EU AI ACT / FINTECH COMPLIANCE
On August 2, 2026, most of the remaining EU AI Act obligations become applicable under Article 113. For banks and insurers this is not a distant milestone. It is the date the Act's high-risk rules start to apply to AI systems many of them already run in production, from credit scoring to insurance pricing.
What actually changes on August 2
The official timeline is explicit: on 2 August 2026 the remainder of the AI Act starts to apply, except Article 6(1). That one line switches on the full obligations for the high-risk AI systems listed in Annex III, the transparency duties in Article 50, and the enforcement and penalty machinery that member states stood up in August 2025.
The earlier deadlines were the warm up. Prohibited uses and AI literacy landed in February 2025, and the rules for general purpose AI models, governance and penalties applied from August 2025. August 2026 is when the high-risk core arrives.
Why this lands on banks first
Annex III treats as high-risk the AI used to evaluate a person's creditworthiness or to build a credit score, with fraud detection carved out, and the AI used for risk assessment and pricing in life and health insurance. If a model helps decide who gets a loan, at what rate, or what a policy costs, it is in scope.
Interested in implementing similar AI solutions? Discover how PATech Labs can help your business leverage cutting-edge artificial intelligence.
Learn About Our ServicesThat places a large share of everyday banking AI directly under the Act, not at its edges.
The obligations, in plain terms
A high-risk system needs a documented risk management process, data governance and bias controls, technical documentation, automatic event logging, meaningful human oversight, and demonstrated accuracy and robustness. Before it reaches the market it has to pass a conformity assessment. Providers who build the system and deployers who use it carry different but overlapping duties.
What this means for banks, clinics and call centers
The common thread across finance, healthcare and customer operations is the same. An AI that makes or shapes a consequential decision now needs three things it often lacks: a human who can review and override it, a log that proves exactly what it did, and a clear disclosure to the person on the other end.
In our own voice agent and automation work we build those three in from day one rather than bolt them on later: a human handoff path for any decision that matters, immutable decision logs, and a spoken or written notice when someone is dealing with an AI. A clinic routing patient calls, a bank scoring a loan and a call center triaging tickets face the same requirement. Retrofitting oversight and logging in July is far more expensive than designing them in now.
A short action list before August
- Inventory every AI system that touches a credit, pricing, hiring or clinical decision.
- Map each one to Annex III and label it high-risk or out of scope, in writing.
- Assign a provider or deployer role per system so duties are not left to chance.
- Stand up logging, human oversight and user disclosure now, not in the third quarter.
- Book conformity assessment lead time with a notified body before the queue fills.
