EU AI Act for financial services: implementation guide for May 2026

The EU AI Act mandates that financial services firms using high-risk AI systems, such as credit scoring models, insurance underwriting tools, and fraud detection engines, achieve full compliance by August 2, 2026. This includes technical documentation, human oversight controls, conformity assessments, and risk management processes. The Act's extraterritorial scope means that firms outside the EU must comply if their systems affect EU residents or are used by EU-based entities. High-risk systems require significant preparation, including inventorying AI systems, classifying them according to risk, and ensuring continuous monitoring and automated governance to prevent compliance issues. The enforcement regime imposes severe penalties, up to €35 million or 7% of global turnover for non-compliance, which surpasses GDPR penalties for large institutions. The Act integrates with existing regulations like DORA, CRR, and MCD, but introduces new standards for explainability and human oversight. Financial institutions must align their compliance strategies with both banking and AI authorities' requirements to navigate the complex regulatory landscape effectively.