The EU AI Act and credit scoring: when a bank's model becomes high-risk

The EU AI Act (Regulation (EU) 2024/1689) does not classify AI systems wholesale; it lists concrete high-risk uses in Annex III. For banks, Annex III point 5(b) is the central entry: AI systems intended to evaluate the creditworthiness of natural persons or to establish their credit score — with a single carve-out: AI systems used to detect financial fraud ^[1]. A model that helps decide whether to lend to a private individual is, on the wording, a high-risk system.

Two limits matter. First, 5(b) covers only natural persons — scoring a legal person, say a corporate loan to a limited company, is out of scope. But sole traders and the self-employed are natural persons and therefore caught; the operative text draws no line between a private and a business lending purpose. Second, Recital 58 states the rationale: such systems determine natural persons' access to financial resources and essential services such as housing, electricity and telecommunications ^[1].

The AI Act has a relief valve: under Article 6(3), an Annex III system is exceptionally not high-risk if it poses no significant risk to health, safety or fundamental rights — for instance because it performs only a narrow procedural task or merely improves the result of a previously completed human activity ^[1]. At first glance a bank might hope to push a supporting scoring tool under that exemption.

That hope fails on one sentence. The final subparagraph of Article 6(3) makes clear: an Annex III system is always high-risk where it performs profiling of natural persons ^[1]. Credit scoring is the textbook case of profiling — the automated evaluation of personal aspects of a natural person; the term tracks, via Article 3(52), the definition in Article 4(4) GDPR. The exemption is therefore shut for practically any genuine scoring model; it stays high-risk.

Banks run two very different kinds of credit model, and only one is squarely in Annex III. Origination scoring decides whether to lend to a specific person — that is 5(b). Distinct from it are IRB models (internal ratings-based approaches under the CRR) that banks use to calculate regulatory own-funds requirements for their credit portfolio. In its follow-up report on the use of machine learning for IRB models (2023), the EBA took the view that Annex III point 5(b) targets creditworthiness assessment at the point of lending and does not directly capture IRB models used for own-funds calculation ^[2].

That line is not a free pass. The same EBA analysis flags indirect effects: through the CRR's supervisory use-test requirement — under which an IRB model must also be used in the operational lending business — a model can touch both worlds. And in 2025 the EBA ran a mapping exercise comparing the AI Act's requirements against banking and payments law, and published its conclusions ^[3]. The practical message: classification turns on a model's actual purpose, not its label.

The AI Act splits obligations across two roles. A provider (Article 3(3)) develops an AI system, or has it developed, and places it on the market under its own name or trademark. A deployer (Article 3(4)) uses an AI system under its own authority. A bank that buys a scoring system from a vendor and uses it unchanged is a deployer; it carries the obligations in Article 26 ^[1].

The pivot is Article 25: a deployer itself becomes a provider — with the full provider obligation load — as soon as it (a) puts its name or trademark on a high-risk system already placed on the market, (b) makes a substantial modification (Article 3(23)) to such a system so that it remains high-risk, or (c) changes the intended purpose of a non-high-risk system so that it becomes high-risk ^[1]. For banks that is the critical switch: retraining a vendor model on your own book, or shifting its intended purpose, moves you from the light deployer role into the heavy provider role.

The provider obligations (umbrella Article 16) are the most demanding part of the AI Act. A high-risk system requires a risk-management system (Article 9), data governance with requirements on training, validation and test data (Article 10), technical documentation per Annex IV (Article 11), automatic logging (Article 12), transparency and information for deployers (Article 13), human oversight by design (Article 14), and accuracy, robustness and cybersecurity (Article 15) ^[1].

On top come a quality-management system (Article 17) and the conformity chain: conformity assessment (Article 43), an EU declaration of conformity (Article 47), CE marking (Article 48) and registration of the system in the EU database (Article 49; the database itself under Article 71) ^[1]. A bank that builds its own scoring model takes on that entire chain — an effort fundamentally different from the deployer role.

Even the pure deployer is not off the hook. Article 26 requires: use in accordance with the provider's instructions, effective human oversight by qualified people, responsibility for the suitability of input data to the extent the deployer controls it, ongoing monitoring with reporting of risks and serious incidents, and retention of the logs the system generates for at least six months ^[1].

The point that surprises banks sits in Article 27. A Fundamental Rights Impact Assessment (FRIA) before putting a system into service must be performed not only by public bodies but expressly by every deployer of a high-risk system under Annex III point 5(b) — the credit-scoring entry ^[1]. That trigger is a stand-alone limb: it does not depend on the bank being a public body. A private commercial bank deploying a scoring system owes the FRIA — on top of the data-protection impact assessment that Article 22 GDPR already puts on the table.

The AI Act entered into force on 1 August 2024 and applies in phases (Article 113). For the Annex III high-risk systems — and therefore credit scoring — 2 August 2026 is the operative date on which the obligations become applicable ^[1]. Only the other high-risk route, via Annex I — AI as a safety component of regulated products — follows on 2 August 2027; it does not concern scoring.

Here is the nuance that forces caution: with the Digital Omnibus on AI (COM(2025) 836) the Commission has proposed moving the Annex III deadline to 2 December 2027. As of early June 2026 there is a provisional political agreement on it, but no adopted regulation published in the Official Journal ^[4]. Until the delay is formally adopted, 2 August 2026 remains the law in force. Postponing preparation to the supposedly safe December 2027 bets on an act that has not yet been passed.

Four source streams decide whether a bank hits the date correctly: EUR-Lex for the Regulation itself and — once it lands — the Digital Omnibus application act; the Commission and AI Office for guidance on high-risk classification and the FRIA template; the EBA for the detail of how the AI Act meets banking law (such as its 2025 mapping note); and the national supervisors (BaFin, ACPR and others) publishing jurisdiction-specific expectations ^[3].

This is precisely a horizon-scanning problem. Horizon Scanner monitors these sources continuously, grades every publication by relevance and routes it to the function that owns it — origination scoring to the credit-risk and model-risk team, the FRIA-relevant pieces to data protection and compliance, the provider obligations to model development. A moving legal frame becomes an auditable trail rather than a headline.