{"id":19956,"date":"2026-05-28T10:47:13","date_gmt":"2026-05-28T10:47:13","guid":{"rendered":"https:\/\/greyson.eu\/?post_type=glossary&p=19956"},"modified":"2026-05-28T12:34:26","modified_gmt":"2026-05-28T12:34:26","slug":"psd2-a-open-banking","status":"publish","type":"glossary","link":"https:\/\/greyson.eu\/cs\/glossary\/psd2-a-open-banking\/","title":{"rendered":"PSD2 a Open Banking"},"content":{"rendered":"
\n

Evropsk\u00e9 finan\u010dn\u00ed prost\u0159ed\u00ed pro\u0161lo za posledn\u00ed desetilet\u00ed z\u00e1sadn\u00ed transformac\u00ed, kterou poh\u00e1n\u011bla jedin\u00e1 regula\u010dn\u00ed povinnost: druh\u00e1 sm\u011brnice o platebn\u00edch slu\u017eb\u00e1ch (PSD2<\/b>). Tato komplexn\u00ed regulace EU spolu se \u0161ir\u0161\u00edm tr\u017en\u00edm pohybem sm\u011brem k otev\u0159en\u00e9mu bankovnictv\u00ed (Open Banking<\/b>) od z\u00e1kladu zm\u011bnila zp\u016fsob, jak\u00fdm finan\u010dn\u00ed instituce, fintech spole\u010dnosti a poskytovatel\u00e9 t\u0159et\u00edch stran nakl\u00e1daj\u00ed s platebn\u00edmi \u00fadaji spot\u0159ebitel\u016f a firem. Pro IT mana\u017eery s rozhodovac\u00ed pravomoc\u00ed a l\u00eddry v oblasti digit\u00e1ln\u00ed transformace ji\u017e nen\u00ed porozum\u011bn\u00ed PSD2 a Open Banking voliteln\u00e9 \u2013 je nezbytn\u00e9 pro orientaci v modern\u00ed architektu\u0159e finan\u010dn\u00edch slu\u017eeb, \u0159\u00edzen\u00ed rizik compliance (souladu s p\u0159edpisy) a vyu\u017e\u00edv\u00e1n\u00ed inova\u010dn\u00edch p\u0159\u00edle\u017eitost\u00ed.<\/p>\n

Tento pr\u016fvodce p\u0159in\u00e1\u0161\u00ed podrobn\u00fd pohled na PSD2 a Open Banking: jejich p\u016fvod, regula\u010dn\u00ed po\u017eadavky, technickou implementaci, byznysov\u00e9 d\u016fsledky a budouc\u00ed v\u00fdvoj. A\u0165 u\u017e jste technick\u00fd \u0159editel (CTO) hodnot\u00edc\u00ed strategie integrace API, pracovn\u00edk compliance posuzuj\u00edc\u00ed regula\u010dn\u00ed povinnosti, nebo zakladatel fintechu buduj\u00edc\u00ed nov\u00e9 platebn\u00ed slu\u017eby, tento \u010dl\u00e1nek v\u00e1m poskytne znalosti pot\u0159ebn\u00e9 k p\u0159ij\u00edm\u00e1n\u00ed informovan\u00fdch rozhodnut\u00ed.<\/p>\n

Co je PSD2 a jak funguje?<\/h2>\n

P\u016fvod a evoluce \u2013 od PSD k PSD2<\/h3>\n

Sm\u011brnice o platebn\u00edch slu\u017eb\u00e1ch (PSD), p\u0159ijat\u00e1 v roce 2007, byla prvn\u00edm pokusem Evropsk\u00e9 unie o harmonizaci regulace platebn\u00edch slu\u017eeb nap\u0159\u00ed\u010d \u010dlensk\u00fdmi st\u00e1ty. P\u016fvodn\u00ed PSD stanovila z\u00e1kladn\u00ed pravidla pro poskytovatele platebn\u00edch slu\u017eeb, standardy ochrany spot\u0159ebitele a zpracov\u00e1n\u00ed p\u0159eshrani\u010dn\u00edch plateb. Na za\u010d\u00e1tku druh\u00e9 dek\u00e1dy 21. stolet\u00ed se v\u0161ak situace v oblasti plateb dramaticky zm\u011bnila. Mobiln\u00ed bankovnictv\u00ed, online obchodov\u00e1n\u00ed a fintech inovace nap\u0159edovaly mnohem rychleji, ne\u017e sm\u011brnice z roku 2007 p\u0159edpokl\u00e1dala. O\u010dek\u00e1v\u00e1n\u00ed spot\u0159ebitel\u016f ohledn\u011b plynul\u00fdch plateb v re\u00e1ln\u00e9m \u010dase vzrostla, hrozby podvod\u016f se vyvinuly a konkuren\u010dn\u00ed prost\u0159ed\u00ed se rozt\u0159\u00ed\u0161tilo.<\/p>\n

V reakci na to Evropsk\u00e1 komise navrhla revidovanou sm\u011brnici PSD2, form\u00e1ln\u011b p\u0159ijatou jako sm\u011brnice (EU) 2015\/2366. PSD2 vstoupila v platnost 12. ledna 2016, p\u0159i\u010dem\u017e \u010dlensk\u00e9 st\u00e1ty EU m\u011bly dva roky na jej\u00ed transpozici do n\u00e1rodn\u00edho pr\u00e1va \u2013 term\u00edn, kter\u00fd v\u011bt\u0161ina zem\u00ed splnila do ledna 2018. Nejd\u016fle\u017eit\u011bj\u0161\u00ed po\u017eadavek na dodr\u017eov\u00e1n\u00ed p\u0159edpis\u016f \u2013 siln\u00e9 ov\u011b\u0159en\u00ed z\u00e1kazn\u00edka (SCA<\/b>) \u2013 se v\u0161ak stal povinn\u00fdm a\u017e 14. z\u00e1\u0159\u00ed 2019, co\u017e poskytlo poskytovatel\u016fm platebn\u00edch slu\u017eeb dodate\u010dn\u00e9 p\u0159echodn\u00e9 obdob\u00ed na implementaci pot\u0159ebn\u00e9 bezpe\u010dnostn\u00ed infrastruktury.<\/p>\n

V\u00fdvoj od PSD k PSD2 odr\u00e1\u017e\u00ed z\u00e1sadn\u00ed posun v regula\u010dn\u00ed filozofii: od statick\u00e9ho stanovov\u00e1n\u00ed pravidel k adaptivn\u00edmu \u0159\u00edzen\u00ed navr\u017een\u00e9mu tak, aby podporovalo inovace a z\u00e1rove\u0148 chr\u00e1nilo spot\u0159ebitele a udr\u017eovalo finan\u010dn\u00ed stabilitu. V sou\u010dasn\u00e9 dob\u011b ji\u017e Evropsk\u00e1 komise p\u0159ipravuje sm\u011brnici PSD3, od kter\u00e9 se o\u010dek\u00e1v\u00e1 dal\u0161\u00ed roz\u0161\u00ed\u0159en\u00ed rozsahu otev\u0159en\u00e9ho finan\u010dnictv\u00ed (Open Finance) a pos\u00edlen\u00ed pr\u00e1v spot\u0159ebitel\u016f.<\/p>\n\n\n\n\n\n\n\n
Regula\u010dn\u00ed f\u00e1ze<\/strong><\/td>\nRok p\u0159ijet\u00ed<\/strong><\/td>\nVstup v platnost<\/strong><\/td>\nHlavn\u00ed oblasti zam\u011b\u0159en\u00ed<\/strong><\/td>\nStav<\/strong><\/td>\n<\/tr>\n<\/thead>\n
Sm\u011brnice o platebn\u00edch slu\u017eb\u00e1ch (PSD)<\/b><\/span><\/td>\n2007<\/span><\/td>\n2009<\/span><\/td>\nHarmonizace, ochrana spot\u0159ebitele, p\u0159eshrani\u010dn\u00ed platby<\/span><\/td>\nNahrazena sm\u011brnic\u00ed PSD2<\/span><\/td>\n<\/tr>\n
Sm\u011brnice o platebn\u00edch slu\u017eb\u00e1ch 2 (PSD2)<\/b><\/span><\/td>\n2015<\/span><\/td>\nLeden 2016 (transpozice do led. 2018)<\/span><\/td>\nOpen Banking, SCA, p\u0159\u00edstup poskytovatel\u016f t\u0159et\u00edch stran, bezpe\u010dnost plateb<\/span><\/td>\nAktivn\u00ed (pln\u00fd soulad od z\u00e1\u0159\u00ed 2019)<\/span><\/td>\n<\/tr>\n
Sm\u011brnice o platebn\u00edch slu\u017eb\u00e1ch 3 (PSD3) \u2013 N\u00e1vrh<\/b><\/span><\/td>\n2023<\/span><\/td>\nO\u010dek\u00e1v\u00e1 se 2025\u20132026<\/span><\/td>\nRoz\u0161\u00ed\u0159en\u00fd rozsah (spo\u0159en\u00ed, investice), open finance, pos\u00edlen\u00e1 pr\u00e1va spot\u0159ebitel\u016f<\/span><\/td>\nV legislativn\u00edm procesu<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Hlavn\u00ed c\u00edle a rozsah p\u016fsobnosti<\/h3>\n

Sm\u011brnice PSD2 byla navr\u017eena k dosa\u017een\u00ed \u010dty\u0159 prim\u00e1rn\u00edch c\u00edl\u016f, z nich\u017e ka\u017ed\u00fd \u0159e\u0161\u00ed konkr\u00e9tn\u00ed selh\u00e1n\u00ed trhu nebo regula\u010dn\u00ed mezeru:<\/p>\n

    \n
  1. \n

    Vytvo\u0159it integrovan\u011bj\u0161\u00ed a efektivn\u011bj\u0161\u00ed evropsk\u00fd platebn\u00ed trh.<\/b> Harmonizac\u00ed pravidel platebn\u00edch slu\u017eeb v cel\u00e9m Evropsk\u00e9m hospod\u00e1\u0159sk\u00e9m prostoru (EHP) PSD2 odstranila rozt\u0159\u00ed\u0161t\u011bn\u00e9 n\u00e1rodn\u00ed regulace, kter\u00e9 d\u0159\u00edve br\u00e1nily p\u0159eshrani\u010dn\u00edm platebn\u00edm tok\u016fm. Tato integrace sni\u017euje t\u0159en\u00ed pro nadn\u00e1rodn\u00ed podniky a umo\u017e\u0148uje panevropsk\u00fdm fintech platform\u00e1m efektivn\u011b r\u016fst.<\/p>\n<\/li>\n

  2. \n

    Vyrovnat podm\u00ednky hospod\u00e1\u0159sk\u00e9 sout\u011b\u017ee pre poskytovatele platebn\u00edch slu\u017eeb.<\/b> P\u016fvodn\u00ed PSD vytv\u00e1\u0159ela bari\u00e9ry vstupu pro nebankovn\u00ed poskytovatele plateb. PSD2 explicitn\u011b uzn\u00e1v\u00e1 nov\u00e9 kateg\u00f3rie poskytovatel\u016f platebn\u00edch slu\u017eeb \u2013 poskytovatele slu\u017eeb informov\u00e1n\u00ed o \u00fa\u010dtu (AISP<\/b>) a poskytovatele slu\u017eeb iniciov\u00e1n\u00ed platby (PISP<\/b>) \u2013 a ud\u011bluje jim regulovan\u00fd p\u0159\u00edstup k bankovn\u00edm \u00fa\u010dt\u016fm z\u00e1kazn\u00edk\u016f (za p\u0159edpokladu souhlasu z\u00e1kazn\u00edka). Tato demokratizace platebn\u00edch slu\u017eeb umo\u017enila tis\u00edc\u016fm fintech startup\u016f spustit inovativn\u00ed slu\u017eby, kter\u00e9 byly d\u0159\u00edve nerealizovateln\u00e9.<\/p>\n<\/li>\n

  3. \n

    Zv\u00fd\u0161it bezpe\u010dnost plateb a sn\u00ed\u017eit po\u010det podvod\u016f.<\/b> Po\u017eadavek PSD2 na siln\u00e9 ov\u011b\u0159en\u00ed z\u00e1kazn\u00edka naria\u010fuje, \u017ee v\u0161echny online platebn\u00ed transakce mus\u00ed b\u00fdt ov\u011b\u0159eny pomoc\u00ed dvou nez\u00e1visl\u00fdch faktor\u016f autentizace. Tato po\u017eadavek dramaticky sn\u00ed\u017eil platebn\u00ed podvody v cel\u00e9m EHP, a\u010dkoli obchodn\u00edk\u016fm a spot\u0159ebitel\u016fm p\u0159inesl i provozn\u00ed v\u00fdzvy.<\/p>\n<\/li>\n

  4. \n

    Chr\u00e1nit \u00fadaje spot\u0159ebitel\u016f a firem.<\/b> PSD2 stanovuje p\u0159\u00edsn\u00e9 po\u017eadavky na spr\u00e1vu dat a vy\u017eaduje v\u00fdslovn\u00fd souhlas spot\u0159ebitele p\u0159edt\u00edm, ne\u017e k informac\u00edm o \u00fa\u010dtu z\u00edsk\u00e1 p\u0159\u00edstup jak\u00fdkoli poskytovatel t\u0159et\u00ed strany. Od poskytovatel\u016f platebn\u00edch slu\u017eeb se vy\u017eaduje tak\u00e9 implementace robustn\u00edch opat\u0159en\u00ed kybernetick\u00e9 bezpe\u010dnosti, nahla\u0161ov\u00e1n\u00ed bezpe\u010dnostn\u00edch incident\u016f a udr\u017eov\u00e1n\u00ed standard\u016f provozn\u00ed odolnosti.<\/p>\n<\/li>\n<\/ol>\n

    Geografick\u00e1 a odv\u011btvov\u00e1 pou\u017eitelnost<\/h3>\n

    PSD2 se vztahuje na v\u0161echny poskytovatele platebn\u00edch slu\u017eeb p\u016fsob\u00edc\u00ed v Evropsk\u00e9m hospod\u00e1\u0159sk\u00e9m prostoru (EHP), kter\u00fd zahrnuje v\u0161echny \u010dlensk\u00e9 st\u00e1ty EU plus Island, Lichten\u0161tejnsko a Norsko. Sm\u011brnice se vztahuje tak\u00e9 na poskytovatele platebn\u00edch slu\u017eeb ve Spojen\u00e9m kr\u00e1lovstv\u00ed na z\u00e1klad\u011b specifick\u00fdch pobrexitov\u00fdch dohod, a\u010dkoli Spojen\u00e9 kr\u00e1lovstv\u00ed za\u010dalo rozv\u00edjet sv\u016fj vlastn\u00ed regula\u010dn\u00ed r\u00e1mec pro Open Banking.<\/p>\n

    Mezi poskytovatele platebn\u00edch slu\u017eeb, na kter\u00e9 se vztahuje PSD2, pat\u0159\u00ed tradi\u010dn\u00ed banky, platebn\u00ed instituce (licencovan\u00ed nebankovn\u00ed zpracovatel\u00e9 plateb), instituce elektronick\u00fdch pen\u011bz a ur\u010dit\u00e9 fintech spole\u010dnosti. Poskytovatel\u00e9 t\u0159et\u00edch stran \u2013 AISP a PISP \u2013 mus\u00ed b\u00fdt registrov\u00e1ni u sv\u00e9ho n\u00e1rodn\u00edho finan\u010dn\u00edho regul\u00e1tora a mus\u00ed spl\u0148ovat technick\u00e9 a bezpe\u010dnostn\u00ed \u0161tandardy PSD2, a to i v p\u0159\u00edpad\u011b, \u017ee nedisponuj\u00ed finan\u010dn\u00edmi prost\u0159edky z\u00e1kazn\u00edk\u016f.<\/p>\n

    Pro firmy p\u016fsob\u00edc\u00ed ve st\u0159edn\u00ed a v\u00fdchodn\u00ed Evrop\u011b (SVE) \u2013 v\u010detn\u011b \u010cesk\u00e9 republiky, Slovenska a dal\u0161\u00edch \u010dlensk\u00fdch st\u00e1t\u016f EU \u2013 je dodr\u017eov\u00e1n\u00ed PSD2 povinn\u00e9. To p\u0159ineslo v\u00fdzvy i p\u0159\u00edle\u017eitosti: finan\u010dn\u00ed instituce musely v\u00fdrazn\u011b investovat do infrastruktury API a bezpe\u010dnostn\u00edch protokol\u016f, zat\u00edmco fintech spole\u010dnosti na\u0161ly nov\u00e9 kan\u00e1ly pro inovace a konkurenceschopnost.<\/p>\n

    Jak\u00e9 jsou kl\u00ed\u010dov\u00e9 komponenty souladu s PSD2?<\/h2>\n

    Siln\u00e9 ov\u011b\u0159en\u00ed z\u00e1kazn\u00edka (SCA)<\/h3>\n

    Siln\u00e9 ov\u011b\u0159en\u00ed z\u00e1kazn\u00edka (SCA) je pravd\u011bpodobn\u011b nejviditeln\u011bj\u0161\u00edm po\u017eadavkem PSD2 s nejv\u011bt\u0161\u00edm provozn\u00edm dopadem. SCA vy\u017eaduje, aby byly v\u0161echny online platebn\u00ed transakce ov\u011b\u0159eny pomoc\u00ed dvou nebo v\u00edce nez\u00e1visl\u00fdch prvk\u016f ze t\u0159\u00ed kategori\u00ed:<\/p>\n

      \n
    • \n

      n\u011bco, co v\u00edte<\/b> (znalost, nap\u0159\u00edklad heslo nebo PIN k\u00f3d),<\/p>\n<\/li>\n

    • \n

      n\u011bco, co vlastn\u00edte<\/b> (vlastnictv\u00ed, nap\u0159\u00edklad mobiln\u00ed telefon nebo hardwarov\u00fd token),<\/p>\n<\/li>\n

    • \n

      n\u011bco, \u010d\u00edm jste<\/b> (biometrie, nap\u0159\u00edklad otisk prstu nebo rozpozn\u00e1v\u00e1n\u00ed obli\u010deje).<\/p>\n<\/li>\n<\/ul>\n

      Regula\u010dn\u00ed technick\u00e9 standardy pro SCA, kter\u00e9 zve\u0159ejnil Evropsk\u00fd org\u00e1n pro bankovnictv\u00ed (EBA<\/b>) v b\u0159eznu 2018, se staly povinn\u00fdmi 14. z\u00e1\u0159\u00ed 2019. Od tohoto dne \u010delil ka\u017ed\u00fd poskytovatel platebn\u00edch slu\u017eeb, kter\u00fd neimplementoval SCA, regula\u010dn\u00edm sankc\u00edm a odpov\u011bdnosti za podvodn\u00e9 transakce.<\/p>\n

      Sm\u011brnice PSD2 a usnesen\u00ed EBA v\u0161ak obsahuj\u00ed n\u011bkolik d\u016fle\u017eit\u00fdch v\u00fdjimek z po\u017eadavku na SCA za p\u0159edpokladu, \u017ee poskytovatel\u00e9 platebn\u00edch slu\u017eeb dok\u00e1\u017eou prok\u00e1zat, \u017ee transakce pat\u0159\u00ed do n\u00edzkorizikov\u00e9 kategorie:<\/p>\n

        \n
      • \n

        Transakce n\u00edzk\u00e9 hodnoty:<\/b> Platby do 30 \u20ac (tento limit si v\u0161ak mohou jednotliv\u00e9 \u010dlensk\u00e9 st\u00e1ty upravit).<\/p>\n<\/li>\n

      • \n

        Opakuj\u00edc\u00ed se platby:<\/b> Transakce, p\u0159i kter\u00fdch pl\u00e1tce ji\u017e ov\u011b\u0159il prvn\u00ed platbu v s\u00e9rii.<\/p>\n<\/li>\n

      • \n

        B\u00edl\u00e1 listina obchodn\u00edk\u016f (whitelisting):<\/b> Platby obchodn\u00edk\u016fm, kter\u00e9 z\u00e1kazn\u00edk v\u00fdslovn\u011b schv\u00e1lil.<\/p>\n<\/li>\n

      • \n

        Platba sob\u011b sam\u00e9mu:<\/b> P\u0159evody mezi \u00fa\u010dty veden\u00fdmi t\u00fdm\u017e z\u00e1kazn\u00edkem.<\/p>\n<\/li>\n

      • \n

        D\u016fv\u011bryhodn\u00ed p\u0159\u00edjemci:<\/b> P\u0159evody p\u0159edem schv\u00e1len\u00fdm p\u0159\u00edjemc\u016fm.<\/p>\n<\/li>\n<\/ul>\n

        Tyto v\u00fdjimky byly nezbytn\u00e9 k tomu, aby SCA neochromila e-commerce a modely p\u0159edplatn\u00e9ho. Vytvo\u0159ily v\u0161ak tak\u00e9 bezpe\u010dnostn\u00ed zranitelnosti: podvodn\u00edci za\u010dali zneu\u017e\u00edvat mezery ve v\u00fdjimk\u00e1ch, a poskytovatel\u00e9 platebn\u00edch slu\u017eeb proto mus\u00ed nasazovat sofistikovan\u00e9 syst\u00e9my autentizace zalo\u017een\u00e9 na hodnocen\u00ed rizik, aby dok\u00e1zali odli\u0161it n\u00edzkorizikov\u00e9 transakce od potenci\u00e1ln\u00edch podvod\u016f.<\/p>\n

        Nad r\u00e1mec z\u00e1kladn\u00edho dvoufaktorov\u00e9ho po\u017eadavku zav\u00e1d\u00ed PSD2 koncept dynamick\u00e9ho propojen\u00ed (dynamic linking)<\/b> pro kartov\u00e9 transakce. Dynamick\u00e9 propojen\u00ed vy\u017eaduje, aby proces autentizace explicitn\u011b potvrdil \u010d\u00e1stku platby a \u00fadaje o p\u0159\u00edjemci. T\u00edm se p\u0159edch\u00e1z\u00ed \u00fatok\u016fm typu man-in-the-middle, kdy by podvodn\u00edk zachytil platbu a zm\u011bnil \u00fadaje o transakci po proveden\u00ed autentizace.<\/p>\n

        Standardy Open Banking a API<\/h3>\n

        Zat\u00edmco SCA \u0159e\u0161\u00ed bezpe\u010dnost plateb, ustanoven\u00ed PSD2 o otev\u0159en\u00e9m bankovnictv\u00ed \u0159e\u0161\u00ed p\u0159\u00edstup k dat\u016fm a interoperabilitu. \u010cl\u00e1nek 4 sm\u011brnice PSD2 vy\u017eaduje, aby poskytovatel\u00e9 platebn\u00edch slu\u017eeb zp\u0159\u00edstupnili informace o \u00fa\u010dtech z\u00e1kazn\u00edk\u016f a slu\u017eby iniciov\u00e1n\u00ed plateb autorizovan\u00fdm poskytovatel\u016fm t\u0159et\u00edch stran prost\u0159ednictv\u00edm bezpe\u010dn\u00fdch, standardizovan\u00fdch API. Tyto API mus\u00ed spl\u0148ovat \u201espole\u010dn\u00e9 a bezpe\u010dn\u00e9 otev\u0159en\u00e9 standardy komunikace\u201c.<\/p>\n

        Regula\u010dn\u00ed technick\u00e9 standardy EBA specifikuj\u00ed, \u017ee tato API mus\u00ed b\u00fdt:<\/p>\n

          \n
        • \n

          Standardizovan\u00e1:<\/b> Konzistentn\u00ed nap\u0159\u00ed\u010d v\u0161emi poskytovateli platebn\u00edch slu\u017eeb, co\u017e umo\u017e\u0148uje v\u00fdvoj\u00e1\u0159\u016fm t\u0159et\u00edch stran napsat k\u00f3d jednou a integrovat jej s v\u00edcero bankami.<\/p>\n<\/li>\n

        • \n

          Bezpe\u010dn\u00e1:<\/b> Chr\u00e1n\u011bn\u00e1 \u0161ifrov\u00e1n\u00edm, vz\u00e1jemnou autentizac\u00ed a kontrolou p\u0159\u00edstupu.<\/p>\n<\/li>\n

        • \n

          Spolehliv\u00e1:<\/b> Dostupn\u00e1 po 99,5 % \u010dasu (s zdokumentovan\u00fdmi smlouvami o \u00farovni poskytovan\u00fdch slu\u017eeb \u2013 SLA).<\/p>\n<\/li>\n

        • \n

          V\u00fdkonn\u00e1:<\/b> Schopn\u00e1 zpracov\u00e1vat po\u017eadavky v r\u00e1mci definovan\u00fdch \u010dasov\u00fdch oken odezvy.<\/p>\n<\/li>\n<\/ul>\n

          V praxi to vedlo k vzniku standard\u016f Open Banking API, jako jsou Open Banking Standard<\/i> (UK), specifikace Berlin Group NextGenPSD2<\/i> (Evropa) a r\u016fzn\u00e9 n\u00e1rodn\u00ed implementace. Tyto standardy definuj\u00ed technickou strukturu po\u017eadavk\u016f a odpov\u011bd\u00ed API, autentiza\u010dn\u00ed protokoly a datov\u00e9 form\u00e1ty.<\/p>\n

          Kl\u00ed\u010dov\u00fdm aspektem Open Banking API je, \u017ee funguj\u00ed na modelu zalo\u017een\u00e9m na souhlasu. Poskytovatel t\u0159et\u00ed strany nem\u016f\u017ee z\u00edskat p\u0159\u00edstup k \u00fadaj\u016fm o \u00fa\u010dtu z\u00e1kazn\u00edka bez jeho v\u00fdslovn\u00e9ho a informovan\u00e9ho souhlasu. Z\u00e1kazn\u00edk mus\u00ed b\u00fdt p\u0159esn\u011b informov\u00e1n o tom, ke kter\u00fdm dat\u016fm bude m\u00edt TPP (poskytovatel t\u0159et\u00ed strany) p\u0159\u00edstup, na jak dlouho a za jak\u00fdm \u00fa\u010delem. Tento souhlas se zaznamen\u00e1v\u00e1 na bankovn\u00edm \u00fa\u010dtu z\u00e1kazn\u00edka a lze jej kdykoli odvolat.<\/p>\n

          Slu\u017eby informov\u00e1n\u00ed o \u00fa\u010dtu (AIS) a slu\u017eby iniciov\u00e1n\u00ed platby (PIS)<\/h3>\n

          PSD2 rozli\u0161uje dv\u011b hlavn\u00ed kategorie slu\u017eeb t\u0159et\u00edch stran, kter\u00e9 funguj\u00ed prost\u0159ednictv\u00edm Open Banking API:<\/p>\n

            \n
          • \n

            Slu\u017eby informov\u00e1n\u00ed o \u00fa\u010dtu (AIS):<\/b> AISP je licencovan\u00fd poskytovatel t\u0159et\u00ed strany, kter\u00fd m\u016f\u017ee p\u0159istupovat k informac\u00edm o \u00fa\u010dtu z\u00e1kazn\u00edka \u2013 historii transakc\u00ed, z\u016fstatku na \u00fa\u010dtu, historii plateb \u2013 za \u00fa\u010delem poskytov\u00e1n\u00ed slu\u017eeb finan\u010dn\u00edho \u0159\u00edzen\u00ed, anal\u00fdz nebo poradenstv\u00ed. P\u0159\u00edkladem jsou aplikace pro spr\u00e1vu osobn\u00edch financ\u00ed (jako rozpo\u010dtov\u00e9 funkce v Revolut nebo N26), aplikace pro sledov\u00e1n\u00ed v\u00fddaj\u016f a platformy finan\u010dn\u00ed analytiky. AISP nem\u016f\u017ee iniciovat platby, m\u016f\u017ee pouze \u010d\u00edst data z \u00fa\u010dtu.<\/p>\n<\/li>\n

          • \n

            Slu\u017eby iniciov\u00e1n\u00ed platby (PIS):<\/b> PISP je licencovan\u00fd poskytovatel t\u0159ti strany, kter\u00fd m\u016f\u017ee iniciovat platby jm\u00e9nem z\u00e1kazn\u00edka p\u0159\u00edmo z jeho bankovn\u00edho \u00fa\u010dtu. P\u0159\u00edkladem jsou fintech platebn\u00ed platformy (jako Wise nebo platebn\u00ed odkazy Stripe), slu\u017eby pro \u00fahradu faktur a alternativn\u00ed \u0159e\u0161en\u00ed pokladen v e-shopech. PISP m\u016f\u017ee iniciovat platby, ale obvykle nem\u016f\u017ee \u010d\u00edst historick\u00e1 data o \u00fa\u010dtu (a\u010dkoli n\u011bkter\u00e9 implementace umo\u017e\u0148uj\u00ed omezen\u00fd p\u0159\u00edstup k dat\u016fm z d\u016fvodu prevence podvod\u016f).<\/p>\n<\/li>\n<\/ul>\n\n\n\n\n\n\n
            Typ slu\u017eby<\/strong><\/td>\nP\u0159\u00edstup k dat\u016fm<\/strong><\/td>\nIniciov\u00e1n\u00ed platby<\/strong><\/td>\nP\u0159\u00edklady pou\u017eit\u00ed<\/strong><\/td>\nRegula\u010dn\u00ed po\u017eadavky<\/strong><\/td>\n<\/tr>\n<\/thead>\n
            Slu\u017eba informov\u00e1n\u00ed o \u00fa\u010dtu (AIS)<\/b><\/span><\/td>\nAno \u2013 p\u0159\u00edstup pouze pro \u010dten\u00ed historie transakc\u00ed, z\u016fstatku a detail\u016f \u00fa\u010dtu<\/span><\/td>\nNe<\/span><\/td>\nSpr\u00e1va osobn\u00edch financ\u00ed, rozpo\u010dtov\u00e9 aplikace, finan\u010dn\u00ed analytika, sk\u00f3ring \u00fav\u011bruschopnosti<\/span><\/td>\nMus\u00ed m\u00edt licenci; mus\u00ed z\u00edskat v\u00fdslovn\u00fd souhlas z\u00e1kazn\u00edka; mus\u00ed dodr\u017eovat limity uchov\u00e1v\u00e1n\u00ed \u00fadaj\u016f (obvykle 90 dn\u00ed)<\/span><\/td>\n<\/tr>\n
            Slu\u017eba iniciov\u00e1n\u00ed platby (PIS)<\/b><\/span><\/td>\nOmezen\u00fd \u2013 obvykle pouze pro prevenci podvod\u016f a potvrzen\u00ed platby<\/span><\/td>\nAno \u2013 m\u016f\u017ee iniciovat jednor\u00e1zov\u00e9 nebo opakuj\u00edc\u00ed se platby<\/span><\/td>\nAlternativn\u00ed pokladny v e-shopech, \u00fahrady faktur, platby slo\u017eenek, p\u0159eshrani\u010dn\u00ed p\u0159evody, peer-to-peer platby<\/span><\/td>\nMus\u00ed m\u00edt licenci; mus\u00ed z\u00edskat v\u00fdslovn\u00fd souhlas z\u00e1kazn\u00edka; mus\u00ed implementovat SCA pro potvrzen\u00ed platby; mus\u00ed poskytovat potvrzen\u00ed o transakc\u00edch<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

            Poskytovatel\u00e9 AIS i PISP mus\u00ed b\u00fdt form\u00e1ln\u011b registrov\u00e1ni u sv\u00e9ho n\u00e1rodn\u00edho finan\u010dn\u00edho regul\u00e1tora. V \u010cR je to \u010cesk\u00e1 n\u00e1rodn\u00ed banka (\u010cNB). Registrace vy\u017eaduje prok\u00e1z\u00e1n\u00ed technick\u00e9 zp\u016fsobilosti, bezpe\u010dnostn\u00edch opat\u0159en\u00ed, struktur \u0159\u00edzen\u00ed a finan\u010dn\u00ed stability. Po registraci z\u00edsk\u00e1vaj\u00ed poskytovatel\u00e9 AIS a PISP z\u00e1konn\u00e9 pr\u00e1vo na p\u0159\u00edstup k bankovn\u00edm \u00fa\u010dt\u016fm z\u00e1kazn\u00edk\u016f (se souhlasem z\u00e1kazn\u00edka) a podl\u00e9haj\u00ed pr\u016fb\u011b\u017en\u00e9mu regula\u010dn\u00edmu dohledu.<\/p>\n

            Jak Open Banking API umo\u017e\u0148uj\u00ed sd\u00edlen\u00ed finan\u010dn\u00edch dat?<\/h2>\n

            Architektura API a technick\u00e1 implementace<\/h3>\n

            Open Banking API jsou postavena na standardn\u00edch webov\u00fdch technologi\u00edch: protokolech RESTful HTTP, datov\u00fdch form\u00e1tech JSON a autentizaci OAuth 2.0. Tento technick\u00fd z\u00e1klad byl zvolen z\u00e1m\u011brn\u011b, aby se sn\u00ed\u017eily bari\u00e9ry vstupu pro fintech v\u00fdvoj\u00e1\u0159e a zajistila se kompatibilita mezi r\u016fzn\u00fdmi bankovn\u00edmi syst\u00e9my.<\/p>\n

            Typick\u00fd tok Open Banking API prob\u00edh\u00e1 n\u00e1sledovn\u011b:<\/p>\n

              \n
            1. \n

              Z\u00e1kazn\u00edk iniciuje po\u017eadavek:<\/b> Z\u00e1kazn\u00edk v prost\u0159ed\u00ed fintech aplikace klikne na tla\u010d\u00edtko \u201eP\u0159ipojit bankovn\u00ed \u00fa\u010det\u201c. Aplikace ho p\u0159esm\u011bruje na p\u0159ihla\u0161ovac\u00ed str\u00e1nku jeho banky (nebo na rozhran\u00ed agreg\u00e1tora).<\/p>\n<\/li>\n

            2. \n

              Z\u00e1kazn\u00edk se autentizuje a ud\u011bl\u00ed souhlas:<\/b> Z\u00e1kazn\u00edk se p\u0159ihl\u00e1s\u00ed do sv\u00e9 banky pomoc\u00ed sv\u00fdch b\u011b\u017en\u00fdch p\u0159ihla\u0161ovac\u00edch \u00fadaj\u016f. Banka mu n\u00e1sledn\u011b zobraz\u00ed obrazovku se souhlasem, kde p\u0159esn\u011b vid\u00ed, ke kter\u00fdm dat\u016fm bude m\u00edt aplikace t\u0159et\u00ed strany p\u0159\u00edstup, na jak dlouho a za jak\u00fdm \u00fa\u010delem. Z\u00e1kazn\u00edk po\u017eadavek v\u00fdslovn\u011b schv\u00e1l\u00ed nebo zam\u00edtne.<\/p>\n<\/li>\n

            3. \n

              Banka vygeneruje autoriza\u010dn\u00ed k\u00f3d:<\/b> V p\u0159\u00edpad\u011b schv\u00e1len\u00ed banka vygeneruje \u010dasov\u011b omezen\u00fd autoriza\u010dn\u00fd k\u00f3d a p\u0159esmeruje z\u00e1kazn\u00edka zp\u011bt do fintech aplikace.<\/p>\n<\/li>\n

            4. \n

              Aplikace t\u0159et\u00ed strany vym\u011bn\u00ed k\u00f3d za p\u0159\u00edstupov\u00fd token:<\/b> Fintech aplikace pou\u017eije autoriza\u010dn\u00ed k\u00f3d k vy\u017e\u00e1d\u00e1n\u00ed p\u0159\u00edstupov\u00e9ho tokenu (access token) z API serveru banky. Tato v\u00fdm\u011bna prob\u00edh\u00e1 na \u00farovni server-to-server, nikoli p\u0159es prohl\u00ed\u017ee\u010d z\u00e1kazn\u00edka, co\u017e zaru\u010duje, \u017ee aplikace nikdy neuvid\u00ed p\u0159ihla\u0161ovac\u00ed \u00fadaje z\u00e1kazn\u00edka do banky.<\/p>\n<\/li>\n

            5. \n

              Aplikace t\u0159et\u00ed strany dotazuje data o \u00fa\u010dtu:<\/b> Fintech aplik\u00e1cia pou\u017eije pr\u00edstupov\u00fd token k odes\u00edl\u00e1n\u00ed po\u017eadavk\u016f do Open Banking API banky, \u010d\u00edm\u017e z\u00edsk\u00e1v\u00e1 informace o \u00fa\u010dtu, historii transakc\u00ed nebo iniciuje platby v rozsahu ud\u011blen\u00e9ho opr\u00e1vn\u011bn\u00ed.<\/p>\n<\/li>\n

            6. \n

              Banka vr\u00e1t\u00ed data a zaznamen\u00e1 p\u0159\u00edstup:<\/b> Banka vr\u00e1t\u00ed po\u017eadovan\u00e1 data v \u0161tandardizovan\u00e9m form\u00e1tu JSON a zaznamen\u00e1 ka\u017ed\u00fd p\u0159\u00edstup k API do log\u016f pro \u00fa\u010dely auditu a compliance.<\/p>\n<\/li>\n<\/ol>\n

              Tento tok OAuth 2.0 zaji\u0161\u0165uje, \u017ee fintech aplikace nikdy nez\u00edsk\u00e1 p\u0159\u00edm\u00fd p\u0159\u00edstup k bankovn\u00edm p\u0159ihla\u0161ovac\u00edm \u00fadaj\u016fm z\u00e1kazn\u00edka. Banka nam\u00edsto toho vystupuje jako d\u016fv\u011bryhodn\u00fd zprost\u0159edkovatel, kter\u00fd vyd\u00e1v\u00e1 \u010dasov\u011b omezen\u00e9 p\u0159\u00edstupov\u00e9 tokeny, kter\u00e9 lze kdykoli odvolat.<\/p>\n

              Z technick\u00e9ho hlediska banky implementovaly Open Banking API obvykle jedn\u00edm ze dvou p\u0159\u00edstup\u016f:<\/p>\n

              \n

              P\u0159\u00edstup 1: P\u0159\u00edm\u00e1 integrace API<\/b><\/p>\n

              Banka vybuduje vlastn\u00ed Open Banking API p\u0159\u00edmo nad sv\u00fdm hlavn\u00edm bankovn\u00edm syst\u00e9mem (core banking) a zp\u0159\u00edstupn\u00ed data o \u00fa\u010dtech a funkce iniciov\u00e1n\u00ed plateb p\u0159es \u0161tandardizovan\u00e9 endpointy. Tento p\u0159\u00edstup nab\u00edz\u00ed maxim\u00e1ln\u00ed kontrolu a p\u0159izp\u016fsobitelnost, ale vy\u017eaduje si v\u00fdrazn\u00e9 investice do v\u00fdvoje.<\/p>\n

              P\u0159\u00edstup 2: Platforma pro agregaci API<\/b><\/p>\n

              Banka spolupracuje s extern\u00ed platformou pro agregaci API (jako Plaid, TrueLayer \u010di Kevin), kter\u00e1 stoj\u00ed mezi star\u0161\u00edmi syst\u00e9my (legacy systems) banky a v\u00fdvoj\u00e1\u0159i t\u0159et\u00edch stran. Agrega\u010dn\u00ed platforma zaji\u0161\u0165uje autentizaci, normalizaci dat a standardizaci API, co\u017e sni\u017euje v\u00fdvojovou z\u00e1t\u011b\u017e banky, ale p\u0159in\u00e1\u0161\u00ed z\u00e1vislost na agreg\u00e1torovi.<\/p>\n<\/blockquote>\n

              Mnoh\u00e9 velk\u00e9 evropsk\u00e9 banky zvolily hybridn\u00ed p\u0159\u00edstup: intern\u00ed budov\u00e1n\u00ed kl\u00ed\u010dov\u00fdch Open Banking API a sou\u010dasnou participaci na platform\u00e1ch pr\u016fmyslov\u00fdch standard\u016f pro zaji\u0161t\u011bn\u00ed \u0161ir\u0161\u00ed kompatibility v ekosyst\u00e9mu.<\/p>\n

              Souhlas spot\u0159ebitele a spr\u00e1va dat<\/h3>\n

              Z\u00e1kladn\u00edm principem PSD2 Open Banking je v\u00fdslovn\u00fd a informovan\u00fd souhlas spot\u0159ebitele. P\u0159edt\u00edm, ne\u017e m\u016f\u017ee jak\u00fdkoli poskytovatel t\u0159et\u00ed strany p\u0159istupovat k \u00fadaj\u016fm o \u00fa\u010dtu nebo iniciovat platby, mus\u00ed b\u00fdt z\u00e1kazn\u00edkovi jasn\u011b zobrazeny informace o:<\/p>\n

                \n
              • \n

                identit\u011b poskytovatele t\u0159et\u00ed strany,<\/p>\n<\/li>\n

              • \n

                konkr\u00e9tn\u00edch po\u017eadovan\u00fdch datech nebo funkc\u00edch (nap\u0159. \u201e\u010d\u00edst historii transakc\u00ed za posledn\u00edch 90 dn\u00ed\u201c nebo \u201einiciovat platby do v\u00fd\u0161e 50 000 K\u010d\u201c),<\/p>\n<\/li>\n

              • \n

                trv\u00e1n\u00ed souhlasu (nap\u0159. \u201ena 90 dn\u00ed\u201c nebo \u201edo odvol\u00e1n\u00ed\u201c),<\/p>\n<\/li>\n

              • \n

                \u00fa\u010delu p\u0159\u00edstupu k dat\u016fm (nap\u0159. \u201epro poskytov\u00e1n\u00ed rozpo\u010dtov\u00e9ho poradenstv\u00ed\u201c nebo \u201epro spracov\u00e1n\u00ed \u00fahrad faktur\u201c).<\/p>\n<\/li>\n<\/ul>\n

                Tento model souhlasu se v\u00fdrazn\u011b li\u0161\u00ed od tradi\u010dn\u00edho modelu \u201ep\u0159ihla\u0161ovac\u00edho jm\u00e9na a hesla\u201c, kdy z\u00e1kazn\u00edk odevzdal sv\u00e9 bankovn\u00ed p\u0159ihla\u0161ovac\u00ed \u00fadaje aplikaci t\u0159et\u00ed strany, \u010d\u00edm\u017e j\u00ed ud\u011blil neomezen\u00fd p\u0159\u00edstup na neur\u010dito. Model souhlasu PSD2 je mnohem podrobn\u011bj\u0161\u00ed (granul\u00e1rn\u011bj\u0161\u00ed) a transparentn\u011bj\u0161\u00ed.<\/p>\n

                Spr\u00e1va dat podle PSD2 zahrnuje tak\u00e9 p\u0159\u00edsn\u00e9 limity uchov\u00e1v\u00e1n\u00ed \u00fadaj\u016f. Poskytovatel\u00e9 slu\u017eeb informov\u00e1n\u00ed o \u00fa\u010dtu maj\u00ed obvykle povoleno uchov\u00e1vat transak\u010dn\u00ed data pouze 90 dn\u00ed po vypr\u0161en\u00ed souhlasu z\u00e1kazn\u00edka. To br\u00e1n\u00ed fintech spole\u010dnostem budovat trval\u00e9 datab\u00e1ze finan\u010dn\u00ed historie z\u00e1kazn\u00edk\u016f bez jejich pr\u016fb\u011b\u017en\u00e9ho souhlasu.<\/p>\n

                Krom\u011b toho je PSD2 zosoulad\u011bna se v\u0161eobecn\u00fdm na\u0159\u00edzen\u00edm EU o ochran\u011b osobn\u00edch \u00fadaj\u016f (GDPR<\/b>), kter\u00e9 z\u00e1kazn\u00edk\u016fm poskytuje dal\u0161\u00ed pr\u00e1va: pr\u00e1vo na p\u0159\u00edstup ke sv\u00fdm dat\u016fm, pr\u00e1vo na opravu nep\u0159esn\u00fdch dat a pr\u00e1vo na zapomn\u011bn\u00ed (vymaz\u00e1n\u00ed dat). Tato pr\u00e1va p\u0159id\u00e1vaj\u00ed dal\u0161\u00ed vrstvu komplexnosti do spr\u00e1vy dat a vy\u017eaduj\u00ed od fintech spole\u010dnost\u00ed a bank implementaci robustn\u00edch postup\u016f \u0159\u00edzen\u00ed a maz\u00e1n\u00ed dat.<\/p>\n

                Bezpe\u010dnostn\u00ed opat\u0159en\u00ed a prevence podvod\u016f<\/h3>\n

                Open Banking API jsou pro kyberzlo\u010dince lukrativn\u00edm c\u00edlem. Kompromitovan\u00e9 API by mohlo odhalit miliony z\u00e1kaznick\u00fdch transakc\u00ed, z\u016fstatk\u016f a osobn\u00edch finan\u010dn\u00edch \u00fadaj\u016f. V d\u016fsledku toho PSD2 naria\u010fuje p\u0159\u00edsn\u00e1 bezpe\u010dnostn\u00ed opat\u0159en\u00ed:<\/p>\n

                  \n
                • \n

                  \u0160ifrov\u00e1n\u00ed:<\/b> V\u0161echna komunikace p\u0159es API mus\u00ed b\u00fdt \u0161ifrov\u00e1na pomoc\u00ed protokol\u016f TLS 1.2 (nebo vy\u0161\u0161\u00edch). Citliv\u00e1 data mus\u00ed b\u00fdt \u0161ifrov\u00e1na p\u0159i p\u0159enosu (mezi API klientem a serverem) i v klidu (ulo\u017een\u00e1 v syst\u00e9mech banky).<\/p>\n<\/li>\n

                • \n

                  Vz\u00e1jemn\u00e1 autentizace:<\/b> Poskytovatel t\u0159et\u00ed strany i banka se mus\u00ed p\u0159ed v\u00fdm\u011bnou dat navz\u00e1jem autentizovat. Toho se obvykle dosahuje pomoc\u00ed digit\u00e1ln\u00edch certifik\u00e1t\u016f a vz\u00e1jemn\u00e9ho TLS (mTLS), co\u017e zabra\u0148uje \u00fatok\u016fm typu man-in-the-middle.<\/p>\n<\/li>\n

                • \n

                  Kontrola p\u0159\u00edstupu:<\/b> Pr\u00edstupov\u00e9 tokeny vydan\u00e9 bankou mus\u00ed b\u00fdt omezen\u00e9 v rozsahu (specifikuj\u00edc\u00ed p\u0159esn\u011b, kter\u00e1 data nebo funkce jsou p\u0159\u00edstupn\u00e9) a v trv\u00e1n\u00ed (vypr\u0161\u00ed po stanoven\u00e9 dob\u011b, obvykle po 90 dnech). Banky mus\u00ed implementovat tak\u00e9 omezov\u00e1n\u00ed frekvence po\u017eadavk\u016f (rate limiting) a detekci anom\u00e1li\u00ed k identifikaci a blokov\u00e1n\u00ed podez\u0159el\u00fdch vzorc\u016f pou\u017e\u00edv\u00e1n\u00ed API.<\/p>\n<\/li>\n

                • \n

                  Monitorov\u00e1n\u00ed transakc\u00ed:<\/b> U slu\u017eeb iniciov\u00e1n\u00ed plateb mus\u00ed banky monitorovat v\u0161echny po\u017eadavky na iniciov\u00e1n\u00ed plateb kv\u016fli znak\u016fm podvodu nebo neopr\u00e1vn\u011bn\u00e9ho p\u0159\u00edstupu. To zahrnuje kontrolu \u010d\u00e1stek transakc\u00ed v\u016f\u010di historick\u00fdm vzorc\u016fm, ov\u011b\u0159ov\u00e1n\u00ed konzistentnosti p\u0159\u00edjemce s p\u0159edchoz\u00edm chov\u00e1n\u00edm z\u00e1kazn\u00edka a ozna\u010dov\u00e1n\u00ed neobvykl\u00fdch p\u0159eshrani\u010dn\u00edch p\u0159evod\u016f nebo p\u0159evod\u016f vysok\u00fdch hodnot.<\/p>\n<\/li>\n

                • \n

                  Hl\u00e1\u0161en\u00ed incident\u016f:<\/b> Pokud banka nebo poskytovatel t\u0159et\u00ed strany zaznamen\u00e1 bezpe\u010dnostn\u00ed incident ovliv\u0148uj\u00edc\u00ed Open Banking API, mus\u00ed jej nahl\u00e1sit sv\u00e9mu n\u00e1rodn\u00edmu finan\u010dn\u00edmu regul\u00e1torovi v definovan\u00e9m \u010dasov\u00e9m r\u00e1mci (obvykle do 24 hodin u z\u00e1va\u017en\u00fdch incident\u016f). EBA zve\u0159ej\u0148uje usnesen\u00ed k klasifikaci incident\u016f a postup\u016fm nahla\u0161ov\u00e1n\u00ed.<\/p>\n<\/li>\n

                • \n

                  Penetra\u010dn\u00ed testov\u00e1n\u00ed a bezpe\u010dnostn\u00ed audity:<\/b> Banky a velc\u00ed poskytovatel\u00e9 t\u0159et\u00edch stran jsou povinni prov\u00e1d\u011bt pravideln\u00e9 penetra\u010dn\u00ed testov\u00e1n\u00ed a bezpe\u010dnostn\u00ed audity sv\u00e9 infrastruktury Open Banking, zpravidla alespo\u0148 jednou ro\u010dn\u011b. Tyto testy mus\u00ed prov\u00e1d\u011bt nez\u00e1visl\u00e9 bezpe\u010dnostn\u00ed firmy a mus\u00ed b\u00fdt zdokumentov\u00e1ny pro pot\u0159eby regula\u010dn\u00ed kontroly.<\/p>\n<\/li>\n<\/ul>\n

                  Jak\u00e9 jsou byznysov\u00e9 d\u016fsledky PSD2 a Open Banking?<\/h2>\n

                  Vliv na finan\u010dn\u00ed instituce<\/h3>\n

                  Pro tradi\u010dn\u00ed banky je PSD2 dvojse\u010dnou zbran\u00ed. Na jedn\u00e9 stran\u011b si vy\u017e\u00e1dala obrovsk\u00e9 kapit\u00e1lov\u00e9 investice do infrastruktury API, bezpe\u010dnostn\u00edch syst\u00e9m\u016f a pln\u011bn\u00ed regula\u010dn\u00edch po\u017eadavk\u016f. Evropsk\u00e9 banky spole\u010dn\u011b vynalo\u017eily miliardy eur na vybudov\u00e1n\u00ed platforem otev\u0159en\u00e9ho bankovnictv\u00ed, n\u00e1bor specializovan\u00fdch talent\u016f a p\u0159ebudov\u00e1n\u00ed star\u0161\u00edch syst\u00e9m\u016f s c\u00edlem zp\u0159\u00edstupnit data o \u00fa\u010dtech p\u0159es API.<\/p>\n

                  Na druh\u00e9 stran\u011b v\u0161ak Open Banking vytvo\u0159il nov\u00e9 p\u0159\u00edle\u017eitosti pro generov\u00e1n\u00ed p\u0159\u00edjm\u016f. Banky mohou zpen\u011b\u017eit sv\u00e9 vztahy se z\u00e1kazn\u00edky a data prost\u0159ednictv\u00edm:<\/p>\n

                    \n
                  • \n

                    Poplatk\u016f za licencov\u00e1n\u00ed API:<\/b> Zpoplatn\u011bn\u00ed p\u0159\u00edstupu poskytovatel\u016f t\u0159et\u00edch stran k nadstandardn\u00edm API.<\/p>\n<\/li>\n

                  • \n

                    Pr\u00e9miov\u00fdch datov\u00fdch slu\u017eeb:<\/b> Nab\u00eddka pokro\u010dil\u00e9 analytiky, p\u0159ehled\u016f a prediktivn\u00edch slu\u017eeb pro fintech partnery.<\/p>\n<\/li>\n

                  • \n

                    White-label \u0159e\u0161en\u00ed:<\/b> Poskytov\u00e1n\u00ed infrastruktury Open Banking men\u0161\u00edm region\u00e1ln\u00edm bank\u00e1m nebo fintech platform\u00e1m.<\/p>\n<\/li>\n

                  • \n

                    Partnerstv\u00ed v ekosyst\u00e9mu:<\/b> Budov\u00e1n\u00ed strategick\u00fdch alianc\u00ed s fintech spole\u010dnostmi s c\u00edlem roz\u0161\u00ed\u0159it nab\u00eddku slu\u017eeb a oslovit nov\u00e9 segmenty z\u00e1kazn\u00edk\u016f.<\/p>\n<\/li>\n<\/ul>\n

                    Nejz\u00e1sadn\u011bj\u0161\u00edm dopadem PSD2 na banky v\u0161ak bylo naru\u0161en\u00ed konkuren\u010dn\u00edho prost\u0159ed\u00ed (disrupce). Fintech spole\u010dnosti, vyzbrojen\u00e9 Open Banking API, dok\u00e1zaly spustit inovativn\u00ed platebn\u00ed slu\u017eby a n\u00e1stroje pro spr\u00e1vu financ\u00ed bez toho, aby musely budovat vlastn\u00ed bankovn\u00ed infrastrukturu. To urychlilo posun sm\u011brem k vestav\u011bn\u00fdm financ\u00edm (embedded finance<\/b>), kdy jsou finan\u010dn\u00ed slu\u017eby integrovan\u00e9 p\u0159\u00edmo do nefinan\u010dn\u00edch aplikac\u00ed (napr. mo\u017enosti platby na e-commerce platform\u00e1ch, rozpo\u010dtov\u00e9 n\u00e1stroje v \u00fa\u010detn\u00edm softwaru).<\/p>\n

                    Pro banky p\u016fsob\u00edc\u00ed ve st\u0159edn\u00ed a v\u00fdchodn\u00ed Evrop\u011b vytvo\u0159ila PSD2 p\u0159\u00edle\u017eitost sout\u011b\u017eit na stejn\u00e9 \u00farovni se z\u00e1padoevropsk\u00fdmi finan\u010dn\u00edmi institucemi. \u010cesk\u00e1 nebo slovensk\u00e1 fintech spole\u010dnost dnes dok\u00e1\u017ee vyvinout slu\u017eby, kter\u00e9 se bez probl\u00e9m\u016f integruj\u00ed s jakoukoli bankou v EU, bez ohledu na jej\u00ed velikost nebo geografickou polohu.<\/p>\n

                    P\u0159\u00edle\u017eitosti pro fintech a poskytovatele t\u0159et\u00edch stran<\/h3>\n

                    Pro fintech spole\u010dnosti a poskytovatele t\u0159et\u00edch stran byla PSD2 transforma\u010dn\u00edm miln\u00edkem. Regula\u010dn\u00ed povinnost bank zp\u0159\u00edstupnit Open Banking API vytvo\u0159ila masivn\u00ed nov\u00fd trh pro inovativn\u00ed finan\u010dn\u00e9 slu\u017eby:<\/p>\n

                      \n
                    • \n

                      Slu\u017eby iniciov\u00e1n\u00ed plateb:<\/b> Spole\u010dnosti jako Wise, Stripe \u010di Revolut vybudovaly miliardov\u00e9 byznysy i d\u00edky nab\u00eddce alternativn\u00edch platbn\u00edch metod, kter\u00e9 vyu\u017e\u00edvaj\u00ed slu\u017eby iniciov\u00e1n\u00ed plateb podle PSD2. Nam\u00edsto toho, aby z\u00e1kazn\u00edci museli zad\u00e1vat \u00fadaje o sv\u00e9 kart\u011b na str\u00e1nce obchodn\u00edka, mohou se autentizovat p\u0159\u00edmo ve sv\u00e9 bance a schv\u00e1lit platbu b\u011bhem n\u011bkolika sekund.<\/p>\n<\/li>\n

                    • \n

                      Spr\u00e1va osobn\u00edch financ\u00ed:<\/b> Aplikace jako Emma \u010di r\u016fzn\u00ed finan\u010dn\u00ed agreg\u00e1to\u0159i propojili data o \u00fa\u010dtech z tis\u00edc\u016f bank p\u0159es Open Banking API, co\u017e z\u00e1kazn\u00edk\u016fm umo\u017e\u0148uje vid\u011bt v\u0161echny sv\u00e9 \u00fa\u010dty na jednom m\u00edst\u011b a dost\u00e1vat personalizovan\u00e9 finan\u010dn\u00ed poradenstv\u00ed.<\/p>\n<\/li>\n

                    • \n

                      Sk\u00f3ring \u00fav\u011bruschopnosti a p\u016fj\u010dov\u00e1n\u00ed:<\/b> Fintech v\u011b\u0159itel\u00e9 vyu\u017e\u00edvaj\u00ed Open Banking API k p\u0159\u00edstupu k transak\u010dn\u00edm dat\u016fm v re\u00e1ln\u00e9m \u010dase, co\u017e umo\u017e\u0148uje rychlej\u0161\u00ed a p\u0159esn\u011bj\u0161\u00ed rozhodov\u00e1n\u00ed o \u00fav\u011brech ne\u017e v p\u0159\u00edpad\u011b tradi\u010dn\u00edch \u00fav\u011brov\u00fdch registr\u016f. To demokratizovalo \u00fav\u011brov\u00e1n\u00ed a usnadnilo p\u0159\u00edstup ke kapit\u00e1lu mal\u00fdm podnik\u016fm a jednotlivc\u016fm s omezenou finan\u010dn\u00ed histori\u00ed.<\/p>\n<\/li>\n

                    • \n

                      Fakturace a \u00fahrada plateb:<\/b> B2B fintech platformy vyu\u017e\u00edvaj\u00ed slu\u017eby iniciov\u00e1n\u00ed plateb k zjednodu\u0161en\u00ed proces\u016f \u00fahrady faktur, \u010d\u00edm\u017e firm\u00e1m umo\u017e\u0148uj\u00ed platit dodavatel\u016fm p\u0159\u00edmo z jejich bankovn\u00edch \u00fa\u010dt\u016f bez manu\u00e1ln\u00edho zad\u00e1v\u00e1n\u00ed dat nebo pap\u00edrov\u00fdch proces\u016f.<\/p>\n<\/li>\n<\/ul>\n

                      Regula\u010dn\u00ed po\u017eadavek na podporu Open Banking z\u00e1rove\u0148 sn\u00ed\u017eil bari\u00e9ry vstupu pro startupy. Zakladatel fintechu u\u017e nemus\u00ed z\u00edskat plnou bankovn\u00ed licenci, aby mohl spustit platebn\u00ed slu\u017ebu; sta\u010d\u00ed se zaregistrovat jako poskytovatel slu\u017eeb iniciov\u00e1n\u00ed platby a integrovat se s existuj\u00edc\u00edmi API bank.<\/p>\n

                      Riadenie riz\u00edk a regula\u010dn\u00e9 povinnosti<\/h3>\n

                      Navzdory p\u0159\u00edle\u017eitostem p\u0159inesly PSD2 a Open Banking nov\u00e1 rizika a regula\u010dn\u00ed povinnosti, kter\u00e9 organizace mus\u00ed d\u016fsledn\u011b \u0159\u00eddit:<\/p>\n

                        \n
                      • \n

                        Regula\u010dn\u00ed z\u00e1t\u011b\u017e:<\/b> Organizace nab\u00edzej\u00edc\u00ed slu\u017eby AIS nebo PISP mus\u00ed z\u00edskat registraci od regul\u00e1tora, implementovat technick\u00e9 standardy, udr\u017eovat bezpe\u010dnostn\u00ed certifikace a reportovat \u00fa\u0159ad\u016fm. Pro startupy a mal\u00e9 spole\u010dnosti mohou b\u00fdt tyto n\u00e1klady na compliance zna\u010dn\u00e9.<\/p>\n<\/li>\n

                      • \n

                        Provozn\u00ed riziko:<\/b> Open Banking API jsou kritickou infrastrukturou. Pokud API sel\u017ee nebo vykazuje n\u00edzk\u00fd v\u00fdkon, m\u016f\u017ee to naru\u0161it celou fintech slu\u017ebu. Banky a poskytovatel\u00e9 t\u0159et\u00edch stran mus\u00ed implementovat robustn\u00ed monitoring, procesy obnovy po hav\u00e1rii (disaster recovery) a kontinuity podnik\u00e1n\u00ed.<\/p>\n<\/li>\n

                      • \n

                        Riziko kybernetick\u00e9 bezpe\u010dnosti:<\/b> Open Banking API jsou atraktivn\u00edm c\u00edlem \u00fatok\u016f. Jedin\u00e9 poru\u0161en\u00ed bezpe\u010dnosti by mohlo odhali\u0165 miliony z\u00e1znam\u016f o z\u00e1kazn\u00edc\u00edch a v\u00e9st k regula\u010dn\u00edm pokut\u00e1m, \u017ealob\u00e1m a po\u0161kozen\u00ed reputace. Organizace mus\u00ed masivn\u011b investovat do bezpe\u010dnostn\u00edch n\u00e1stroj\u016f, monitorov\u00e1n\u00ed hrozeb a schopnost\u00ed reagovat na incidenty.<\/p>\n<\/li>\n

                      • \n

                        Ochrana osobn\u00edch \u00fadaj\u016f a soulad s GDPR:<\/b> Poskytovatel\u00e9 t\u0159et\u00edch stran mus\u00ed dodr\u017eovat po\u017eadavky GDPR na zpracov\u00e1n\u00ed, uchov\u00e1v\u00e1n\u00ed a maz\u00e1n\u00ed dat. To je v\u00fdzvou zejm\u00e9na pro spole\u010dnosti, kter\u00e9 agreguj\u00ed data z v\u00edce bank a uchov\u00e1vaj\u00ed je pro analytick\u00e9 \u00fa\u010dely.<\/p>\n<\/li>\n

                      • \n

                        Evoluce regulace:<\/b> Samotn\u00e1 PSD2 se vyv\u00edj\u00ed a na obzoru je PSD3. Organizace mus\u00ed sledovat regula\u010dn\u00ed zm\u011bny a b\u00fdt p\u0159ipraveny p\u0159im\u011b\u0159en\u011b p\u0159izp\u016fsobit svou technickou a provozn\u00ed infrastrukturu.<\/p>\n<\/li>\n<\/ul>\n

                        Jak se PSD2 li\u0161\u00ed od Open Banking?<\/h2>\n

                        Regula\u010dn\u00ed vs. tr\u017en\u00ed p\u0159\u00edstup<\/h3>\n

                        \u010cast\u00fdm omylem je, \u017ee PSD2 a Open Banking jsou synonyma. V skute\u010dnosti se jedn\u00e1 o odli\u0161n\u00e9, av\u0161ak p\u0159ekr\u00fdvaj\u00edc\u00ed se koncepty:<\/p>\n

                        \n

                        PSD2 je povinn\u00e1 regulace EU.<\/b> V\u0161ichni poskytovatel\u00e9 platebn\u00edch slu\u017eeb p\u016fsob\u00edc\u00ed v EHP mus\u00ed spl\u0148ovat po\u017eadavky PSD2, a\u0165 se jim to l\u00edb\u00ed nebo ne. Nedodr\u017een\u00ed p\u0159edpis\u016f m\u00e1 za n\u00e1sledek regula\u010dn\u00ed sankce, pokuty a potenci\u00e1ln\u00ed ztr\u00e1tu licenc\u00ed k \u010dinnosti.<\/p>\n

                        Open Banking je tr\u017en\u00ed hnut\u00ed.<\/b> P\u0159esto\u017ee PSD2 na\u0159izuje bank\u00e1m zp\u0159\u00edstupnit Open Banking API, \u0161ir\u0161\u00ed hnut\u00ed otev\u0159en\u00e9ho bankovnictv\u00ed p\u0159esahuje r\u00e1mec po\u017eadavk\u016f PSD2. Open Banking zahrnuje dobrovoln\u00e9 iniciativy bank a fintech spole\u010dnost\u00ed zam\u011b\u0159en\u00e9 na sd\u00edlen\u00ed finan\u010dn\u00edch dat a podporu inovac\u00ed t\u0159et\u00edch stran, a to i v jurisdikc\u00edch, kde neexistuje \u017e\u00e1dn\u00e1 regula\u010dn\u00ed povinnost.<\/p>\n<\/blockquote>\n

                        Nap\u0159\u00edklad iniciativa Open Banking ve Spojen\u00e9m kr\u00e1lovstv\u00ed, kter\u00e1 vznikla je\u0161t\u011b p\u0159ed PSD2, vy\u017eadovala od dev\u00edti nejv\u011bt\u0161\u00edch britsk\u00fdch bank zp\u0159\u00edstupn\u011bn\u00ed Open Banking API d\u0159\u00edve, ne\u017e se PSD2 stala povinnou. Podobn\u011b Austr\u00e1lie a Singapur spustily iniciativy otev\u0159en\u00e9ho bankovnictv\u00ed zalo\u017een\u00e9 na regula\u010dn\u00edch mand\u00e1tech, av\u0161ak s jin\u00fdmi technick\u00fdmi standardy a rozsahem ne\u017e PSD2.<\/p>\n

                        V podstat\u011b je PSD2 evropskou regula\u010dn\u00ed implementac\u00ed \u0161ir\u0161\u00edho konceptu Open Banking. P\u0159edstavuje \u201ejak\u201c a \u201eco\u201c v r\u00e1mci Open Banking v EHP, p\u0159i\u010dem\u017e p\u0159esn\u011b specifikuje, kter\u00e1 API mus\u00ed b\u00fdt zp\u0159\u00edstupn\u011bna, kter\u00e9 bezpe\u010dnostn\u00ed standardy mus\u00ed b\u00fdt spln\u011bny a kte\u0159\u00ed poskytovatel\u00e9 t\u0159et\u00edch stran jsou opr\u00e1vn\u011bni p\u0159istupovat k dat\u016fm z\u00e1kazn\u00edk\u016f.<\/p>\n

                        Geografick\u00fd rozsah a region\u00e1ln\u00ed rozd\u00edly<\/h3>\n

                        PSD2 se vztahuje pouze na poskytovatele platebn\u00edch slu\u017eeb p\u016fsob\u00edc\u00edch v EHP. Mimo EHP funguje Open Banking pod jin\u00fdmi regula\u010dn\u00edmi r\u00e1mci nebo tr\u017en\u00edmi iniciativami:<\/p>\n

                          \n
                        • \n

                          Spojen\u00e9 kr\u00e1lovstv\u00ed:<\/b> Po brexitu si Spojen\u00e9 kr\u00e1lovstv\u00ed vyvinulo vlastn\u00ed r\u00e1mec Open Banking, kter\u00fd je ve velk\u00e9 m\u00ed\u0159e zosoulad\u011bn s PSD2, av\u0161ak vykazuje rozd\u00edly v technick\u00fdch standardech a \u010dasov\u00fdch harmonogramech implementace.<\/p>\n<\/li>\n

                        • \n

                          Austr\u00e1lie:<\/b> R\u00e1mec Consumer Data Right<\/i> (CDR) na\u0159izuje Open Banking pro \u010dty\u0159i nejv\u011bt\u0161\u00ed banky s pl\u00e1novan\u00fdm roz\u0161\u00ed\u0159en\u00edm na dal\u0161\u00ed finan\u010dn\u00ed instituce.<\/p>\n<\/li>\n

                        • \n

                          Singapur:<\/b> Monetary Authority of Singapore<\/i> (MAS) podporuje dobrovoln\u00e9 iniciativy Open Banking se specifick\u00fdmi standardy API a bezpe\u010dnostn\u00edmi po\u017eadavky.<\/p>\n<\/li>\n

                        • \n

                          Spojen\u00e9 st\u00e1ty:<\/b> USA nemaj\u00ed komplexn\u00ed mand\u00e1t pro Open Banking, a\u010dkoli \u00da\u0159ad pro finan\u010dn\u00ed ochranu spot\u0159ebitel\u016f (CFPB<\/b>) navrhl pravidla otev\u0159en\u00e9ho bankovnictv\u00ed, kter\u00e1 by od bank vy\u017eadovala sd\u00edlen\u00ed \u00fadaj\u016f o z\u00e1kazn\u00edc\u00edch s fintech konkurenty.<\/p>\n<\/li>\n<\/ul>\n

                          Pro organizace p\u016fsob\u00edc\u00ed ve v\u00edce geografick\u00fdch oblastech vytv\u00e1\u0159\u00ed tato rozt\u0159\u00ed\u0161t\u011bnost komplexn\u00ed prost\u0159ed\u00ed. Fintech spole\u010dnost m\u016f\u017ee pot\u0159ebovat implementovat API kompatibiln\u00ed s PSD2 pro z\u00e1kazn\u00edky v EHP, API pro britsk\u00fd Open Banking pro z\u00e1kazn\u00edky ve Spojen\u00e9m kr\u00e1lovstv\u00ed a API kompatibiln\u00ed s CDR pro australsk\u00e9 z\u00e1kazn\u00edky \u2013 p\u0159i\u010dem\u017e ka\u017ed\u00e9 z nich m\u00e1 odli\u0161n\u00e9 technick\u00e9 specifikace, bezpe\u010dnostn\u00ed po\u017eadavky a regula\u010dn\u00ed dohled.<\/p>\n

                          Jak\u00e9 jsou m\u00fdty a fakta o PSD2 a Open Banking?<\/h2>\n

                          M\u00fdtus \u010d. 1: PSD2 a Open Banking je to sam\u00e9<\/h3>\n

                          Fakt:<\/b> Jak bylo vysv\u011btleno v\u00fd\u0161e, PSD2 je regula\u010dn\u00ed mand\u00e1t EU pro Open Banking. Open Banking je \u0161ir\u0161\u00ed tr\u017en\u00ed koncept. Jsou propojen\u00e9, ale odli\u0161n\u00e9. Pochopen\u00ed tohoto rozd\u00edlu je d\u016fle\u017eit\u00e9 pro strategick\u00e9 pl\u00e1nov\u00e1n\u00ed a compliance.<\/p>\n

                          M\u00fdtus \u010d. 2: Open Banking je jen pro spot\u0159ebitele<\/h3>\n

                          Fakt:<\/b> P\u0159esto\u017ee jsou Open Banking API \u010dasto prezentov\u00e1na spot\u0159ebitel\u016fm (nap\u0159. p\u0159es osobn\u00ed finan\u010dn\u00ed aplikace), stejn\u011b d\u016fle\u017eit\u00e1 jsou i pro firmy. Slu\u017eby iniciov\u00e1n\u00ed plateb jsou \u0161iroce vyu\u017e\u00edv\u00e1ny B2B fintech platformami k zjednodu\u0161en\u00ed \u00fahrad faktur a \u0159\u00edzen\u00ed cash flow. Slu\u017eby informov\u00e1n\u00ed o \u00fa\u010dtu vyu\u017e\u00edvaj\u00ed platformy business intelligence k poskytov\u00e1n\u00ed finan\u010dn\u00edch p\u0159ehled\u016f v re\u00e1ln\u00e9m \u010dase. Regul\u00e1to\u0159i a odv\u011btvov\u00e9 organizace st\u00e1le v\u00edce diskutuj\u00ed o Open Bankingu pro mal\u00e9 a st\u0159edn\u00ed podniky (SME) a firemn\u00ed klienty, nikoli jen pro b\u011b\u017en\u00e9 spot\u0159ebitele.<\/p>\n

                          M\u00fdtus \u010d. 3: V\u00fdjimky ze SCA d\u011blaj\u00ed autentizaci volitelnou<\/h3>\n

                          Fakt:<\/b> V\u00fdjimky ze SCA (pro transakce n\u00edzk\u00e9 hodnoty, opakuj\u00edc\u00ed se platby atd.) jsou podm\u00edn\u011bn\u00e9 a zalo\u017een\u00e9 na hodnocen\u00ed rizika. Poskytovatel platebn\u00edch slu\u017eeb se nem\u016f\u017ee jednodu\u0161e rozhodnout vynechat SCA u v\u0161ech plateb n\u00edzk\u00e9 hodnoty; mus\u00ed implementovat syst\u00e9my posuzov\u00e1n\u00ed rizik, aby zajistil, \u017ee transakce skute\u010dn\u011b spl\u0148uje podm\u00ednky pro v\u00fdjimku. Pokud poskytovatel ud\u011bl\u00ed v\u00fdjimku neopr\u00e1vn\u011bn\u011b a dojde k podvodu, nese za podvodnou transakci plnou odpov\u011bdnost. V\u00fdjimky jsou definov\u00e1ny striktn\u011b a vy\u017eaduj\u00ed precizn\u00ed implementaci.<\/p>\n

                          M\u00fdtus \u010d. 4: Sd\u00edlen\u00ed dat v Open Banking je nebezpe\u010dn\u00e9<\/h3>\n

                          Fakt:<\/b> P\u0159esto\u017ee Open Banking zahrnuje sd\u00edlen\u00ed finan\u010dn\u00edch dat z\u00e1kazn\u00edk\u016f s t\u0159et\u00edmi stranami, model PSD2 zalo\u017een\u00fd na souhlasu, po\u017eadavc\u00edch na \u0161ifrov\u00e1n\u00ed a kontrole p\u0159\u00edstupu v re\u00e1lu poskytuje siln\u011bj\u0161\u00ed ochranu ne\u017e tradi\u010dn\u00ed model \u201esd\u00edlen\u00ed hesel\u201c (screen scraping), kter\u00fd mu p\u0159edch\u00e1zel. Kdy\u017e z\u00e1kazn\u00edk ud\u011bl\u00ed souhlas poskytovateli t\u0159et\u00ed strany, poskytuje mu p\u0159\u00edstup ke konkr\u00e9tn\u00edmu bal\u00edku dat na omezenou dobu s mo\u017enost\u00ed souhlas kdykoli odvolat. Je to mnohem podrobn\u011bj\u0161\u00ed a transparentn\u011bj\u0161\u00ed, ne\u017e odevzdat p\u0159ihla\u0161ovac\u00ed \u00fadaje do bankovnictv\u00ed aplikaci a doufat, \u017ee je nezneu\u017eije.<\/p>\n

                          Jak\u00e1 je budoucnost Open Banking a sm\u011brnice PSD3?<\/h2>\n

                          Harmonogram PSD3 a o\u010dek\u00e1van\u00e9 zm\u011bny<\/h3>\n

                          Evropsk\u00e1 komise ji\u017e zah\u00e1jila legislativn\u00ed proces pro PSD3, p\u0159i\u010dem\u017e implementace se odhaduje v obdob\u00ed let 2025\u20132026. P\u0159esto\u017ee se o PSD3 st\u00e1le jedn\u00e1, o\u010dek\u00e1vaj\u00ed se viacer\u00e9 kl\u00ed\u010dov\u00e9 zm\u011bny:<\/p>\n

                            \n
                          • \n

                            Roz\u0161\u00ed\u0159en\u00ed rozsahu mimo platby:<\/b> O\u010dek\u00e1v\u00e1 se, \u017ee PSD3 roz\u0161\u00ed\u0159\u00ed principy otev\u0159en\u00e9ho bankovnictv\u00ed na dal\u0161\u00ed finan\u010dn\u00ed produkty v\u010detn\u011b spo\u0159ic\u00edch \u00fa\u010dt\u016f, investi\u010dn\u00edch \u00fa\u010dt\u016f, pojistn\u00fdch produkt\u016f a hypot\u00e9k. Tento \u0161ir\u0161\u00ed rozsah se ozna\u010duje jako otev\u0159en\u00e9 finan\u010dnictv\u00ed (Open Finance<\/b>).<\/p>\n<\/li>\n

                          • \n

                            Pos\u00edlen\u00ed pr\u00e1v spot\u0159ebitel\u016f:<\/b> PSD3 pravd\u011bpodobn\u011b pos\u00edl\u00ed pr\u00e1va spot\u0159ebitel\u016f na p\u0159\u00edstup k vlastn\u00edm dat\u016fm a p\u0159enos jejich finan\u010dn\u00edch vztah\u016f ke konkuren\u010dn\u00edm poskytovatel\u016fm. To by mohlo zahrnovat pr\u00e1vo stahovat data o \u00fa\u010dtu v standardizovan\u00fdch form\u00e1tech a pr\u00e1vo zm\u011bnit poskytovatele s minim\u00e1ln\u00edm t\u0159en\u00edm.<\/p>\n<\/li>\n

                          • \n

                            Vy\u0161\u0161\u00ed bezpe\u010dnost a provozn\u00ed odolnost:<\/b> PSD3 z\u0159ejm\u011b p\u0159inese p\u0159\u00edsn\u011bj\u0161\u00ed po\u017eadavky na kybernetickou bezpe\u010dnost v\u010detn\u011b povinn\u00fdch \u0161ifrovac\u00edch standard\u016f, \u010dast\u011bj\u0161\u00edch bezpe\u010dnostn\u00edch audit\u016f a rychlej\u0161\u00edch lh\u016ft pro reakci na incidenty.<\/p>\n<\/li>\n

                          • \n

                            Platby v re\u00e1ln\u00e9m \u010dase jako standard:<\/b> PSD3 m\u016f\u017ee na\u0159\u00eddit, aby v\u0161echny banky podporovaly iniciov\u00e1n\u00ed plateb v re\u00e1ln\u00e9m \u010dase, \u010d\u00edm\u017e se \u010das vypo\u0159\u00e1d\u00e1n\u00ed zkr\u00e1t\u00ed ze dn\u016f na sekundy.<\/p>\n<\/li>\n

                          • \n

                            Zjednodu\u0161en\u00e1 autorizace a autentizace:<\/b> PSD3 m\u016f\u017ee zav\u00e9st flexibiln\u011bj\u0161\u00ed metody autentizace, \u010d\u00edm\u017e potenci\u00e1ln\u011b sn\u00ed\u017e\u00ed z\u00e1vislost od v\u00fdjimek ze SCA a umo\u017en\u00ed autentizaci zalo\u017eenou na hodnocen\u00ed rizik, kter\u00e1 je bezpe\u010dn\u00e1 a z\u00e1rove\u0148 u\u017eivatelsky p\u0159\u00edv\u011btiv\u00e1.<\/p>\n<\/li>\n<\/ul>\n

                            Nastupuj\u00edc\u00ed trendy v Open Finance<\/h3>\n

                            Krom\u011b PSD3 formuj\u00ed budoucnost Open Banking a Open Finance i dal\u0161\u00ed \u0161ir\u0161\u00ed trendy:<\/p>\n

                              \n
                            • \n

                              Vestav\u011bn\u00e9 finance (Embedded Finance):<\/b> Finan\u010dn\u00ed slu\u017eby se st\u00e1le \u010dast\u011bji st\u00e1vaj\u00ed p\u0159\u00edmou sou\u010d\u00e1st\u00ed nefinan\u010dn\u00edch aplikac\u00ed. Z\u00e1kazn\u00edk m\u016f\u017ee po\u017e\u00e1dat o \u00fav\u011br p\u0159\u00edmo b\u011bhem n\u00e1kupu na e-commerce platform\u011b nebo investovat sv\u00e9 \u00faspory p\u0159es rozpo\u010dtovou aplikaci. Open Banking API umo\u017e\u0148uj\u00ed tento model t\u00edm, \u017ee aplikac\u00edm t\u0159et\u00edch stran poskytuj\u00ed p\u0159\u00edstup k finan\u010dn\u00edm dat\u016fm a mo\u017enost iniciovat transakce jm\u00e9nem z\u00e1kazn\u00edk\u016f.<\/p>\n<\/li>\n

                            • \n

                              Okam\u017eit\u00e9 platby:<\/b> Sch\u00e9mata okam\u017eit\u00fdch plateb (jako nap\u0159\u00edklad SEPA Instant Credit Transfer v EU) se st\u00e1vaj\u00ed standardem a umo\u017e\u0148uj\u00ed vypo\u0159\u00e1d\u00e1n\u00ed plateb v re\u017eimu 24\/7\/365. Tento posun od d\u00e1vkov\u00e9ho zpracov\u00e1n\u00ed k z\u00fa\u010dtov\u00e1n\u00ed v re\u00e1ln\u00e9m \u010dase z\u00e1sadn\u011b m\u011bn\u00ed \u0159\u00edzen\u00ed cash flow a platebn\u00ed toky.<\/p>\n<\/li>\n

                            • \n

                              Otev\u0159en\u00e1 data a finan\u010dn\u00ed transparentnost:<\/b> Regul\u00e1to\u0159i a spot\u0159ebitelsk\u00e9 organizace tla\u010d\u00ed na v\u011bt\u0161\u00ed transparentnost cen a podm\u00ednek finan\u010dn\u00edch slu\u017eieb. Open Banking API by se mohla roz\u0161\u00ed\u0159it o zp\u0159\u00edstup\u0148ov\u00e1n\u00ed \u00fadaj\u016f o cen\u00e1ch, co\u017e by z\u00e1kazn\u00edk\u016fm umo\u017enilo jednodu\u0161e porovn\u00e1vat finan\u010dn\u00ed produkty a m\u011bnit poskytovatele.<\/p>\n<\/li>\n

                            • \n

                              P\u0159eshrani\u010dn\u00ed Open Banking:<\/b> P\u0159esto\u017ee PSD2 funguje prim\u00e1rn\u011b v r\u00e1mci EHP, roste z\u00e1jem o propojen\u00ed syst\u00e9m\u016f Open Banking nap\u0159\u00ed\u010d r\u016fzn\u00fdmi glob\u00e1ln\u00edmi regiony, co\u017e by umo\u017enilo glob\u00e1ln\u011b integrovan\u00e9 finan\u010dn\u00ed slu\u017eby.<\/p>\n<\/li>\n<\/ul>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

                              Evropsk\u00e9 finan\u010dn\u00ed prost\u0159ed\u00ed pro\u0161lo za posledn\u00ed desetilet\u00ed z\u00e1sadn\u00ed transformac\u00ed, kterou poh\u00e1n\u011bla jedin\u00e1 regula\u010dn\u00ed povinnost: druh\u00e1 sm\u011brnice o platebn\u00edch slu\u017eb\u00e1ch (PSD2). Tato komplexn\u00ed regulace EU spolu se \u0161ir\u0161\u00edm tr\u017en\u00edm pohybem sm\u011brem k otev\u0159en\u00e9mu bankovnictv\u00ed (Open Banking) od z\u00e1kladu zm\u011bnila zp\u016fsob, jak\u00fdm finan\u010dn\u00ed instituce, fintech spole\u010dnosti a poskytovatel\u00e9 t\u0159et\u00edch stran nakl\u00e1daj\u00ed s platebn\u00edmi \u00fadaji spot\u0159ebitel\u016f a firem. […]<\/p>\n","protected":false},"author":7,"featured_media":0,"parent":0,"template":"","glossary-cat":[],"class_list":["post-19956","glossary","type-glossary","status-publish","hentry"],"yoast_head":"\nPSD2 a Open Banking - Greyson<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/greyson.eu\/cs\/glossary\/psd2-a-open-banking\/\" \/>\n<meta property=\"og:locale\" content=\"cs_CZ\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"PSD2 a Open Banking - Greyson\" \/>\n<meta property=\"og:description\" content=\"Evropsk\u00e9 finan\u010dn\u00ed prost\u0159ed\u00ed pro\u0161lo za posledn\u00ed desetilet\u00ed z\u00e1sadn\u00ed transformac\u00ed, kterou poh\u00e1n\u011bla jedin\u00e1 regula\u010dn\u00ed povinnost: druh\u00e1 sm\u011brnice o platebn\u00edch slu\u017eb\u00e1ch (PSD2). Tato komplexn\u00ed regulace EU spolu se \u0161ir\u0161\u00edm tr\u017en\u00edm pohybem sm\u011brem k otev\u0159en\u00e9mu bankovnictv\u00ed (Open Banking) od z\u00e1kladu zm\u011bnila zp\u016fsob, jak\u00fdm finan\u010dn\u00ed instituce, fintech spole\u010dnosti a poskytovatel\u00e9 t\u0159et\u00edch stran nakl\u00e1daj\u00ed s platebn\u00edmi \u00fadaji spot\u0159ebitel\u016f a firem. […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/greyson.eu\/cs\/glossary\/psd2-a-open-banking\/\" \/>\n<meta property=\"og:site_name\" content=\"Greyson\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-28T12:34:26+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Odhadovan\u00e1 doba \u010dten\u00ed\" \/>\n\t<meta name=\"twitter:data1\" content=\"23 minut\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/greyson.eu\/cs\/glossary\/psd2-a-open-banking\/\",\"url\":\"https:\/\/greyson.eu\/cs\/glossary\/psd2-a-open-banking\/\",\"name\":\"PSD2 a Open Banking - Greyson\",\"isPartOf\":{\"@id\":\"https:\/\/greyson.eu\/cs\/#website\"},\"datePublished\":\"2026-05-28T10:47:13+00:00\",\"dateModified\":\"2026-05-28T12:34:26+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/greyson.eu\/cs\/glossary\/psd2-a-open-banking\/#breadcrumb\"},\"inLanguage\":\"cs\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/greyson.eu\/cs\/glossary\/psd2-a-open-banking\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/greyson.eu\/cs\/glossary\/psd2-a-open-banking\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Domovsk\u00e1 str\u00e1nka\",\"item\":\"https:\/\/greyson.eu\/cs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Glossary Terms\",\"item\":\"https:\/\/greyson.eu\/cs\/glossary\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"PSD2 a Open Banking\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/greyson.eu\/cs\/#website\",\"url\":\"https:\/\/greyson.eu\/cs\/\",\"name\":\"Greyson\",\"description\":\"Let\u2019s make future GREYT together\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/greyson.eu\/cs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"cs\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"PSD2 a Open Banking - Greyson","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/greyson.eu\/cs\/glossary\/psd2-a-open-banking\/","og_locale":"cs_CZ","og_type":"article","og_title":"PSD2 a Open Banking - Greyson","og_description":"Evropsk\u00e9 finan\u010dn\u00ed prost\u0159ed\u00ed pro\u0161lo za posledn\u00ed desetilet\u00ed z\u00e1sadn\u00ed transformac\u00ed, kterou poh\u00e1n\u011bla jedin\u00e1 regula\u010dn\u00ed povinnost: druh\u00e1 sm\u011brnice o platebn\u00edch slu\u017eb\u00e1ch (PSD2). Tato komplexn\u00ed regulace EU spolu se \u0161ir\u0161\u00edm tr\u017en\u00edm pohybem sm\u011brem k otev\u0159en\u00e9mu bankovnictv\u00ed (Open Banking) od z\u00e1kladu zm\u011bnila zp\u016fsob, jak\u00fdm finan\u010dn\u00ed instituce, fintech spole\u010dnosti a poskytovatel\u00e9 t\u0159et\u00edch stran nakl\u00e1daj\u00ed s platebn\u00edmi \u00fadaji spot\u0159ebitel\u016f a firem. […]","og_url":"https:\/\/greyson.eu\/cs\/glossary\/psd2-a-open-banking\/","og_site_name":"Greyson","article_modified_time":"2026-05-28T12:34:26+00:00","twitter_card":"summary_large_image","twitter_misc":{"Odhadovan\u00e1 doba \u010dten\u00ed":"23 minut"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/greyson.eu\/cs\/glossary\/psd2-a-open-banking\/","url":"https:\/\/greyson.eu\/cs\/glossary\/psd2-a-open-banking\/","name":"PSD2 a Open Banking - Greyson","isPartOf":{"@id":"https:\/\/greyson.eu\/cs\/#website"},"datePublished":"2026-05-28T10:47:13+00:00","dateModified":"2026-05-28T12:34:26+00:00","breadcrumb":{"@id":"https:\/\/greyson.eu\/cs\/glossary\/psd2-a-open-banking\/#breadcrumb"},"inLanguage":"cs","potentialAction":[{"@type":"ReadAction","target":["https:\/\/greyson.eu\/cs\/glossary\/psd2-a-open-banking\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/greyson.eu\/cs\/glossary\/psd2-a-open-banking\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Domovsk\u00e1 str\u00e1nka","item":"https:\/\/greyson.eu\/cs\/"},{"@type":"ListItem","position":2,"name":"Glossary Terms","item":"https:\/\/greyson.eu\/cs\/glossary\/"},{"@type":"ListItem","position":3,"name":"PSD2 a Open Banking"}]},{"@type":"WebSite","@id":"https:\/\/greyson.eu\/cs\/#website","url":"https:\/\/greyson.eu\/cs\/","name":"Greyson","description":"Let\u2019s make future GREYT together","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/greyson.eu\/cs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"cs"}]}},"related_terms":"","external_url":"","internal_reference_id":"","_links":{"self":[{"href":"https:\/\/greyson.eu\/cs\/wp-json\/wp\/v2\/glossary\/19956","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/greyson.eu\/cs\/wp-json\/wp\/v2\/glossary"}],"about":[{"href":"https:\/\/greyson.eu\/cs\/wp-json\/wp\/v2\/types\/glossary"}],"author":[{"embeddable":true,"href":"https:\/\/greyson.eu\/cs\/wp-json\/wp\/v2\/users\/7"}],"version-history":[{"count":2,"href":"https:\/\/greyson.eu\/cs\/wp-json\/wp\/v2\/glossary\/19956\/revisions"}],"predecessor-version":[{"id":20016,"href":"https:\/\/greyson.eu\/cs\/wp-json\/wp\/v2\/glossary\/19956\/revisions\/20016"}],"wp:attachment":[{"href":"https:\/\/greyson.eu\/cs\/wp-json\/wp\/v2\/media?parent=19956"}],"wp:term":[{"taxonomy":"glossary-cat","embeddable":true,"href":"https:\/\/greyson.eu\/cs\/wp-json\/wp\/v2\/glossary-cat?post=19956"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}