There are several companies who have build PSD2 api's and have contracts with all banks. For example in the Netherlands: https://bizcuit.nl/wat-is-psd2/
You could also register with a bank itself to connect to their PSD2 API. However I don't know the costs to obtain a license.
This^
Banks (based on their products/license) have to provide PSD2 APIs by law. Last time I checked (~3y ago) the quality of the implementations differed a lot so these aggregators made kinda sense to deal with the APIs details. Just think about the different MFA implementations banks are using. Another one for Germany is finapi.io
The API is named OpenBank, all SEPA area banks MUST have them, BUT unfortunately EU do not mandate public access to the API, only "approved institutions can use the API and some of course get approved and re-sell the API access at high prices to citizens...
We do have a law, but last I checked then in Estonia there was no way for a private person to do API based payments without later needing to log in to the website and signing the transactions manually with an ID card (i.e a smart card). Sad.
Most of these PSD2 aggregators have "Contact us" pricing. Last time I looked into it I couldn't find a provider accessible to retail customers who are only looking to access their own data.
> do they have to have reasonable [...] criteria for access?
Unfortunately, PSD2 is built on the model that only (expensively) certified middlemen are supposed to directly make use of the APIs provided by banks (definitively not for direct access by actual bank customers), so no, they don't…