How EU legislation is made: the ordinary legislative procedure, using FiDA as an example

The European Union adopts legislation with far-reaching implications for the insurance sector. These laws determine how data is processed, define market rules, and set out the rights of consumers. But how does an idea or recommendation actually become EU law? A closer look at the ordinary legislative procedure, the EU’s most frequently used law-making process, shows how a political concept is transformed into a binding legal framework.

The ordinary legislative procedure

The ordinary legislative procedure is the main process for adopting EU legislation. It ensures that both the European Parliament and the Council of the EU participate equally in the legislative process.

The process begins with a legislative proposal from the European Commission, the EU’s executive body. This proposal is submitted to both the European Parliament and the Council, which examine it independently. Each institution may propose amendments and set out its position in what are known as “readings.”

In most cases, there are two readings in each institution: after the first reading, the Parliament issues its position, which the Council considers. The Council may then respond to the Parliament. If both institutions agree after the first reading, the proposal can be adopted directly.

If the Parliament and the Council take different positions, a second reading follows, where previously tabled amendments are discussed again. If no agreement is reached even after the second reading, a Conciliation Committee is convened.

The Conciliation Committee is composed of an equal number of representatives from Parliament and the Council. Its objective is to reach a compromise text, which must then be approved by both institutions before the legislation can enter into force.

This procedure ensures that different interests are weighed and that legislation undergoes scrutiny from multiple perspectives before becoming legally binding.

FiDA as a case study

In 2020, the European Commission presented its Digital Finance Strategy, which identified open finance as a key priority area. Two years later, a dedicated expert group examined issues such as data accessibility, standardisation, and liability.

On this basis, in June 2023 the Commission published its proposal for the Financial Data Access Regulation (FiDA). The objective is to create an EU-wide legal framework allowing consumers to share their financial data with third parties in a standardised, secure way, and only with their explicit consent. This could include insurance, banking, or payments data. 

Following the proposal’s publication, deliberations began in the European Parliament, led by the Committee on Economic and Monetary Affairs (ECON), and in the Council of the EU. Both institutions developed their positions before entering into trilogue negotiations. In these informal talks between Parliament, Council, and Commission, contentious points are resolved, technical standards are defined, and political compromises are sought.

Industry participation

As an industry association, the GDV actively represents the interests of the insurance industry in the legislative process. This participation helps make the practical impact of EU legislation transparent at an early stage. For policymakers, dialogue with associations such as the GDV is a vital source of technical expertise and sector-specific knowledge. This enables decision-makers to provide more informed advice and to make the legislation more targeted and effective. 

In the case of the FiDA proposal, the insurance industry sees a clear need for improvement. A key concern is that the added value for consumers from the proposed data-sharing framework has not yet been clearly demonstrated, while implementation would generate significant costs and tie up important resources, particularly for smaller and medium-sized undertakings.

Data protection and IT security remain central challenges. Expanding the exchange of sensitive data increases the risk of cyberattacks and misuse. There are also concerns that FiDA could effectively turn European insurers into mere data providers for large non-European technology companies, which are not subject to the same regulatory requirements.

Negotiations on the FiDA proposal are still ongoing. Once adopted, the regulation will apply directly across all EU Member States, creating a harmonised legal framework. How competition, data protection, and innovation capacity in the insurance sector evolve will depend largely on the political decisions that are yet to come.