So this was not only about FSFE and payments for them but a general audit of their (Nexi's) customers ?

It seems unlikely that the FSFE is the first customer they have asked for this information.

Nexi’s mid-2025 statement notes that they’re finalizing imposition of a ‘one process, all subsidiaries’ auditing costs reduction program across all of their subsidiary banks. The FSFE was likely being (incorrectly) audited under business-provides-services rules imposed by the parent megacorp, rather than as whatever human-led interpretation the bank had used formally, or as whatever charities or PACs are called in the EU. Ironically, had they switched exclusively to freedom-restricted passkeys, they could have structured their credentials store to divulge no private information and no usable credentials while formally complying with the bank’s efforts to find cause to fire them as a customer. But I think the bank would still have just found another way to fire them regardless.

Yeah, using the word "cancelled" that way in the title is... hyperbolic, even if it is technically true that the contract was cancelled.

That’s how I read the linked post as well, yes.

It's not even just private information, because in any properly configured system it is explicitly unknowable information.