Czech Standard for Open Banking- COBS

Czech Banking Association

Czech Republic

Banking

Open Banking

• Payment Initiation
• Balance Check
• Account Information

Services included in the standard:

• Payment initiation: A service classified as a Payment Initiation Service (PIS) under the PSD2 directive.
• Account information: A service classified as an Account Information Service (AIS) under the PSD2 directive.
• Balance check: A PSD2-defined service that provides sufficient-funds information for CISP providers (Card-based Payment Instrument Issuer Service Providers).

AIS covers access to customer payment accounts, including balances, transaction history, and standing orders.

Credit Cards | Wallets or Prepaid | Current Accounts

JSON | REST

Regulated

The standard’s documentation is publicly accessible, and financial institutions must obtain authorization from the Czech National Bank to use it.

Mandated

The purpose of the Czech Standard for Open Banking is to establish communication rules primarily for PSD2-defined services: Account Information Service Providers (AISP), Payment Initiation Service Providers (PISP), and Card Issuing Service Providers (CISP).

Participation in the standard is voluntary, and because systems vary across payment service providers, participants may deviate from the standard where necessary to align with their own system architectures.

As each provider must document its PSD2 implementation, the standard includes many fields for optional information.

Overall, the Czech Standard is designed to streamline TPP integration into bank systems—without additional intermediaries—while promoting consistent interpretation of PSD2 across the Czech market.

DCR | Certificates

OAuth | Other

What COBS defines in security area:

• APIs for enrolment to COBS
• Request authorisation
• API authorisation for initiated payments

What COBS doesn’t define in security area:

• User authentication flow
• Processing of certificates in the ASPSP and TPP systems

Browser Redirect

The standard provides clear guidance on how consent must be handled:

• Users must confirm the information access scopes on a dedicated consent screen during authentication.
• For payments carried out under the SEPA Direct Debit scheme, the mandate reference, indicating the client’s permission to debit their account, is required.
• The consent flow recommends displaying the accounts available for selection within the bank’s authentication process.
• When loan offers from other banks are retrieved using an access token, the offer can be tailored to the user’s creditworthiness. It is advised that the consent screen explicitly informs the user that their personalized loan parameters will be shared with the TPP.

Single Domestic Payments | Single International Payments | Bulk Payments | Future Dated Payments

Operational Guidelines | Customer Experience Guidelines

It provides basic Customer Experience and Operational Guidelines, which include a ‘Planned Outages’ API and recommendations for Sandbox usage.

Accounts | Balances | Standing Orders | Transactions | Confirmation of Funds

Developer GitHub is available but appears out of date relative to standard documents.

Examples of API information pertaining to Account Authorisation can be found in the GitHub repository.

On 16 November 2015, the European Banking Authority introduced the Revised Payment Services Directive (PSD2). From 13 January 2018 onward, PSD2 replaced the previous Payment Services Directive across the EU.

In the Czech Republic, PSD2 was transposed into national law through Act No. 370/2018 Coll., on Payment Systems, which also took effect on 13 January 2018.

The Czech Banking Association, a voluntary organisation of banks and building societies operating in the Czech market, currently represents 37 members, accounting for more than 99% of the country's banking sector. Since 1990, it has supported the growth of the Czech banking industry, the broader economy, and financial literacy in the Czech Republic.

Participation in the standard is voluntary, and each bank decides whether to adopt it.

Because systems and operations vary across payment service providers, participants may deviate from the standard in certain areas based on the specifics of their own systems.

As every provider is required to document its PSD2-compliant implementation, the Czech Open Banking Standard includes many fields for optional information.

The standard will be updated at most once per year. Proposed changes may come from new mandatory banking regulations, third parties via the ČBA, or the working group itself.

Any proposed amendment must be approved through the formal amendment process at least six months before the effective date. This means that any major change must be submitted no later than one year prior to its planned implementation.

Directive (EU) 2015/2366 (PSD2); No 370/2018 Coll., Act on Payment Systems.

Decree on application to perform activities pursuant to the Payment Systems Act.