Terms of Service

Last updated: January 9, 2026

These Terms of Service (“Terms”) apply to your use of the Enable Banking Control Panel available at https://enablebanking.com/cp (“Control Panel”) and the Enable Banking API available at https://api.enablebanking.com (“API”). By accessing or using the Control Panel or the API, you agree to these Terms. If you do not agree, you must stop using the services.

Enable Banking Oy, business ID 2988499-7, located at Otakaari 5, 02150 Espoo, Finland (“Enable Banking”, “we”, “us”), provides the services described here.

If you are affiliated with an organisation that has entered into a licensing or partnership agreement with Enable Banking (the “Agreement”), that Agreement may partially or fully supersede these Terms, and your use of the Control Panel and the API shall be governed by the Agreement rather than these Terms. In the event of any inconsistency or conflict between the provisions of the Agreement and these Terms, the provisions of the Agreement shall prevail.

If you subsequently enter into a written agreement with Enable Banking, that Agreement shall supersede these Terms as of its effective date. Accordingly, these Terms shall apply only to your use of the Control Panel and the API prior to the Agreement becoming effective.

Definitions

In these Terms of Service, the following capitalised terms shall, unless expressly otherwise stated or evident in the context, have the meanings defined below.

“PSD2” shall mean Directive 2015/2366/EU of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC.

“GDPR” shall mean Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

“ASPSP” shall mean an Account Servicing Payment Service Provider, which provides and maintains payment accounts for payment service users (PSUs). Traditionally, ASPSPs are banks and similar institutions. Under PSD2, ASPSPs publish account information, payment initiation and payment instruments issuing APIs.

“SCA” shall mean Strong Customer Authentication as defined in PSD2 which an ASPSP is providing.

“AISP” Account Information Service Provider, is a business that provides consolidated information to a Payment Service User (PSU) on one or more payment accounts held by that Payment Service User (PSU) with other payment service providers.

“Application” shall mean your software application or service, which you register through the Control Panel to allow use of the API.

“End User” shall mean the Payment Service User (PSU) who wishes to access their account information through the Application.

“Payment Account” or “Account” is a single account, access to which through the API has been authorised by an End User.

“Linked Account” refers to a Payment Account, which you associate with an Application through the Control Panel by going through the SCA and consent flows provided by the ASPSP servicing the Payment Account.

“Intellectual Property Rights” shall mean all (i) patents, patent applications, patent disclosures and inventions, (ii) trademarks, service marks, trade names, logos and corporate names and registrations and applications for registration thereof together with all of the goodwill associated therewith, (iii) copyrights (registered and unregistered) and copyrightable works and registrations and applications for registration thereof, (iv) mask works and registrations and applications for registration thereof, (v) computer software, data, databases and documentation thereof, (vi) trade secrets and other confidential information (including, without limitation, ideas, formulas, compositions, inventions (whether patentable or unpatentable and whether or not reduced to practice), know-how, manufacturing and production processes and techniques, research and development information, drawings, specifications, designs, plans, proposals, technical data and customer and supplier lists and information), (vii) other intellectual property rights and (viii) copies and tangible embodiments thereof (in whatever form or medium).

“Production Environment” shall mean a configuration made to the API for an Application allowing End Users to share account information from ASPSPs to the Application.

“Sandbox Environment” shall mean a configuration made to the API for an Application allowing you to implement and test integration of the Application with the API using mock data and a limited number of ASPSPs’ sandboxes.

Background

Enable Banking has developed and markets the Enable Banking API, which enables End Users to share account information from their Payment Accounts at multiple ASPSPs with Applications they wish to use, and the Enable Banking Control Panel, which allows for the registration of Applications to use the API, monitoring of API usage, and provides functionality to assist with integrating Applications with the API and maintaining that integration. The API provides connectivity to multiple ASPSPs through a harmonised interface. To share account information retrieved from an ASPSP with an Application, an End User must complete the ASPSP’s SCA and consent flows.

Grant of Service

You are subject to compliance with these Terms and are granted a limited, non-exclusive, non-transferable licence to use the Control Panel and the API under conditions and with restrictions stated in these Terms.

Pricing and Payment

Use of the Control Panel and the API under these Terms is free of charge.

Whenever use of the Control Panel and/or the API falls outside the scope of these Terms, a separate agreement with Enable Banking covering the intended use case and applicable pricing is required.

No fees will be applied retroactively without prior notice.

Compliance

Enable Banking takes all reasonable actions to make sure that the Control Panel and the API are compliant with applicable laws and authority requirements, including PSD2 and GDPR, and you shall assist us with all reasonably necessary actions to ensure that the service can be provided to you.

For communications with ASPSPs in the Production Environment, the API relies on Enable Banking acting as an authorised AISP. Details of our authorisation are available in the European Banking Authority register at https://euclid.eba.europa.eu/register/pir/view/PSD_AISP/FI_FIN_FSA!29884997.

These Terms do not govern your use of the API as an End User. When using the API in the capacity of an End User, you are required to provide separate consent, which will be requested prior to any interaction with an ASPSP. The Enable Banking API Terms for End Users are available at https://tilisy.enablebanking.com/terms.

To comply with applicable Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) legislation, we are required to monitor Applications for potentially suspicious activity. If any suspicious activity is detected, we may terminate your access to the Control Panel and/or the API.

Restriction of Use

Use of the API in the Sandbox Environment is available to all users for evaluation and development purposes. Use of the API in the Production Environment is limited to Linked Accounts and is available solely for evaluation purposes or for the personal use of private individuals. The number of Linked Accounts per Application may be limited.

These Terms do not grant any right or license to use the API for any business or professional purpose, including, without limitation, (i) accessing account information belonging to businesses, (ii) accessing account information that does not belong to the Control Panel user who associated the Linked Accounts with the application accessing them, or (iii) using the API for any commercial purpose whatsoever.

Notwithstanding the foregoing, Enable Banking acknowledges that business users may register and activate Applications in the Production Environment by associating Linked Accounts. Any such use shall be considered solely for evaluation purposes, and business users may use the Control Panel and the API, unless and until Enable Banking provides written notice stating that the API will be deactivated for the relevant Application, and specifying the effective date of such action.

Enable Banking will use commercially reasonable efforts to provide advance notice and to support a smooth and orderly transition to an Agreement allowing business-related use of the API. This evaluation and transitional allowance does not constitute a waiver of these Terms, does not create any permanent or vested right to continued use, and does not apply to material changes in use, or any use that is unlawful, non-compliant, or otherwise in breach of these Terms.

You shall not license, sublicense, sell, resell, market, lease, loan, rent, transfer, assign, distribute, disclose, or make accessible to any third party or otherwise commercially exploit the Control Panel and the API or grant any right to access or use the Control Panel or the API to any third party.

You shall not interfere with the services, attempt to reverse engineer systems, bypass security or rate limits, automate usage in an abusive manner, access personal data without proper legal grounds, or otherwise misuse the Control Panel or API.

You shall not, and shall not allow any third party to:

  1. decompile, disassemble, or reverse engineer any object code that is part of the Control Panel or the API or attempt to reverse engineer, reconstruct, identify, or discover any source code of any such software, the structure, sequence, or organisation of such source code or any algorithms, methods, or models contained therein;
  2. access or use the Control Panel or the API in order to build any software, product, or service that is competitive or similar to them or any portion thereof.

You shall not:

  1. infect or insert to the Control Panel or the API or any other material containing software with viruses, worms, Trojan horses, or other harmful computer code, files, scripts, agents, or programs;
  2. interfere with, impede, or disrupt the integrity or performance of the Control Panel or the API or the data contained therein or part thereof;
  3. attempt to gain unauthorised access to the Control Panel or the API or its related systems or networks;
  4. access, use, or copy any portion of the Control Panel or the API, through the use of bots, spiders, web crawlers, indexing agents, or other automated devices or mechanisms;
  5. falsify the origin of the communications, or attempt to do any of the foregoing; or
  6. use the Control Panel or the API for any illegal, unethical or injurious purpose.

Breach of this section shall constitute a material breach of the Terms and shall result in termination of access to the Control Panel and the API. In addition, you shall be liable for any damages, losses, costs, and claims incurred by Enable Banking as a result of such material breach, in accordance with the Liability section of these Terms.

Quotas and Technical Limits

Limits and quotas protect the Control Panel and the API from an automated process that uses it in an inappropriate way. Excessive API requests might result from a harmless typo or from an inefficiently designed system that makes needless API requests. Regardless of the cause, blocking API requests from a specific source once it reaches a certain level is necessary for the overall health of the API. Quotas for API requests per second, per hour and per day may apply to ensure that one’s actions cannot negatively impact the larger community.

Data Protection and Privacy

Use of the Control Panel requires registration, and the email address associated with your user profile will be used by us for communications with you. The processing of personal data through the Control Panel is governed by its Privacy Notice. If you upload data to the Mock ASPSP available in the Control Panel, you must ensure that such data does not contain any personal data that you are not authorized to use or for which you have not obtained consent.

Use of the API requires you to register the Application through the Control Panel providing details as instructed in the Control Panel. You must provide accurate information, keep credentials secure, and protect any private keys or tokens used for authentication with the API.

Intellectual Property

All intellectual property in the Control Panel, API, documentation, and associated materials belongs exclusively to Enable Banking and nothing in these Terms shall be interpreted as a transfer of such rights. These Terms grant only a limited, revocable right to access the Control Panel and the API in the Sandbox Environment and in the Production Environment with Linked Accounts for personal use or evaluation purposes only. No other rights are granted.

Availability and Changes

The Control Panel and API are provided “AS IS” and “AS AVAILABLE”. Enable Banking gives no warranty regarding uninterrupted operation, error-free performance, fitness for a particular purpose, accuracy of ASPSP data, or compatibility with your systems. ASPSP behaviour, including SCA, data reachness, and availability, varies and is outside Enable Banking’s control. While no warranty is provided, Enable Banking will use commercially reasonable best efforts to maintain stability and security.

Enable Banking may modify or discontinue any functionality at any time.

Liability

To the maximum extent permitted by applicable law, Enable Banking’s total aggregate liability arising out of or in connection with these Terms, the Control Panel, or the API, whether based on contract, tort (including negligence), statutory liability or otherwise, shall be limited to EUR 100.

To the maximum extent permitted by applicable law, Enable Banking shall not be liable for any indirect, incidental, consequential, special, punitive, or exemplary damages, including, without limitation, loss of profits, loss of revenue, loss of business, loss of goodwill, or loss of data, even if Enable Banking has been advised of the possibility of such damages. Enable Banking shall further not be responsible for incidents or failures caused by ASPSP downtime, SCA variations, changes in ASPSP APIs, third-party system failures, or network-related issues.

The limitation of liability set out in this section applies solely to Enable Banking. Nothing in these Terms shall limit, exclude, or otherwise restrict your liability towards Enable Banking.

In particular, no limitation of liability shall apply to you in respect of any breach of these Terms, including, without limitation, any violation of the Restriction of Use section, misuse of the Control Panel or the API, infringement of Intellectual Property Rights, unlawful processing of personal data, or use of the services outside the scope expressly permitted under these Terms. You shall be fully liable for all direct and indirect damages, losses, costs, and claims arising out of or in connection with such breach.

Nothing in these Terms shall exclude or limit liability to the extent such exclusion or limitation is not permitted under applicable mandatory law.

Suspension and Termination

Enable Banking may terminate your access to the Control Panel and/or the API at any time in the event of misuse, security concerns, provision of inaccurate or misleading information, or other high-risk behaviour.

Following termination, you may not register new user accounts in the Control Panel or register an Application to access the same Accounts without first seeking clarification from Enable Banking regarding the reasons for the termination and the steps, if any, required to resume use of the service.

Severability

If any provision of these Terms, part thereof or the application of it shall be declared or deemed void, invalid or unenforceable in whole or in part for any reason, the remaining provisions of these Terms shall continue in full force and effect.

Headings

Section headings are inserted for convenience of reference only and shall have no effect in interpreting these Terms.

Governing Law and Dispute Resolution

These Terms shall be governed by and construed in accordance with the laws of Finland.

In the event of a disagreement with these Terms, the user shall immediately cease use of the Control Panel and/or the API until the matter is resolved. Any dispute, controversy, or claim arising out of or relating to these Terms, including the validity, breach, or termination thereof, shall first be attempted to be resolved amicably through good faith negotiations between the parties within thirty (30) days of written notice.

If the dispute cannot be resolved amicably within that period, it shall be finally resolved by arbitration administered by the Arbitration Institute of the Finland Chamber of Commerce (https://arbitration.fi/en/) in accordance with its Rules for Expedited Arbitration. The seat of arbitration shall be Helsinki, Finland, and the language of the proceedings shall be English. The arbitration award shall be final and binding and may be enforced in any court of competent jurisdiction.

Notwithstanding the foregoing, nothing in this section shall limit or exclude any mandatory rights or remedies available under applicable consumer protection laws. To the extent arbitration is not enforceable under such mandatory law, the dispute shall be resolved by the competent courts of Finland.

All arbitral proceedings and any related information shall be kept strictly confidential, including the existence of the proceedings, submissions, and awards, except to the extent disclosure is required by law or necessary to enforce the award.

Changes to These Terms

Enable Banking may update these Terms from time to time. The “Last updated” date will reflect changes. Continued use of the Control Panel or API after changes constitutes acceptance of the updated Terms.

Contact

For questions related to these Terms, please contact us at support.api@enablebanking.com.