EU AI Act for Fintech: Why Credit Scoring, Fraud Detection, and Insurance Pricing Land in the High-Risk Bucket
Annex III point 5(b) of the EU AI Act puts AI used in evaluating the creditworthiness of natural persons in the high-risk bucket. Annex III point 5(c) puts AI used in life and health insurance pricing in the same bucket. Fraud-detection AI used in retail banking sits in scope where it affects access to essential services. DORA, the Digital Operational Resilience Act, runs in parallel with overlapping log retention and incident reporting obligations. The August 2, 2026 high-risk deadline and the January 17, 2025 DORA effective date are both already binding.