AI Act for Fintech & Financial Services: Which AI Systems Are High-Risk and What You Must Do

Under the EU AI Act (Regulation 2024/1689), the following AI applications in Fintech & Financial Services are classified as high-risk and require full conformity assessment. Article 50 transparency obligations apply from 2 August 2026; Annex III high-risk obligations are expected 2 December 2027 under the Digital Omnibus (pending formal adoption — until then, the original 2 August 2026 deadline remains law):

Credit scoring, insurance risk assessment, algorithmic trading oversight, fraud detection

These systems fall under Annex III category 5(b) creditworthiness, 5(c) insurance pricing. Providers must implement risk management (Article 9), maintain technical documentation (Article 11), ensure data governance (Article 10), and enable human oversight (Article 14).

AI Act + DORA dual compliance. Algorithmic accountability. Explainability for credit decisions. FRIA for automated financial decisions.

Providers (developers of AI systems) bear primary compliance responsibility: conformity assessment, CE marking, EU database registration, and post-market monitoring.

Deployers (companies using AI systems) must ensure human oversight, conduct Fundamental Rights Impact Assessments where required, and maintain usage logs.

AI Act Article 50 transparency obligations take effect 2 August 2026. Annex III high-risk obligations are expected 2 December 2027, pending formal adoption of the Digital Omnibus. No AI Act enforcement precedent currently exists. This page will be updated as enforcement cases emerge.

Penalties for non-compliance range up to EUR 35 million or 7% of global annual turnover for prohibited practices, and EUR 15 million or 3% for other violations.

• AI Act High-Risk Classification Guide
• Conformity Assessment: Step-by-Step
• Fines and Penalties Across EU
• August 2026 Deadline Checklist