AI Act is a new EU legislation regarding artificial intelligence—the first of its kind published worldwide. Presented on July 12, 2024, it’s a long document prohibiting certain uses of AI-based products as well as regulating other uses of artificial intelligence. Will you be affected by the new regulations? What do you need to know to remain compliant? Find out the answers in this article!

Table of Contents

AI Act in a Nutshell

Due to the emergence of generative AI, governing bodies all over the world have started to create legislation protecting citizens from the dangers of improper use of artificial intelligence. The AI Act is the first product of such efforts—prepared by the European Parliament, it fully comes into force in May 2026. However, some of its provisions need to be obeyed earlier on.

Who Needs to Obey the AI Act?

The AI act applies to:

  • providers who place AI systems on the market or put them into service in the EU, despite their established location,
  • deployers of AI systems with establishment or location within the EU,
  • providers and deployers of AI systems that have their place of establishment or are located outside the EU if the output of their AI systems is used in the EU,
  • importers and distributors of AI systems,
  • product manufacturers placing their products on the market, if the product comes together with an AI system,
  • authorised representatives of providers, which are not established in the EU,
  • affected persons in the EU. [1]

In practice, this means that if you use artificial intelligence in banking in the EU, for instance, for AI-powered document processing, you are obliged to comply with the provisions of the AI Act.

What Will the AI Act Change?

The AI Act has brought numerous changes—from banning certain AI-related products and practices to regulating others. For full information, we refer you to the original contents of the legislation. However, we understand that it is quite lengthy. Therefore, we prepared a brief overview of the most critical change in the banking industry.

The AI Act divides AI systems based on their related risks. Certain systems are prohibited at all, while others are strictly regulated and deemed “high-risk.” The latter includes two popular types of AI in banking: credit scoring and risk assessment systems. As such, if you want to implement them, you’ll need to, among others (consult the AI Act for complete information):

  • Establish a risk management system to:
      • identify and analyse known and foreseeable risks regarding your solutions,
      • estimate and evaluate the risks that may emerge when using your solutions,
      • evaluate other risks based on data gathered from the post-market monitoring system,
      • prepare and implement appropriate preventive measures to address the risks.
  • Ensure that your data-processing AI models are compliant with the following requirements:
      • data training, validation and testing are subject to relevant data governance and management practices,
      • data training, validation and testing will be conducted on a sufficient amount of data that is free of error to the highest possible level and complete (regarding its purpose) while having the appropriate statistical properties,
      • the data sets the model(s) is trained on will consider elements specific to a given geographical, contextual, behavioural or functional setting.
  • Comply with additional regulations when special categories of personal data are processed.
  • Prepare technical documentation of such systems before putting them into service, and keep such documentation updated.
  • Enable automatic recording of logs for events, such as:
      • identifying situations when such a system poses risks mentioned later in the AI Act,
      • facilitating post-market monitoring,
      • monitoring the operation of such a system.
  • Ensure such systems need to be transparent so that deployers can easily interpret their outputs.
  • Ensure such systems need to include instructions on their use.
  • Ensure such systems must be possible to be overseen by humans, whose role is to minimise risks.
  • Ensure such systems need to achieve an appropriate level of accuracy.

The Takeaway

The AI Act is just the first step towards regulating artificial intelligence. With time, we should expect additional legislation or changes to the existing one. Nevertheless, this does not mean that you should stop using AI or fear implementing it in your bank or developing such tech for other financial organisations—it is still a technology with multiple benefits!

You might also read: The Might of Machine Learning: Opportunities and Challenges in Banking

Sources:

AI Act

Ailleron - AI Act—What Is It? Who Does It Affect? What Will It Change?

Ailleron

Ailleron Marketing team includes digital marketers and content creators who provide insights and expertise from across the organization, including #AilleronExperts. For media queries, please get in touch with us via our contact form.

abstract lines

Let’s make financial experiences
easy and enjoyable together!

Tell us what you need and we will contact you shortly.

Tell us what you need and we will contact you shortly.