The exemption period could be extended if the same user performs any other authentication action from the same TPP, for example, a payment initiation. Therefore, an active user who is performing regular payments which are requiring authentication may not require a new renewal for the AISP process.
The extension of the timeline for the renewal of the sca to 180 days is an improvement. But, we think it would be much more beneficial and convenient for the user to not have a fixed period or require an explicit renewal. We think the user should have easier access to manage the consents or remove the access to any TPP from the very same ASPSP site.
At the moment, the user does not have any means to stop a TPP to access their data but going directly to the TPP, which could be an inconvenience to the user, or waiting for the consent to expire. If the user could access the ASPSP site and check all the TPPs with active consent and select what TPPs to remove their existing consent, the user would have a much higher level of control over the consents given to different TPPs. This is an existing approach to other systems where an oAuth authentication and consent are implemented.
This change should not have any impact on the current interface specifications as the authorization or consent validation is already part of the current implementation, and it is only a matter of updating the internal handling.
