The AI Act, in plain terms: scoring, identity, fraud, are you affected?
7
Min
•
15.07.2026
In short: the AI Act classifies artificial intelligence by its level of risk. For finance, three cases come up often, and the answer is not the same for each: credit scoring is "high risk", fraud detection is explicitly excluded, and identity verification depends on how it is done.
What is the AI Act?
The AI Act is Regulation (EU) 2024/1689, the first major law in the world on artificial intelligence. Its principle is simple: the more consequences an AI can have on people, the stricter the rules.
There are four levels:
- Unacceptable risk: banned (for example, general-purpose social scoring).
- High risk: allowed, but heavily regulated.
- Limited risk: obligation to be transparent (to say that it is an AI).
- Minimal risk: free.
Most of the obligations apply to the high risk category. Hence the real question for you: do my tools fall into it?
The timeline: where do we stand?
The AI Act applies in stages:
- February 2025: banned AI is already banned.
- August 2025: first rules for "general-purpose" AI (such as ChatGPT).
- 2 August 2026: this is the date set for the obligations on high-risk AI.
One current development to be aware of: a European text (the "Digital Omnibus") could push this deadline back to 2 December 2027. But as long as it is not officially published, 2 August 2026 remains the reference date. Something to watch, then, but it is better to prepare on the basis of the current date.
Is your AI "high risk"? The 3 cases that matter for finance
Credit scoring: yes, high risk
Assessing an individual's creditworthiness with AI (deciding who gets a loan) is classified as high risk by the AI Act. This makes sense: an error can deprive someone of financing. In practice, this requires transparency, human oversight and traceability of decisions. This is exactly the spirit of explainable scoring and a documented creditworthiness analysis, which also addresses the challenges of algorithmic bias.
Fraud detection: no, explicitly excluded
Good news, and it is a differentiator: financial fraud detection is explicitly excluded from high risk. A tool used to spot a fraudster is therefore not subject to the same constraints as a credit scoring tool. Fraud detection benefits from a lighter regime.
Identity verification: it depends
It all depends on how it is done:
- The person actively proves that they are who they claim to be (they take a selfie during onboarding, 1:1 comparison): generally not high risk.
- Someone is identified remotely by comparing them against a database, without their participation (mass biometric surveillance): high risk.
For a standard onboarding journey, where the customer willingly takes part in the verification, you are therefore in principle not in the high-risk category.
What "high risk" requires
When a tool is high risk, the AI Act calls for, among other things: risk management, quality data, technical documentation, transparency, human oversight, robustness and a conformity assessment before it is placed on the market. In plain terms: being able to explain and prove what the AI does.
Sanctions
They are deterrent: up to 35 million euros or 7% of worldwide turnover for banned practices, up to 15 million euros or 3% for a breach of high-risk obligations. SMEs and start-ups benefit from the lower of the two caps.
How to prepare
- Take inventory of your AI and, for each one, determine its real risk level.
- Clearly distinguish the use cases: credit scoring (high risk), fraud detection (excluded), 1:1 identity (in principle outside high risk), remote biometric identification (high risk).
- For your high-risk AI, document everything: data, decision logic, human oversight.
- Follow the Digital Omnibus, which will decide the actual date of application.
In conclusion
The AI Act is not a uniform wall: it all depends on the use case. For finance, remember the simple rule: credit scoring is regulated, the fight against fraud is preserved, and a standard identity verification remains free. The real work is making your decisions explainable and documented. That is good for the AI Act, and it is good for your customers' trust. To go further, see our complete KYC guide.
Sources: Regulation (EU) 2024/1689 (AI Act), Official Journal of the European Union (2024); European Commission, AI Act. Timeline subject to change depending on the adoption of the "Digital Omnibus".
Explainable scoring, built for the AI Act
With Meelo, every decision is explainable and traceable: the reason, the model version, human oversight and a complete audit trail. Identity verification, fraud detection and scoring in 2 to 5 seconds, with the transparency the AI Act expects.

.png)

%20(1).jpg)