Open Banking

The conditions and procedure for authorizing the activities of non-financial payment service providers are regulated by the Regulation on the Authorization Procedure for Providers of Non-financial Payment Services, approved by NBU Board Resolution No. 81 dated 25 July 2025.

To ensure secure electronic interaction and identification of third-party payment service providers (PISPs, AISPs) by account servicing payment service providers (ASPSPs), third-party payment service providers (PISPs, AISPs) are required to obtain a qualified open banking certificate from a qualified provider of electronic trust services.

The procedure for using electronic trust services when payment service providers obtain access to payment service users’ accounts is set out in the Regulation on the Procedure for Using Electronic Trust Services when Payment Service Providers Obtain Access to the Accounts of Payment Service Users, approved by NBU Board Resolution No. 82 dated 25 July 2025.

Qualified providers of electronic trust services whose details are included in the trusted list based on the decision of the certification center (QPETSs) have the right to generate and issue qualified open banking certificates. The list of QPETSs is available on the website of the certification center.

Each QPETS independently determines whether to generate and issue qualified open banking certificates. The rules for generating, issuing, revoking, blocking, and renewing qualified open banking certificates are described in the QPETS operating procedure.

Third-party payment service providers (PISPs, AISPs) who plan to obtain a qualified open banking certificate from the QPETS Accredited Key Certification Center of the National Bank of Ukraine must familiarize themselves with the Rules for Generating, Issuing, Revoking, Blocking, and Renewing Qualified Open Banking Certificates in the relevant operating procedure.

A third-party payment service provider (PISP/AISP) is required to connect to specialized interfaces (APIs) and ensure secure data exchange with the account servicing payment service provider through specialized interfaces (APIs) in accordance with the requirements of the Regulation on Open Banking in Ukraine, approved by NBU Board Resolution No. 80 dated 25 July 2025, the Regulation on Authentication and Use of Strong Authentication in the Payment Market, approved by NBU Board Resolution No. 58 dated 3 May 2023, and the Regulation on Information and Cyber Security Protection by Payment Market Participants, approved by NBU Board Resolution No. 43 dated 19 May 2021.

Account servicing payment service providers (ASPSPs) must set up basic specialized interfaces (APIs) and ensure that third-party payment service providers (PISPs/AISPs) have continuous access to their users’ accounts in real time, taking into account the requirements of the Regulation on Open Banking in Ukraine, approved by NBU Board Resolution No. 80 dated 25 July 2025.

Account servicing payment service providers (ASPSPs) must publish the technical specifications of all available specialized interfaces (APIs), specifying the procedures, protocols, and tools required by a third-party payment service provider to interact with an account servicing payment service provider (ASPSP) through the specialized interfaces (APIs), taking into account the requirements of the Regulation on Open Banking in Ukraine.

Before providing access to user accounts, account servicing payment service providers (ASPSPs) are required to verify whether third-party payment service providers (PISPs, AISPs) are authorized to conduct operations by checking information in the Payment Infrastructure Register via the API “Details of Non-financial Payment Service Providers” available at this link (paragraph 26), as well as the information in the qualified open banking certificate.