These security guidelines have to be implemented in the account aggregator (AA) ecosystem by AAs that offer SDKs as AA Clients, which can be embedded into third-party apps (such as FIU apps).
The AA SDK should be able to capture information securely without exposing the information captured to the embedding FIU app.
Currently, the guidelines are available for Web and Android platforms.