When asking banks for information on behalf of customers, the bank needs to know the request is coming from a legitimate organisation. They also need to know the organisation is asking for information that it’s allowed to process by the local regulator (e.g. account information or payments initiation). These digital certificates validate that and can be issued by a few different organisations, although eIDAS standards ensure they can be used with all financial services providers that fall under under PSD2.
What is a certificate in the context of Open Banking?