EU AI Act monitoring
in a single inbox.
The AI Act (Regulation (EU) 2024/1689) phases in between 2025 and 2027 — but the load-bearing date for most financial institutions is 2 August 2026, when high-risk obligations under Annex III start to bite. For insurers that means life/health pricing and credit-scoring models (Annex III point 5(b)). For CASPs it means any deployed AI that materially affects access to essential services. Horizon Scanner watches every Commission delegated act, every piece of AI Office guidance, every harmonised standard, every national supervisor letter that touches the question — and scores each finding against your declared use-case inventory.
Scope
What AI Act covers — and what we crawl for it.
Regulation (EU) 2024/1689 and amending acts
The AI Act itself plus every delegated and implementing act published since adoption — surfaced from EUR-Lex the day they enter the Official Journal.
Annex III high-risk classification
Annex III point 5(b) explicitly covers life/health insurance pricing and credit-scoring of natural persons. Fraud detection is carved out. The list can be updated by Commission delegated act under Article 7 — each revision is diffed against your declared use-case inventory.
FRIA — Fundamental Rights Impact Assessment
Article 27 FRIA is mandatory before deploying a high-risk system that scores natural persons. We track AI Office templates, Member State guidance and supervisory expectations on FRIA content and frequency of review.
AI Office guidance
Templates, guidelines, codes of practice — including the General-Purpose AI Code of Practice and use-case-specific guidance for financial services.
Harmonised standards
CEN-CENELEC JTC 21 standards as they progress from draft to publication. Conformity with these standards creates a presumption of conformity with the Act.
Q&A and Commission FAQ
Commission Q&A entries and Member State guidance, cross-referenced against the Articles they interpret.
National supervisor positions
BaFin, FMA, ACPR, AFM and others have begun publishing positions on the AI Act for the firms they supervise. Each is monitored at source.
How Horizon Scanner helps
Specifically for AI Act teams.
- 01
Use-case scoped
Configure your declared AI use-cases (claims-fraud detection, automated underwriting, customer-service chatbots, etc.). Findings are scored against those use-cases first; unaffected updates are de-prioritised.
- 02
Annex III diff-tracking
Every Commission revision of the high-risk list is diffed against the previous version. If a use-case you operate moves into or out of Annex III, that's flagged with an explicit reason.
- 03
Routes to model-risk and data protection
Default routing: GPAI guidance to the model-risk owner, Article 50 transparency obligations to the customer-facing function, post-market monitoring to operational risk, fundamental-rights impact assessment to the DPO.
- 04
Cross-cuts with DORA and GDPR
AI Act compliance does not sit in isolation — Article 17's quality-management overlaps with DORA ICT-risk governance and Article 10's data-governance overlaps with GDPR Article 32. We surface the cross-cuts explicitly so the right teams meet on the right items.
Sources monitored
The regulators we crawl for AI Act.
- EUR-LexRegulation 2024/1689 itself plus all delegated and implementing acts, OJ publications.
- AI OfficeGuidelines, templates, Codes of Practice (including the GPAI Code of Practice), Q&A entries.
- CommissionCommunications, Member-State coordination letters, expert-group reports affecting AI Act implementation.
- CEN-CENELECJTC 21 harmonised standards as they progress through drafting, public enquiry and publication.
- BaFinMaschinelles Lernen position paper, AI Act supervisory expectations, IT-Aufsicht guidance.
- FMA (AT)FMA-Mindeststandards on algorithmic decision-making and AI Act implementation guidance.
- ACPRACPR position on AI in insurance and credit scoring, explainability requirements.
- EIOPAStatements on AI use in insurance, explainability and consumer-protection expectations.
Custom sources can be added in minutes — supervisory blog feeds, association circulars, internal counsel memos all route through the same engine.
FAQ
What AI Act buyers ask first.
We declare three AI use-cases. Can the routing scope to just those?
Yes. Use-case scoping is a first-class taxonomy in the routing engine — you declare your inventory of AI systems with a classification (prohibited / high-risk / limited-risk / minimal-risk), and findings are intersected against the inventory. Updates affecting an unrelated use-case won't reach the team that owns yours.
What if Annex III gets amended and one of our use-cases moves into high-risk?
The system diffs every Annex III amendment against your declared inventory. If a use-case moves into Annex III, that's flagged with an explicit Article-7 amendment reference and the routing goes to the responsible owner — not to the generic AI policy mailing list.
Will Horizon Scanner itself count as an AI system under the Act?
Horizon Scanner is an AI system under Article 3(1) — we use machine-learning models for relevance classification and scoring. We are the deployer of our own system, but it is not high-risk: scoring public regulatory documents (not natural persons) places it outside the Annex III high-risk use-cases, so the Article 26 high-risk-deployer obligations and a FRIA are not triggered. Self-classification documentation is available under NDA.
How is dual verification handled for AI Act findings specifically?
Same Impact-≥-3 rule as elsewhere — the second classification pass uses a deliberately different processing layer than the primary. A transparency note is appended to every finding identifying that the classification was machine-generated.
Go deeper
More on AI Act in depth.
- GlossaryFRIA — Fundamental Rights Impact Assessment
- AnalysisEU AI Act 2026: duties for insurers as deployers
- AnalysisAI Act timeline & Digital Omnibus
- AnalysisAI Act & credit scoring: when a bank model is high-risk
- IndustryBanks
- IndustryInsurers
- CalendarThe EU compliance calendar 2024–2028 — every deadline at a glance