Per-Country Guide

Per-Country Regulatory Guide 
 Country-by-country breakdown of Tok's AISP registration approach. 
 
 🇳🇴 Norway — Base Registration 
 Regulator: Finanstilsynet (Norwegian FSA)
 Licence type: AISP (opplysningsfullmektig)
 Entity: ALAI Holding AS (org.nr 932 516 136)
 Capital required: €0 (PII insurance only)
 Contact: fintech@finanstilsynet.no 
 Process 
 
 Submit AISP application to Finanstilsynet
 
 Programme of operations 
 Business plan 
 Fit & proper declarations 
 PII insurance certificate (Nordic Guarantee or Howden Norway) 
 IT security documentation 
 AML/KYC procedures 
 
 
 Application fee: NOK 5,000–30,000 
 Timeline: 2–3 months 
 
 Status 
 Email sent 24.02.2026. Pre-application guidance meeting to be scheduled. 
 
 🇭🇷 Croatia — EEA Passporting from Norway 
 Regulator: HNB (Hrvatska Narodna Banka)
 Mechanism: EEA passporting — Norway (EEA) → Croatia
 Capital required: €0
 Contact: moneterra@hnb.hr, +385 1 4702 181 
 Process 
 
 ALAI Holding AS obtains Norwegian AISP registration (Finanstilsynet) 
 Finanstilsynet notifies HNB (PSD2 Article 28 — home regulator has 1 month) 
 Service can begin 30–60 days after notification 
 QWAC/QSEAL certificate obtained (DigiCert or GlobalSign) 
 Register on Croatian bank developer portals 
 
 Passporting scope: Norway → ALL EEA countries (not just Croatia). One Norwegian licence = access to entire EEA. 
 API Standard 
 Berlin Group NextGenPSD2 — all Croatian HUB-registered banks implement minimum v1.3.8. 
 Croatian Bank Portals 
 
 
 
 Bank 
 Sandbox Portal 
 Status 
 
 
 
 
 Addiko Bank 
 oapideveloper.addiko.hr 
 Available 
 
 
 Erste & Steiermärkische 
 developers.erstegroup.com 
 Available 
 
 
 HPB 
 openbanking.hpb.hr 
 Available 
 
 
 OTP Banka 
 apiportal.sandbox.otpbanka.hr 
 Available 
 
 
 PBZ (Intesa) 
 apiportal.pbz.hr 
 Available 
 
 
 Raiffeisenbank 
 sandbox.rba.hr 
 Available 
 
 
 Zagrebačka banka (UniCredit) 
 developer.unicredit.eu 
 Available 
 
 
 
 Sandbox access available before AISP approval — testing can begin immediately. 
 Verification 
 After approval, verify registration in EBA EUCLID register: euclid.eba.europa.eu/register/pir/search 
 
 🇷🇸 Serbia — Direct NBS Registration 
 Regulator: NBS (Narodna Banka Srbije)
 Licence type: AISP registracija
 Entity: ALAI Tech d.o.o. (Serbian subsidiary, 100% ALAI Holding AS)
 Capital required: €0 for AISP; €50,000 for PISP
 Contact: platni.sistem@nbs.rs, +381 11 3338-051 
 Legal Basis 
 
 Zakon o platnim uslugama: Sl. glasnik RS 64/2024 (adopted 31.07.2024, applicable from 06.05.2025) 
 Odluka o tehničkim standardima: Sl. glasnik RS 102/2024 (published 23.12.2024) 
 Bank API deadline: 01.01.2026 
 
 Process 
 
 Register ALAI Tech d.o.o. with APR (Serbian Business Registry)
 
 ALAI Holding AS = 100% owner 
 Minimum capital: 100 RSD (symbolic per Serbian law) 
 Activity: account information service provision 
 
 
 Submit AISP registration to NBS
 
 Programme of operations 
 Business plan 
 AML/KYC procedures 
 IT security documentation 
 Organisational structure 
 PII insurance from NBS-licensed insurer (Dunav or DDOR) 
 
 
 Timeline: 3 months statutory, 6 months realistic 
 NBS sandbox available for pre-registration testing 
 
 Important: No Central API Standard 
 Serbia does NOT have a centralised API standard like Croatia's HUB. Each bank must be connected bilaterally. 
 
 
 
 Bank type 
 API standard 
 Adapter 
 
 
 
 
 EU bank groups (UniCredit, Raiffeisen, NLB) 
 Berlin Group (likely) 
 BerlinGroupAdapter 
 
 
 Domestic banks (AIK, OTP Serbia, Banca Intesa Serbia) 
 Bank-specific 
 BilateralAdapter 
 
 
 
 Serbian Bank Portals 
 
 
 
 Bank 
 Portal 
 API Standard 
 
 
 
 
 NLB Komercijalna 
 developer.nlbkb.rs 
 Berlin Group (NLB group) 
 
 
 UniCredit Srbija 
 developer.unicredit.eu 
 Berlin Group (UniCredit group) 
 
 
 Raiffeisen Srbija 
 api.rbinternational.com 
 Berlin Group (RBI group) 
 
 
 AIK Banka 
 TBD — bilateral 
 Unknown 
 
 
 OTP Srbija 
 TBD — bilateral 
 Unknown 
 
 
 Banca Intesa Srbija 
 TBD — bilateral 
 Likely Berlin Group 
 
 
 
 PII for Serbia 
 Must be from an NBS-licensed insurer — foreign/EEA policy is not accepted. 
 
 Dunav Osiguranje: dunav.com 
 DDOR Osiguranje: ddor.rs 
 Policy will be bespoke (no off-the-shelf fintech PII product in Serbia) 
 
 
 🇧🇦 BiH — Bilateral Agreements 
 Regulators: CBBH (central bank), FBA (FBiH banking agency), ABRS (RS entity banking agency)
 Mechanism: No PSD2 mandate — direct bilateral contracts with banks
 Capital required: €0 
 Process 
 
 Contact EU bank groups with existing API infrastructure:
 
 UniCredit BiH (UniCredit group — developer portal exists) 
 Raiffeisen BiH (RBI group — API marketplace exists) 
 NLB BiH (NLB group — developer portal exists) 
 
 
 Negotiate bilateral data access agreements 
 Implement per-bank BilateralAdapter 
 Note: May require notification/approval from FBA or ABRS — investigate during Phase 3 
 
 Local contact: Asmir Merdžanović (SnowIT partner) — local contacts and market knowledge. 
 Status 
 Phase 3 — begin after Croatia and Serbia are operational (Q1 2027). 
 
 Comparison Table 
 
 
 
 Aspect 
 Croatia 
 Serbia 
 BiH 
 
 
 
 
 PSD2 
 Full (since 2019) 
 Equivalent law (2024) 
 None 
 
 
 API standard 
 Berlin Group v1.3.8+ 
 No central standard 
 None 
 
 
 Registration path 
 EEA passporting from NO 
 Direct NBS registration 
 Bilateral only 
 
 
 Entity 
 ALAI Holding AS 
 ALAI Tech d.o.o. 
 — 
 
 
 Capital for AISP 
 €0 
 €0 
 €0 
 
 
 PII 
 EEA policy (NO) 
 Serbian NBS-licensed insurer 
 N/A 
 
 
 Timeline 
 Q3 2026 
 Q4 2026 
 Q1 2027 
 
 
 QWAC required 
 Yes 
 If Berlin Group adopted 
 No 
 
 
 Sandbox available 
 Yes (all major banks) 
 Yes (NBS sandbox) 
 No