view and revoke all active financial data sharing, a stronger individual rights model than distributed third-party consent management.

India’s AA framework is the most comprehensive financial data sharing infrastructure globally in terms of cross-sector coverage and consent architecture.

Frequently Asked Questions

Q1: Is India planning to implement open banking like the UK?

India has effectively implemented a more comprehensive version of financial data portability through the AA framework, covering more data types and with stronger consent controls than the UK’s Open Banking Standard. A separate ‘open banking’ initiative appears unlikely given the AA framework’s scope.

Q2: Can India’s AA framework be used for payment initiation like PSD2?

Currently, the AA framework is limited to data sharing; it does not include payment initiation. The UPI framework handles payment initiation in India. Whether AA’s scope will expand to include payment-related use cases is unclear.

Q3: Is PSD2 more advanced than India’s AA framework?

PSD2 is more mature (implemented from 2018) but narrower in coverage. India’s AA framework is newer but more ambitious in scope, covering four regulatory sectors rather than just banking. In terms of consent architecture and privacy design, the AA framework is more sophisticated.

Q4: Can a fintech that operates in both the UK and India use the same data infrastructure for both markets?

No. The technical standards, consent mechanisms, and regulatory frameworks are different. UK open banking APIs conform to the Open Banking Standard; India’s AA uses the Sahamati-defined API specification. Separate integrations are required for each market.

Q5: Why does India have an Account Aggregator framework instead of traditional open banking?

India’s regulatory approach reflects the country’s multi-sector financial system and its preference for consent-centric, privacy-protective data infrastructure. The DEPA (Data Empowerment and Protection Architecture) framework, developed by iSpirt and endorsed by NITI Aayog, provided the architectural blueprint that became the AA framework.

Conclusion

India’s Account Aggregator framework is not a copy of open banking; it is a more ambitious, more privacy-protective, and broader-scope financial data infrastructure than any open banking implementation globally. Understanding this distinction matters for institutions building on it: the AA framework’s design choices, centralized consent, cross-sector coverage, and end-to-end encryption create different integration patterns and different regulatory obligations than PSD2-based systems.

A closer look at account aggregator ROI for lenders highlights the full business impact.