Acuity AI Advisory

Financial Services

EU AI Act Compliance Review for Credit Unions

Lending AI is high-risk under the EU AI Act. Irish credit unions using AI in credit decisioning have specific obligations — and the Central Bank of Ireland will be the sectoral regulator enforcing them from August 2026.

Request the review

TL;DR

A EU AI Act compliance review for credit unions identifies every AI system in use — including AI embedded in core banking platforms and lending software — classifies each under the Act's risk framework, and maps the Central Bank of Ireland's specific compliance expectations. Lending AI and credit decisioning AI are high-risk under the Act and require conformity assessments.

What the EU AI Act compliance review covers for credit unions

Credit unions in Ireland have adopted AI tools across their operations — often without a full picture of what is deployed and what regulatory obligations follow. Lending platforms embed AI scoring models as standard features. Core banking systems use AI for fraud detection and risk monitoring. Member communications increasingly incorporate AI. In many cases, these AI components were not a specific purchase decision — they arrived as part of a platform upgrade or vendor update, without explicit governance review.

The compliance review begins with a complete inventory of AI in use across all functions — not just the systems the credit union thinks of as AI, but all software components that meet the EU AI Act's definition. Lending software with embedded scoring models, fraud detection tools, and automated communications platforms all fall within scope.

Each system is then classified against the EU AI Act risk framework. For credit unions, the most significant classification is high-risk for lending and credit decisioning AI — which triggers the full set of deployer obligations. The review maps these obligations, identifies gaps, and produces a remediation roadmap that is actionable before the August 2026 enforcement deadline.

What the review produces

  • Complete AI systems inventory — including AI embedded in core banking and lending platforms
  • EU AI Act risk tier classification for each system
  • Central Bank of Ireland oversight obligations mapped per system
  • Lending AI and credit decisioning AI conformity assessment status
  • Human oversight gap analysis for AI-influenced credit decisions
  • Member transparency obligations assessment
  • Prioritised remediation roadmap with accountability assigned

The Central Bank, lending AI, and the August 2026 deadline

The Central Bank of Ireland is the designated sectoral regulator for credit unions under the EU AI Act. The Central Bank's existing supervisory framework for credit unions already covers operational risk and governance — the EU AI Act adds AI-specific requirements on top of those existing expectations.

Lending AI is the most significant compliance area for credit unions. AI systems used for creditworthiness assessment are explicitly classified as high-risk under the Act. High-risk classification requires: conformity assessments conducted before deployment; appropriate human oversight mechanisms for AI-influenced credit decisions; logging of AI system use; transparency to members regarding AI involvement in decisions affecting their applications; and incident reporting when AI systems malfunction.

The obligation to have conformity assessments in place before deployment is particularly significant — it applies retrospectively to systems already deployed. Credit unions that are currently using lending AI without documentation of conformity assessment are not compliant from August 2, 2026. The review identifies this gap and sets out what is needed to close it.

Why Acuity AI Advisory

Acuity AI Advisory is vendor-neutral and fixed-fee. The compliance review output is not shaped by any commercial interest in the technology the credit union uses. Ger Perdisatt, who leads all engagements, is a former COO of Microsoft Western Europe with direct experience of AI deployment at scale in financial services contexts.

Acuity AI Advisory holds non-executive directorships at DAA and Tailte Éireann and brings board-level governance experience to the engagement. The review output is written at a level that the board of the credit union and the Central Bank's supervisors can both engage with — clear, specific, and grounded in what the regulatory framework actually requires.

The review fee is fixed and confirmed at scoping. The output is a written document designed to be acted on and to withstand regulatory scrutiny.

Questions

Common questions

What EU AI Act obligations apply to Irish credit unions?

Irish credit unions are deployers under the EU AI Act. For AI systems that influence lending decisions, credit assessments, or member financial decisions — all of which are high-risk classifications under the Act — credit unions must ensure conformity assessments have been conducted, implement human oversight of AI credit decisions, maintain logs of AI use, report incidents, and provide transparency to members regarding AI involvement in decisions affecting them. AI embedded in core banking platforms or lending software procured from third-party providers does not transfer compliance responsibility to the vendor — the deploying credit union retains its obligations.

Is credit scoring AI high-risk under the EU AI Act?

Yes. AI systems used for creditworthiness assessment and credit scoring are explicitly named in the EU AI Act's list of high-risk AI systems. This means any AI used by a credit union to assess member loan applications, assign risk scores, or influence lending decisions is subject to the full set of high-risk deployer obligations under the Act. High-risk classification requires conformity assessments, human oversight measures, logging and auditability, and transparency to members whose applications are influenced by AI. Credit unions that procure lending software containing AI scoring models need to understand this and obtain the necessary documentation from vendors.

What does the Central Bank expect of credit unions using AI?

The Central Bank of Ireland is the designated sectoral regulator for credit unions under the EU AI Act, and its existing supervisory expectations regarding operational risk and governance apply to AI as they do to other operational areas. The Central Bank expects credit unions to have identified the AI systems they are using, assessed the risks associated with those systems, and implemented appropriate governance and oversight measures. AI in lending decisions — which directly affects members' access to credit — is an area of particular supervisory focus. Credit unions that cannot demonstrate awareness and governance of their AI lending tools are exposed to supervisory scrutiny as well as EU AI Act enforcement.

Related

EU AI Act Compliance

Request an EU AI Act Compliance Review for Your Credit Union

Fixed-fee. Written findings. Central Bank-aware.

Get in touch