Open Banking Explained: AIS vs PIS
Open Banking under PSD2 is often described as “data and payments via APIs”. In practice, the day-to-day difference comes down to two regulated services that behave very differently in products, compliance, and commercial models: AIS (Account Information Services) and PIS (Payment Initiation Services).
At the same time, the rules around access, interface performance, and enforcement are evolving. EU co-legislators reached a political agreement on PSD3 and the new Payment Services Regulation (PSR) in late 2025, with stronger emphasis on open banking access quality and supervisory action against non-compliant interfaces.
This article explains the AIS vs PIS split in plain operational terms, then connects it to what teams are dealing with in 2026: consent design, data reliability, fraud controls, and the reality of “good API access” not being guaranteed by law alone.
If your team is building Open Banking products, licensing options, or a cross-border rollout strategy, Legasset can support with perimeter mapping, regulator-ready documentation packs, and go-to-market structuring.
Publish Date
17 Mar 2026
Reading Time
9 minutes
Category
Legal Guide
Jurisdiction
EU
AIS: The “Read” Layer Of Open Banking
What AIS Is In Product Terms
AIS providers access bank account data with customer consent and present it in a usable form. “Aggregation” is the visible part, but the product value usually comes from what you can compute from the data.
Typical AIS use cases include:
- multi-bank account overview and cashflow view
- spend categorisation and budgeting features
- affordability and income verification signals
- risk scoring inputs for credit decisions
- transaction history enrichment for SMEs
What AIS Looks Like In Operations
AIS is often described as “read-only”. The operational reality is a data pipeline with reliability obligations you will be judged on.
Teams usually underestimate:
- data freshness (how stale is “real time” for each bank)
- mapping errors (merchant names, categories, duplicates)
- consent lifecycle (expiry, re-consent prompts, drop-off)
- coverage variance (some banks provide richer fields than others)
Practical AIS Risk Controls
AISP compliance work tends to cluster around:
- consent logs that are retrievable and time-stamped
- clear customer disclosures on data sources and refresh frequency
- security posture around token handling and storage
- monitoring of bank interface performance and fallbacks
PIS: The “Action” Layer Of Open Banking
What PIS Is In Product Terms
PIS providers initiate payments directly from a customer’s bank account to a merchant or recipient, typically as account-to-account payments without card rails.
Common PIS use cases:
- merchant checkout payments (card-alternative flows)
- invoice payments and payout initiation
- subscription renewals in bank transfer form
- account-to-account top-ups
- selected peer-to-peer transfers
What PIS Looks Like In Operations
PIS is not “payments are instant”. It is “payments are initiated through a regulated flow”, which then depends on scheme rails, bank processing, and confirmation mechanics.
Teams tend to run into:
- conversion and abandonment at SCA steps
- disputes and customer support expectations when a payment is “pending”
- reconciliation complexity for merchants
- refund logic that differs from card habits
- fraud and social engineering patterns that shift to bank transfer flows
Practical PIS Risk Controls
PISP operations usually require:
- strong SCA journey design (lowest friction that remains compliant)
- payer authentication evidence retained for disputes
- transaction monitoring for anomalous initiation patterns
- clear customer communications on status and settlement timing
- merchant reconciliation tooling and reliable callbacks/webhooks
What AIS And PIS Share Under PSD2
AIS and PIS sit in the same PSD2 open banking ecosystem and share a few baseline pillars:
- customer consent as a legal and technical control
- strong customer authentication (SCA) flows
- secure API connectivity to ASPSPs (banks)
- licensing and ongoing governance expectations for TPPs
In real audits and onboarding reviews, “shared pillars” still break in different places. AIS tends to break on data quality and consent lifecycle. PIS tends to break on fraud patterns, reconciliation, and customer support evidence.
Operational Evidence Gets Heavier, Not Lighter
With deposit-taking and lending, regulators and partners test:
- customer outcomes and complaints handling
- operational resilience and incident tracking
- reconciliation discipline, audit trails, and MI packs
- outsourcing oversight and vendor exit readiness
A common failure mode for scaling challengers is not policy gaps. It is inconsistent artefacts: different teams produce different numbers and different narratives.
2026 Reality Check: Access Quality And Enforcement Are Becoming Central
In late 2025, EU institutions announced a political agreement on PSD3 and PSR, including measures aimed at improving consumer protection and strengthening the payment services framework.
A key operational theme in industry briefings is that PSR is expected to push more active national enforcement around open banking access and the quality of interfaces, including action against non-compliant dedicated interfaces and ongoing monitoring.
For product teams, that translates into a practical planning assumption:
- interface reliability becomes a compliance and commercial input, not a purely technical issue
- documentation of outages, fallbacks, and customer impact becomes part of your evidence pack
- monitoring of ASPSP performance and your own service levels becomes harder to treat as “optional”
Operator Playbook: How To Choose Between AIS, PIS, Or Both
Choose AIS First When
- your product value comes from analytics, budgeting, underwriting signals, or SME cashflow views
- you need data coverage across multiple banks and geographies
- you can tolerate variability and build a data quality layer
Practical build note: start with the bank set that covers your primary user base, then expand. AIS performance perception is heavily driven by the first 2–3 banks users connect.
Choose PIS First When
- you are solving merchant fees, checkout drop-off, or settlement predictability
- you control the merchant integration (platform, PSP-like role, or deep checkout embed)
- you can invest in reconciliation and support tooling
Practical build note: your merchant success rate depends on “status certainty”. Invest early in payment status events, idempotency, and a clean refund model.
Choose Both When
- your product needs both “read” and “act”, such as affordability-driven payment authorisations, account verification plus payment initiation, or finance management plus bill pay
- you can support two evidence packs: data controls and payment controls
Implementation Table
| Workstream | AIS Focus | PIS Focus |
|---|---|---|
| Customer Journey | consent, data refresh, re-consent | SCA flow, status updates, drop-off minimisation |
| Evidence Pack | consent logs, data provenance, access monitoring | authentication evidence, transaction logs, disputes workflow |
| Core Risk | data integrity and continuity | fraud patterns, reconciliation, consumer support |
| Commercial Fit | analytics and engagement | checkout conversion and cost structure |
How Legasset Helps With AIS/PIS Licensing And Open Banking Build-Out
Legasset supports fintech teams and investors with: (1) licensing pathway selection and perimeter mapping, (2) regulator-ready policies and evidence pack design, (3) cross-border structuring where AIS/PIS is part of a wider regulated stack, and (4) readiness reviews ahead of partner onboarding.
If you share your target geography, product scope, and whether you need AIS, PIS, or both, we can propose a practical execution roadmap.
FAQ About Open Banking AIS vs PIS
What Is The Main Difference Between AIS And PIS?
AIS is focused on accessing and aggregating account information with consent. PIS is focused on initiating a payment from a bank account, usually as an account-to-account transfer.
Do AIS And PIS Require A Licence?
In the PSD2 framework, providing AIS or PIS is regulated and requires the relevant authorisation or registration as a third-party provider.
Can A Product Use AIS Without PIS?
Yes. Many personal finance and credit analytics products use AIS only. They rely on data value rather than payment initiation.
Can A Product Use PIS Without AIS?
Yes. Many merchant checkout products use PIS without needing account aggregation, especially when the use case is payment initiation and confirmation.
Check Our Available Ready-Made Licenses
Below are all the off-the-shelf license options available for purchase. Browse through the list of licenses and read the details to choose the option that is right for your business:
