Open finance in the UAE: laws and regulation

Facilitated through application programming interfaces (APIs), licensed financial institutions (LFIs) and third party providers (TPPs) can securely share customer-permissioned financial data and initiate certain service requests, including payments, fund transfers and investment orders to deliver more integrated, innovative and personalised financial services.

Traditionally, each financial institution has acted as the sole custodian of their customer’s financial data, maintaining exclusive control over account information and transaction history. Open finance reshapes this relationship between LFIs and their customers by empowering customers to share their financial data with trusted third parties and allowing the efficient transfer of information. This has enabled the introduction of more personalised, competitive and innovative financial service solutions by TPPs, tailored to individual customer needs.

The UAE’s open finance framework builds on the global principles of open banking, which allow TTPs access to consumer banking data and initiate payments through APIs, but goes beyond simply banking data to also include areas such as investments, mortgages, insurance, pensions and personal finance.

What distinguishes the UAE’s open finance framework from other typical open banking frameworks is the introduction of what is referred to in the UAE as ‘service initiation’. Advancing beyond traditional data access and payment initiation use cases, service initiation allows non-banking players to directly trigger financial services within their own environments. This paves the way for embedded finance, where end-users can access services like digital lending, wealth management or pension setup seamlessly from a fintech app.

Legislative framework

Open finance was mandated by the Central Bank of the UAE (CBUAE) in 2023 pursuant to the Open Finance Regulation Circular 7 of 2023, which was updated by Circular 3 of 2025)(Open Finance Regulation) which came into force on 10 July 2025.
The Open Finance Regulation establishes a comprehensive framework for the licensing, supervision and operation of open finance in the UAE, designed to promote innovation, competition, and customer empowerment across the financial services sector. The framework includes a centralised API hub, a trust framework for secure participant validation and common infrastructural services, which provide open finance access for the cross-sectoral sharing of data and the initiation of services, including payment initiation, on behalf of customers.

The Open Finance Regulation also introduces robust Open Finance Standards for the operation of API infrastructure within the UAE’s open finance ecosystem, aimed at ensuring secure, standardised and interoperable data exchange. 
What makes the UAE’s open finance framework different from those of other jurisdictions is that it relies on a centralised API hub governed by a CBUAE spin-off entity, Nebras, to help manage connections.

The API hub is the backbone of the ecosystem and standardises how banks, fintechs, and TPPs interact. It is built around a ‘trust framework’ that governs identity verification, authentication and data security, ensuring only authorised players operate through digital certificates and a compliance registry. Supporting the trust framework is a common infrastructure layer that handles user consent, onboarding, performance analytics and dispute resolution.

Open Finance Regulation

The UAE’s Open Finance Regulation applies to a broad range of financial products and services across the banking, insurance and payments sectors. These include current and savings accounts, credit cards, personal and auto loans, mortgages, and overdraft facilities and products such as motor, health, life, and property insurance in the insurance domain. The Open Finance Regulation also covers digital payment services such as stored value facilities, wallets, and account information services, as well as investment and wealth management offerings.

Data sharing, through accessing, processing or transferring customer financial data, including data relating to customer accounts, transaction history or products, with another bank or financial service provider licensed by the CBUAE, is designed to give individuals and businesses greater control over their financial information, enabling them to share it securely with open finance participants. It also supports the development of services like personal finance management, credit scoring and financial aggregation tools, laying the foundation for broader open finance use cases.

Service initiation enables customers to use third-party platforms to execute transactions directly from their bank or financial accounts, without relying solely on their primary financial institution’s interface. It also facilitates innovation in areas like embedded finance and automated savings, while ensuring customer protection and system integrity.

Objectives of the UAE’s open finance framework

The main objective of the UAE’s open finance framework is to enable the cross-sectoral sharing of data and the initiation of services and payment transactions, on behalf of customers.

The UAE’s open finance framework is part of its broader digital economy strategy and aligns with the CBUAE’s FinTech roadmap’s core objectives, which include:

• empowering consumers and SMEs to have control over their financial data;
• enabling secure, consent-based data sharing across financial and non-financial sectors;
• fostering innovation in digital financial services and embedded finance;
• enhancing financial inclusion, particularly for underbanked populations and SMEs; and
• supporting economic diversification and the UAE’s ambition to become a global fintech hub.

The UAE’s open finance framework is designed to accelerate the country’s transition to a digitally empowered, inclusive and innovation-driven financial ecosystem. By phasing in participation across the framework, starting with a handful of banks and insurers, the UAE aims to create a robust, interoperable and secure open finance ecosystem that aligns with its broader digital transformation agenda.

Components of the UAE’s open finance framework

Participation in the open finance framework is mandatory for all LFIs, including CBUAE-licensed banks. All CBUAE licensees, whether they are engaged in providing open finance services or not, must comply with the requirements of the Open Finance Regulation in respect of their customer data, including the establishment and maintenance of a dedicated interface to provide access to account and product information through the API hub. Components of the framework include: 

API Hub

The API Hub centralises access to open finance related services by aggregating individual participant APIs through a single platform managed and controlled by Nebras.

Trust framework 

The trust framework provides participant validation, including a directory of all participants and digital certificates to establish secure communication channels, along with a documentation portal collating information on standards, technical specifications, requirements and business rules for all participants. 

Common infrastructural services

These services provide common functionalities across the entire open finance ecosystem, including user consent management, service assurance, reporting analytics, dispute resolution tools, and potential value-added features.

Who does the open finance framework apply to?

Participation in the open finance framework is mandatory for all entities licensed by the CBUAE to provide banking or financial services. This includes:

• banks incorporated in the UAE; 
• branches of foreign banks/representative offices of foreign banks; 
• specialised, restricted licence and Islamic banks or Islamic ‘windows’ of conventional banks; 
• finance companies; 
• payment service providers and retail payment systems providers; 
• stored value facility providers; 
• exchange houses; 
• loan-based crowdfunding companies; and 
• insurance brokers and insurance companies, including those incorporated in the UAE and foreign branches.

TPPs looking to participate in the open finance framework require a licence from the CBUAE. Importantly, certain categories of CBUAE licence holders, such as banks, finance companies insurance companies, and payment service providers, are deemed licensed under the Open Finance Regulation and do not need to obtain a licence from the CBUAE to provide open finance services.  Rather, deemed participants must notify the CBUAE in writing of their intention to provide open finance services and obtain a no objection certificate from the CBUAE prior to commencing any open finance activities.

Open finance use-cases

The UAE’s open finance framework is unlocking a new wave of innovation across the financial services sector. By enabling secure, consent-based data sharing between LFIs and TPPs, several impactful use-cases have emerged, including:

Account aggregation and financial dashboards 

Account aggregation dashboards enable customers to view all of their financial accounts in one place through TPPs, enabling better financial planning and budgeting.

Personalised financial advice 

Financial advisors and platforms can use aggregated financial data to offer tailored investment, savings and insurance recommendations, thereby improving financial literacy and decision-making.

Embedded lending and credit scoring 

TPPs will be able to initiate loan applications directly from within their apps using user data. For example, a customer browsing a property website could apply for a mortgage through an open finance integration without visiting a bank.

Payment initiation services and instant payments 

TPPs can initiate payments directly from users’ bank accounts, streamlining e-commerce and bill payments without relying on cards.

Small and medium enterprise (SME) services

SMEs can benefit from faster onboarding, integrated cash flow tools, and access to alternative financing like loan-based crowdfunding powered by open finance APIs.

Regulatory bodies and foundations

The CBUAE plays a central role in shaping the UAE’s national fintech strategy and regulatory direction. It leads the development of the UAE’s open finance framework as part of its broader commitment to financial innovation, inclusion, and resilience. Through the CBUAE Fintech Office and Regulatory Sandbox, the CBUAE provides a controlled environment for testing innovative financial products and services, including those involving open finance use cases. It also works closely with other regulators and market participants to ensure that emerging technologies are integrated into the financial system in a secure, consumer-centric, and sustainable manner.

Al Etihad Payments (AEP) is a UAE national payments entity established as a subsidiary of the CBUAE in 2023. AEP provides the UAE’s national payments infrastructure, including Aani, the UAE’s instant payments platform, and the UAE’s domestic card schemes Jaywan. AEP also supports other payment-market infrastructure like UAESWITCH and the UAE Wages Protection System. AEP provides the infrastructure and payment rails that the open finance framework sits on.

Nebras Open Finance LLC (Nebras) is the CBUAE subsidiary that operates the API hub and common services that all LFIs and TPPs must plug into to access open finance related services. Nebras’s core responsibilities include:

• operating the API hub and publishing documentation for the API hub under the Open Finance Standards;
• running elements of the trust framework and common infrastructural services, such as participant directories, discovery, onboarding and authentication functions described in the trust framework documentation; and
• setting the commercial model and pricing. Nebras, via the API Hub, applies a published fee model of supplemental licensing plus variable usage fees, consistent with article 28 of the regulation allowing the API Hub to charge reasonable, transparent fees. 

Al Tareq governs the open finance framework and governs the user-facing platform components that standardise consent management, centralised authentication/authorisation, and, in practice, power account-to-account payment initiation. Al Tareq provides a standard, centralised consent flow and authentication experience so that customers can grant and manage permissions consistently across providers.  It also enable account-to-account (A2A) payments and a trusted payments experience within the open finance framework.

The Open Finance Regulation defines the components of the open finance framework such as the trust framework, API Hub and common services. Within this framework, AEP provides the infrastructure and payment rails, Nebras operates the platform components, and Al Tareq provides the consent and authentication layer and front-end experience that participants and customers interact with.

The Dubai International Financial Centre (DIFC) and Abu Dhabi Global Market (ADGM) are the UAE’s two leading financial free zones, each with its own independent regulatory authority; the Dubai Financial Services Authority in the DIFC and the Financial Services Regulatory Authority in the ADGM. Both regulators have developed frameworks to licence and supervise fintech firms, including TPPs involved in regulated activities akin to data aggregation and payment initiation. These frameworks fall outside of the CBUAE’s open finance framework. The Open Finance Regulation applies only to ‘mainland’ UAE and excludes the DIFC and ADGM.  

Customer consent

Under the UAE’s Open Finance Regulation, customer consent is a foundational requirement for any data sharing or service initiation between LFIs and TPPs. 

Consent must be explicit, informed and securely recorded, ensuring that individuals retain full control over how their financial data is accessed and used, in accordance with the key principles and requirements of the UAE’s Personal Data Protection Law.

LFIs may only share their own customers’ data and cannot re-share data provided to them by other TPPs. The Open Finance Regulation explicitly forbids the commercialisation of customer data, meaning LFIs and TPPs are prohibited from selling, trading or otherwise monetising user data for profit where it has been received from another participant.  Data shared under the open finance framework must be used only for the purpose authorised by the user, such as providing a financial service or initiating a transaction.
By embedding consent and other key data protection principles into the core of the open finance framework, the UAE aims to empower consumers to have greater clarity and control over their financial information. This not only enhances user confidence, but also encourages responsible innovation across the financial ecosystem, enabling the development of personalised, data-driven open finance products and services that prioritise user autonomy.

Data control

The Open Finance Regulation includes an express prohibition on data scraping, defined as the extraction of user data onto a locally saved spreadsheet or database file or other similar data extraction activities. This prohibition is a critical safeguard against unregulated data harvesting and reinforces the open finance framework’s emphasis on secure, API-based data sharing governed by user consent and strong authentication protocols.

The Open Finance Regulation does not present an opportunity to cross-sell data.

Cross-sectoral scope

The UAE’s open finance framework is envisioned as a cross-sectoral initiative, integrating financial services with government, telecom and utility data to unlock more personalised financial services experiences. The impact that open finance may have is extensive: 

• access to utility payment histories or telecom billing data could enhance credit scoring models, especially for underbanked populations, thereby improving financial inclusion;
• government data integration could streamline identity verification and eligibility assessments for financial products, reducing friction and fraud; and
• for businesses, especially SMEs, this interconnected data environment could support more precise cash flow forecasting, risk assessment, and access to tailored financing solutions. 

Challenges and considerations

As with any new regulatory framework, there are a number of considerations in relation to open access that entities and individuals participating in the open finance framework should be prepared to navigate.

One of the issues of open finance relates to the operational resilience of the entities involved. LFIs must ensure that shared data remains accurate, secure and uncorrupted throughout its lifecycle, particularly where exposure to breaches and cyberattack is heightened because of increased data sharing across institutions and TPPs via APIs.

Consent management adds another layer of complexity, requiring robust systems to ensure that customer-permissioned access is properly obtained, tracked and revoked across multiple platforms. LFIs and TPPs must work closely with the API Hub to establish protocols and procedures for managing and updating consent status.

Consumer awareness and trust are also critical to the success of the UAE’s open finance framework. Many users may not fully understand how their data is used, which can lead to hesitation or resistance in adopting open finance related services. To address this, education, transparency and consistent user-friendly interfaces are essential for widespread engagement.

Technology integration poses further difficulties, especially for institutions reliant on legacy systems that may not support modern API frameworks. Additionally, uneven market readiness means that smaller players may struggle with the cost and complexity of compliance, potentially leading to imbalances in adoption.

Another key consideration is around maintaining consistent technical standards and legal agreements across diverse platforms and jurisdictions. This is particularly important in the context of the UAE, where the financial ecosystem spans multiple jurisdictions and regulatory environments. The complexity of managing interoperability across these jurisdictions heightens the need for clear standards that define responsibilities for data integrity, system reliability and dispute resolution.

Open finance globally

The UAE’s open finance framework stands out globally for its regulatory led, phased approach that emphasises data security, consumer consent, and ethical data use. It extends beyond banking to include insurance and other financial services from the outset, aligning more closely with open finance models seen in Australia and Brazil.

However, the UAE places strict controls on data re-sharing and explicitly prohibits data scraping, reflecting a strong stance on data privacy and anti-commercial exploitation. While global frameworks often focus on innovation and competition, the UAE’s model balances these goals with consumer protection and systemic stability, positioning it as a balanced but forward-looking player in the global open finance landscape. The UAE’s open finance framework also emphasises interoperability, trust frameworks and centralised API hubs, setting it apart from more fragmented open banking models seen elsewhere.

Future of open finance

As the UAE open finance framework matures, there is also growing speculation about whether crypto assets and securities trading will eventually be brought under the open finance umbrella. While these financial products and related services currently sit outside most regulatory frameworks due to their complexity and volatility, the push for greater transparency, interoperability and consumer control may drive future inclusion, particularly as tokenised assets and decentralised finance gain traction. However, inclusion of such financial products and services within the remit of the UAE’s open finance framework would require careful regulatory calibration to balance innovation with investor protection and systemic risk.

Looking ahead, it is worth considering whether the various national and regional open finance frameworks could eventually converge into a unified global framework. Such an evolution would require significant alignment across regulatory, technical and legal domains, but the benefits could be transformative. A globally interoperable open finance ecosystem could enable seamless cross-border financial services, enhance financial inclusion, and support global fintech innovation.

While this vision presents complex challenges, ranging from data sovereignty to cybersecurity and governance, it opens the door to a future where consumers and businesses may access and manage their financial data securely, easily and consistently across borders.

Last updated November 3, 2025