The European Parliament has just voted on amendments to the AI Act (as part of the “digital omnibus” package). On the surface, these changes (including the ban on “nudifier” apps) seem to primarily affect the consumer sector. However, from the perspective of the financial industry – already one of the most heavily regulated sectors – the latest decisions bring critical and highly positive implications.

The main message from Brussels? “Fewer overlapping regulations, more time for compliance.” Here are the 4 most important takeaways for financial institutions:

  1. More Time to Implement “High-Risk” System Requirements AI tools used for credit scoring or risk assessment in life and health insurance are classified as high-risk systems under the AI Act. The Parliament has extended the deadline for implementing stringent requirements for stand-alone AI systems to December 2, 2027. This provides crucial breathing room for banking compliance departments, offering realistic time for process mapping, audits, and adjusting internal Model Risk Management frameworks.

  2. Easier Correction of Bias in Scoring Models This is one of the most significant changes for the financial sector. Credit models cannot be built without the risk of discrimination (e.g., based on age, gender, or zip code). The new amendments facilitate the processing of personal data – including sensitive data (subject to appropriate safeguards) – if it is strictly necessary to detect and correct bias in AI. For banks, this means a legally safer path to creating fair and ethical algorithms without violating the GDPR.

  3. Chatbots and Generative Models (GPAI) Under a New Timeline Many institutions are deploying AI assistants based on Large Language Models (LLMs) for customer service or analyst support. The obligation to “watermark” AI-generated content has been postponed to December 2, 2026. Additionally, the supervision of General-Purpose AI (GPAI) models will be more centralized within the EU AI Office. This should standardize the interpretation of regulations for cloud technology providers used by banks.

  4. An End to Double Reporting and Support for Fintechs The European Parliament aims to eliminate so-called “double regulation.” Systems that already meet EU sectoral requirements (e.g., in the context of DORA security) will not be burdened with additional, duplicative audits under the AI Act. Furthermore, extending exemptions to Small Mid-Caps (SMCs) is excellent news for rapidly growing European fintechs and insurtechs building innovative solutions based on machine learning.

The Bottom Line: Easing the timeline is not a reason to pause preparations. It is an opportunity to do it right. Implementing the AI Act in a financial institution requires deep integration with existing risk management processes, GDPR, and the upcoming DORA requirements.

Leave a Reply

Your email address will not be published. Required fields are marked *