Fintech remains one of the UK's strongest startup sectors. In 2025 UK fintech companies attracted about $4.2 billion in investment, second only to enterprise software. But the landscape is shifting. By early 2026 the European Union was moving to finalise the third Payment Services Directive (PSD3) and a new Payment Services Regulation (PSR), which together will overhaul the rules governing payments and open banking. At the same time, the UK is developing its own open-finance framework and has passed the Data (Use and Access) Act, creating a legislative foundation for Digital Verification Services (DVS). Founders must navigate this evolving regulatory patchwork while delivering seamless customer experiences.
Designing for variable recurring payments and open data
One of the most anticipated features under the UK's open-banking roadmap is variable recurring payments (VRP) for sweeping - the automatic movement of funds between a customer's accounts. VRPs allow new business models such as pay-per-use subscriptions and dynamic savings. To implement VRP, fintechs must build secure consent flows and ensure banks' APIs support real-time authorisation. PSD3/PSR will standardise data access rules across Europe and could accelerate VRP adoption by clarifying liability when payments go wrong. In the UK, the Payment Systems Regulator has signalled that it may make Confirmation of Payee mandatory for all providers, adding an extra layer of name verification to combat authorised push-payment fraud.
Open finance goes further than payments by enabling access to mortgages, pensions and investment data. Lauren Jones of Paylume argues that banks should treat open banking as a strategic opportunity rather than a compliance checkbox. She predicts that 2026 will see more financial institutions embracing the data opportunity, unlocking new revenue models through personalised credit scoring and financial guidance. For founders this means architecting platforms that can both provide and consume data via APIs, and investing in analytics to turn raw data into insights. It also requires robust consent management and clear user interfaces that explain what data is being shared and why.
Real-time payments and fraud management
Instant payments are becoming the norm. More than 80 countries operate real-time payment schemes, and estimates suggest one in four global payments will be real-time by 2028. Europe's Instant Payments Regulation, which came into force in October 2025, removes the 100,000 euro cap on instant transfers. The benefit is clear: instant payments offer greater cash-flow visibility and lower costs. The downside is a rise in fraud. Total payment fraud in the European Economic Area increased to 4.2 billion euros in 2024 from 3.5 billion the previous year. Juniper Research forecasts an 85% increase in fraud detection investment from 2025 to 2030. The PSR will shift liability for fraudulent payments away from users toward payment service providers, so startups must invest in fraud-prevention technologies.
Practical steps include implementing behavioural biometrics, device fingerprinting and machine-learning models to spot anomalies. PSD3 also tightens strong customer authentication (SCA) requirements, mandating that authentication be accessible to all users and clarifying that additional data can be processed without consent if strictly used to prevent fraud. Fintechs must design authentication flows that are inclusive - offering options beyond smartphone apps - and invest in secure element hardware to store credentials. The trade-off is user friction: too many authentication steps can drive abandonment, while too few leave the platform vulnerable.
Digital identity and onboarding
The UK's Data (Use and Access) Act received Royal Assent in June 2025 and paves the way for a statutory register of digital verification service providers. When commenced, the act will allow public authorities to share information with registered services and will enable an official trust mark. For fintechs this could streamline onboarding and reduce reliance on manual document checks. However, it introduces dependencies on government-approved providers and raises questions about interoperability with EU electronic identity systems (eIDAS). Integrating DVS into onboarding flows will require careful vendor selection, risk assessment and contingency plans for outages.
Cross-border considerations and market entry
British fintechs eyeing European expansion must decide whether to obtain an EU payment institution licence or operate under a partner's licence. PSD3 will standardise licensing requirements and grant supervisors greater powers over agents and distributors. Meanwhile, the UK's Financial Services and Markets Act 2023 gives regulators authority to designate critical third parties to the financial sector; if your service is deemed critical, additional resilience and reporting obligations will apply. Startups should budget for legal advice and compliance audits before launching cross-border services.
Concluding thoughts
Fintech founders in 2026 face a complex environment: regulatory convergence, rapid adoption of real-time payments and evolving digital identity frameworks. Those who embrace open-data principles, build robust fraud-prevention and authentication systems and align with new standards will gain trust and first-mover advantage. Those who treat regulation as an afterthought risk fines, fraud and lost customers. The playbook for success is not just about lines of code; it is about designing products that are secure, compliant and centred on user trust.