EU AI Act — Sector Guidance
EU AI Act Compliance — Financial Services
Financial services firms face some of the most significant obligations under the EU AI Act. Several core use cases are explicitly classified as high-risk.
Which AI uses are high-risk in financial services?
The EU AI Act's Annex III explicitly lists financial services use cases as high-risk. If your organisation uses any of the following, you are in scope for the Act's most demanding compliance obligations — including documentation, human oversight mechanisms, accuracy requirements and registration with Ireland's AI Office.
- Credit scoring and creditworthiness assessment tools
- Fraud detection and anti-money laundering (AML) systems
- Customer-facing automated decision-making (eligibility, pricing)
- Insurance risk classification and underwriting AI
- Algorithmic trading systems with material market impact
Central Bank of Ireland overlap
Ireland's financial services firms already operate under Central Bank of Ireland expectations around explainability, consumer protection and human oversight of automated decisions. The EU AI Act does not replace these expectations — it adds a structured compliance layer on top. Firms that have begun addressing Central Bank requirements will have a head start, but should not assume existing measures are sufficient. The Act introduces new documentation obligations, conformity assessments and registration requirements that go beyond what the Central Bank currently mandates.
Deployer obligations apply even to purchased tools
Most financial services firms are deployers of AI, not developers. The EU AI Act places significant obligations on deployers — the organisations that put AI systems into use. You cannot transfer these obligations to the vendor. Where you use third-party AI tools for credit decisions, fraud detection or customer engagement, you must maintain documentation of intended use, ensure human oversight is operational, and be able to demonstrate compliance to regulators.
Free download
EU AI Act Readiness Checklist
A practical one-page reference covering risk classification, deployer obligations and key deadlines — designed for financial services compliance teams and boards.
No spam. Unsubscribe at any time.
Common questions
Are credit scoring tools classified as high-risk under the EU AI Act?
Yes. AI systems used in credit scoring and creditworthiness assessment are explicitly listed as high-risk under Annex III of the EU AI Act. This applies to tools used in retail lending, mortgage decisions, and business credit — including AI components embedded in wider platforms. Financial services firms using these tools must comply with high-risk obligations, including documentation, human oversight, accuracy requirements and auditability by Ireland's AI Office.
How does the EU AI Act interact with Central Bank of Ireland requirements?
The EU AI Act and Central Bank of Ireland frameworks address overlapping risks but from different angles. The Central Bank's Consumer Protection Code and expectation of explainable automated decisions already requires human oversight of AI-driven customer decisions. The EU AI Act adds a more structured regime of technical documentation, conformity assessment and registration for high-risk systems. Firms subject to both regimes should map their AI use against both frameworks simultaneously to identify gaps and avoid duplicate compliance efforts.
Does the EU AI Act apply to AI tools we purchase from vendors?
Yes. The EU AI Act distinguishes between providers (who build AI systems) and deployers (who use them). As a financial services firm deploying AI — even tools purchased from third-party vendors — you carry deployer obligations. These include maintaining documentation of the system's intended use, ensuring human oversight, monitoring for bias and accuracy, and logging decisions where required. You cannot fully outsource compliance to the vendor.
Book an EU AI Act Readiness Review
Delivered as a fixed-fee readiness review, typically completed within two to three weeks.