AFAIK, none of this is true. Banks are required by law to provide open APIs with solid authentication mechanisms, apps usually access them via aggregators and never request your banking credentials.
Understandably because you are dealing with a heavily regulated industry but I do agree it would be nice to be able to use the APIs for your own data somehow.
Aggregators to require you to provide credentials are just web-scraping the websites or have reverse engineered the banks (internal) APIs.
I'll concede that it's only for business accounts. But, that includes small single owner businesses and I've been considering to switch to ABN to automate the accounting of my small side business.
The PSD2 APIs (also for consumers) indeed need a PSD2 license and an EIDAS certificate.
Technically, for consumer data, I think you could use GDPR to request a computer-readable extract of your transaction data. However, I think most banks would then redirect you to some CSV/MT940 export option in the web interface that is hard to automate.
Yes, but no. The law is PSD2, but there are so many requirements that it's impossible for a private person to access it. First of all you need to generate a certificate which needs to be signed by a financial authority. Then you use client-based certificates to connect to these APIs. [1]
I have been playing with the idea to use its API for my personal finance but the API with MFA is not so simple. At least not simple enough for me to spend much time for writing a customized interface. So I am still using their web interface which works well for my personal needs.
The apps which don't have a deal with these aggregators request you to provide credentials (now fortunately most of them are defunct due to MFA)