TL;DR: Smart data schemes are moving from policy ambition to delivery, with open banking use by UK consumers and small businesses rising to one in five and 1.3 million self-assessment payments worth £4.7 billion processed in January 2026, according to Raidiam's reflections on the Smart Data Forum 2026. The decisive issue is no longer whether these models work, but whether governance, consent, and identity infrastructure can scale fast enough to support agentic AI and cross-sector interoperability.
NHIMG editorial — based on content published by Raidiam: The Delivery Decade Has Begun: Reflections on the Smart Data Forum 2026
By the numbers:
- In January 2026 alone, 1.3 million people paid their self-assessment tax bills via open banking, settling £4.7 billion instantly.
Questions worth separating out
Q: How should organisations govern delegated data access in smart data schemes?
A: Organisations should treat delegated data access as a lifecycle problem, not a one-time permission event.
Q: Why does smart data create identity governance risk for IAM teams?
A: Smart data multiplies the number of parties acting on a single permission, which stretches accountability across sectors and systems.
Q: What breaks when consent and access controls are separated?
A: When consent and access controls are separated, revocation becomes inconsistent and audit evidence becomes fragmented.
Practitioner guidance
- Embed consent expiry into access design Define how long delegated access remains valid, how it is renewed, and which system owns revocation when a user or business withdraws consent.
- Treat API trust as an identity control Tie FAPI-style security, audience validation, and identity binding into the same control path so that permissioned data use is enforceable at runtime.
- Build revocation into downstream integrations Require every consuming service to respect consent changes and propagate revocation without waiting for manual intervention from the originating scheme.
What's in the full article
Raidiam's full article covers the operational detail this post intentionally leaves for the source:
- The Smart Data Forum keynote themes and panel perspectives that shaped the delivery conversation
- The specific UK scheme targets, funding references, and policy milestones discussed at the event
- The international comparisons with Korea and Thailand, including interoperability and governance design choices
- Raidiam's delivery examples, including the Smart Property Data Trust Framework recognition and live sandbox context
👉 Read Raidiam's reflections on the Smart Data Forum 2026 and smart data delivery →
Smart data at scale: where governance architecture is the bottleneck?
Explore further
Governance architecture, not policy ambition, is the real delivery bottleneck. The article is right to frame smart data as an infrastructure problem rather than a consultation problem. When consent, security, and identity are bolted on after the fact, interoperability scales faster than trust. The practitioner lesson is that delivery programmes must be designed so governance is executable inside the platform itself.
A few things that frame the scale:
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap, according to GitGuardian & CyberArk.
A question worth separating out:
Q: Who should own accountability in cross-sector smart data programmes?
A: Accountability should sit with the organisation that can actually enforce the control, not only the one that defines the policy. In cross-sector programmes, that usually means the platform operator, scheme owner, or data recipient must be able to prove how consent, access, and revocation are enforced across the lifecycle.
👉 Read our full editorial: Smart data delivery now hinges on governance built into infrastructure