The European Union (EU) Artificial Intelligence Act (AI Act), Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act), was published in the Official Journal of the European Union on July 12, 2024. The AI Act entered into force on August 1, 2024, 20 days following its publication, with most of the obligations under the AI Act coming into force on August 2, 2026.

The AI Act officially defines an AI system as “a machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments.”. AI systems that meet this definition will be classified in categories of unacceptable, high, limited, minimal, or no risk.

The AI Act implements a “uniform legal framework in particular for the development, the placing on the market, the putting into service, and the use of artificial intelligence systems.”. The AI Act applies to all financial services entities, including banks and insurers, as well as third-party institutions that provide services to a financial services entity. Location-wise, it applies to all financial services entities that are located or established in the EU that use AI for business purposes, supply AI systems to the EU market, or use AI systems for business purposes if the output of the AI system is used within the EU, even if the entities are located or established outside of the EU.

The aim stated in Recital 158 of the AI Act, “to ensure consistency and equal treatment in the financial sector,” should be noted. However, given the AI Act’s reference to financial services directives and regulations as “entry points” for financial services entities, the extent to which non-EU financial services entities will have to comply with the AI Act will likely have to be approached on a case-by-case basis.

AI systems with unacceptable risks are prohibited from use, as described in Article 5. Financial services entities should be aware that the use of AI systems to evaluate or classify natural persons based on their social behaviour or personal characteristics to create a “social core,” create or expand facial recognition databases through the untargeted scraping of CCTV and the internet, or deploy subliminal techniques to materially distort the behaviour of a person and impair the ability to make informed decisions are all prohibited.

High-risk AI systems are subject to legislation listed in Annex I or specified as high risk according to Annex III, which includes systems that may be relevant to financial services entities. The provider must register the AI system in the EU database of high-risk AI systems.

The AI Act seeks to address the potential overlap between some of its requirements and existing requirements that the EU financial services law imposes on financial services entities. It integrates certain procedural obligations governing risk management, post-marketing monitoring, and documentation for existing obligations under EU financial services laws with existing EU financial services law. To ensure consistency and equal treatment in financial services, financial services entities providing or deploying high-risk AI systems also benefit from limited derogations both for quality management systems and for monitoring obligations to reflect existing rules regarding internal governance arrangements under EU financial services law.

To discuss how the AI Act will affect financial institutions as well as attending talks and networking with industry leaders, attend the Innovatrix 2nd Client Onboarding and Digital Identity Summit for Financial Institutions in Prague, Czech Republic, on September 18–19, 2024.

For more information, visit our website or email us at info@innovatrix.eu for the event agenda.

Source:

Goodwin 

Official Journal of the European Union