Four Big Challenges, One Giant Opportunity

Regulators want banking-grade things to happen outside of banks. The banks should build the network that makes it possible.

If you work in a European bank’s strategy department, your whiteboard currently has four acronyms circled in red: Digital Euro, European Business Wallet, PSD3, and FIDA. Each arrived from a different directorate in Brussels. Each has its own consultation papers, its own timeline, its own stakeholder dynamics. Each looks like a separate compliance programme that will consume years and hundreds of millions.

They are the same challenge wearing four masks.

What does “banking-grade” mean?

Before diagnosing what Brussels is asking for, we need to understand what Brussels values about banks in the first place.

A bank does four things at a standard no other institution in the economy matches. It holds deposits under strict regulatory oversight and deposit insurance. It verifies identity through onboarding, KYC, and ongoing due diligence. It moves money through audited, resilient payment infrastructure. And it governs data under the tightest compliance regimes in the economy — from GDPR to AML to prudential reporting.

These four competences — safe custody, verified identity, reliable payments, governed data — are what “banking-grade” means. They are expensive to build, painful to maintain, and impossible to fake. They are also, today, locked inside the bank’s own systems. They work brilliantly within the bank’s walls. They are nearly invisible outside them.

This is what Brussels wants to change.

The four challenges

Each of the four regulations asks the same question in a different domain: can we make banking-grade things happen in places where the bank is not the gatekeeper?

The Digital Euro asks: can we have banking-grade settlement — instant, safe, maybe even programmable — without requiring every transaction to flow through a commercial bank’s internal ledger? The ECB wants a public digital currency that delivers the speed and programmability that consumers increasingly expect. The implicit message to banks: if your deposits can’t do this, we’ll build something that can.

The European Business Wallet asks: can we have banking-grade identity — verified, portable, machine-readable — without requiring every counterparty to onboard through a bank’s KYC process? Under the eIDAS 2.0 framework, enterprises will carry their own government-attested digital credentials. The implicit message: if verified identity only works inside your silo, we’ll create an alternative that works everywhere.

PSD3 asks: can we have banking-grade payment initiation — secure, mandate-verified, fraud-resistant — without requiring the bank to be the sole initiator? PSD2 opened the door for third-party access to accounts. PSD3 widens it with stronger rights and explicit obligations for banks to provide reliable, well-functioning APIs. The implicit message: if safe payment initiation only happens through your channels, we’ll require you to let others do it too.

FIDA asks: can we have banking-grade data governance — consented, controlled, auditable — without requiring the data to stay locked inside a single institution? Financial Data Access requires banks to share customer financial data with authorized third parties. The implicit message: if governed data sharing only works within your walls, we’ll mandate it across the ecosystem.

The common challenge

Read the four regulations together and a pattern emerges. Brussels is not trying to destroy banks. Brussels is trying to export banking-grade competence beyond the bank’s perimeter.

The deposit stays regulated. The identity stays verified. The payment stays secure. The data stays governed. What changes is where these things happen. They move from inside the bank’s proprietary systems to a shared infrastructure where fintechs, corporates, public institutions, and citizens can all participate — at the same standard.

This is the real challenge. Banks have spent decades perfecting these competences within their own silos. The regulations now ask: can you deliver the same standard in a network you don’t fully control?

The missing floor

Here is where the challenge becomes interesting, because today’s infrastructure cannot deliver what the regulations promise.

The Digital Euro needs commercial bank money to move as fast and as programmably as central bank money — so that citizens have no reason to switch. That requires the bank deposit to become active: capable of enforcing conditions, settling instantly, and participating in automated contracts. Today a bank deposit is a row in a database waiting for a SWIFT message. That row needs a brain.

The Business Wallet needs enterprises to carry verifiable credentials — signed attestations from authoritative sources — that any counterparty can check cryptographically without calling the issuer. Today we email PDF certificates. The wallet needs an infrastructure where a credential from the Finnish tax authority is as machine-readable in Portugal as it is in Helsinki.

PSD3 needs a way for third parties to initiate payments through bank infrastructure without the bank losing control over fraud prevention and mandate verification. Today’s APIs are a step forward, but they lack the structural safeguards for truly secure delegation. What we need is a temporary, secure environment — a disposable meeting room — where the third party proves its authorization, the bank verifies the mandate, and the payment executes atomically. Then the room disappears.

FIDA needs a way for customers to share specific financial facts without exposing raw data through open APIs. “This customer earns above €50,000” should be provable without revealing the salary, the employer, or the transaction history. That requires selective disclosure backed by cryptographic proof — a capability that no current banking API supports.

Every one of these requirements points to the same missing floor: a shared, banking-grade transaction network where software agents verify claims about each other, enforce conditions automatically, and settle in a single atomic step — without a central platform owning the process.

A common challenge implies a common solution

Here is the strategic insight that most banks are missing while they staff four separate regulatory programmes.

The infrastructure that makes your deposit programmable and instant — turning passive money into active money — is the same infrastructure that lets your business customers carry portable, verifiable credentials. Because both require the same thing: a way for software to present cryptographic proof of a fact, have that proof verified automatically, and act on the result without human intervention.

The secure, disposable environment that makes PSD3 payment initiation safe — where a third party enters, proves its mandate, triggers the payment, and leaves — is the same environment that handles FIDA data requests. Because both require the same thing: a temporary context where parties exchange only the proofs relevant to that specific interaction, governed by pre-agreed rules, with a cryptographic receipt as the output.

Build the banking-grade network for one regulation and you have built it for all four.

This is the architectural fact that the current compliance-silo approach obscures. Banks are staffing four separate programmes, hiring four sets of consultants, building four separate technical platforms — when the underlying engineering is identical.

What the solution looks like

The answer is not a product or a platform. The answer is a banking-grade transaction network — built by banks, operated at bank standards — that extends the bank’s competences beyond its own walls. Four capabilities make this possible.

Active representation. Every entity — person, company, device — gets a software agent that acts on its behalf according to pre-set rules. This agent holds verifiable credentials (signed attestations from trusted sources) and can negotiate, verify, and sign autonomously. The Business Wallet becomes a natural byproduct: the enterprise already has a software representative carrying government-issued credentials. The bank already has a software representative that can verify those credentials instantly.

Disposable transaction environments. Every interaction — a payment, a data request, a contract — happens inside a temporary, private space that enforces the agreed rules and then dissolves. PSD3 payment initiation becomes safe because the third party’s mandate is verified inside this space before any money moves. FIDA becomes privacy-preserving because the customer’s agent shares only the specific proof required — “income above threshold: yes” — and the space disappears when the answer is delivered.

Programmable money that stays in the bank. The deposit remains a bank liability — regulated, insured, credit-bearing. But it gains an active software agent that can lock funds, verify conditions, and settle contracts instantly. The Digital Euro’s purpose is fulfilled because commercial bank money already does everything the Digital Euro was designed to do. The deposit woke up.

Verification before execution. Every transaction is verified before it commits — the credentials are checked, the conditions are met, the proofs are exchanged — so the resulting records are identical on both sides by definition. The massive reconciliation machinery that banks maintain today collapses into a mathematical side effect.

The strategic opportunity

Here is the part that should interest bank boards.

The default trajectory — treating each regulation as a separate compliance cost — leads to a world where banking-grade competence leaks out of banks through mandated APIs, and someone else assembles it into a competing network. The bank becomes a regulated utility that subsidizes its own disintermediation.

The alternative trajectory — building the shared network proactively — leads to something far more valuable. The bank that provides active money, verifiable credentials, and secure transaction environments becomes the trust anchor for the next generation of European commerce.

Why? Because the regulations demand banking-grade standards, and banks are the only institutions that actually operate at that standard. Brussels can mandate openness. Brussels cannot manufacture the decades of regulatory discipline, risk management, and institutional credibility that make a credential trustworthy or a settlement final. The bank’s regulatory burden — the capital requirements, the compliance apparatus, the deposit insurance — becomes a competitive advantage when it backs the network that the entire ecosystem relies on.

The four challenges become one opportunity: build the banking-grade infrastructure that everyone else needs to participate in the new European economy.

The clock

These regulations are not theoretical. Digital Euro, PSD3 and FIDA are all progressing. The eIDAS 2.0 framework is already law, with member state implementations underway.

Banks that build four separate compliance silos will spend billions and end up as utilities. Banks that recognize the common challenge — and build the common infrastructure — will spend a fraction and end up as the indispensable foundation of European digital commerce.

Regulators want banking-grade things to happen outside of banks. The question is whether banks will build that network — or watch someone else try, and fail to match the standard.