Home Knowledge High-Risk AI in Financial Services

High-Risk AI in Financial Services

June 8, 2026
Technology
Partner
John O’Connor
Conor Forde
Associate
Conor Forde

On 19 May 2026, the European Commission published draft guidelines on the classification of high-risk AI systems under Article 6 of the AI Act (the Guidelines), as discussed in our earlier article here.

By way of quick recap:

  • Article 6(1) captures AI systems that are themselves products, or safety components of products;
  • while Article 6(2) captures the stand-alone use cases listed in Annex III, including access to essential private and public services; and
  • Article 6(3) provides a filter mechanism, which exempts Annex III use cases from high-risk classification where the AI system (i) performs a narrow procedural task, (ii) improves the result of a previously completed human activity, (iii) detects decision-making patterns or deviations, or (iv) performs a preparatory task.

Financial Services Providers

For the purposes of Article 6(2) and Annex III, the provider’s stated intended purpose remains the primary basis for classification. This is to be determined by reference to the AI system’s instructions for use, technical documentation and any promotional materials. Where an AI system has a broad intended purpose that includes a high-risk use case as one of its functions, the system as a whole will be classified as high-risk.

For financial services providers, the Guidelines are particularly significant, as AI systems used by these entities may fall within the category of high-risk systems described in Annex III. This captures AI systems that affect access to and enjoyment of essential private services, essential public services, and benefits for natural persons. In practice, this may include AI applications used to assess the creditworthiness of natural persons, to establish credit scores, and to support risk assessment and pricing in life and health insurance.

AI systems evaluating creditworthiness or establishing credit scores

AI systems that evaluate a natural person’s creditworthiness or establish a credit score are classified as high-risk AI systems, irrespective of any additional functionalities they may have. The Guidelines expressly confirm that this includes, for example, credit scoring models used in consumer lending and mortgage origination, whether deployed directly by the decision-making entity or provided by a third party.

By contrast, AI systems used solely for specific functions, such as pricing, are not considered high-risk under Annex III. However, careful analysis of the AI system’s functionality and intended purpose is required, as AI systems which combine pricing with a high-risk function such as credit scoring, in an integrated process will be considered high-risk.

Data generated by a high-risk AI system can be used in a separate AI system, and this will not, by itself, make that separate system high-risk, provided that the separate system using the data is strictly limited to a non-high-risk function.

An exception to this functionality test applies where AI systems that would ordinarily be considered high-risk have the primary intended purpose of fraud detection. Where fraud detection is the main intended use of the AI system, preceding all other purposes for which the AI system may be used, the AI system will not be classified as high-risk.

A similar approach applies to AI systems intended for anti-money laundering or counter-terrorist financing purposes. These will not ordinarily fall within Annex III unless their intended purpose is functionally linked and simultaneously intended to be used for the evaluation of creditworthiness or to establish a credit score.

Risk assessment and pricing in life and health insurance

AI systems used to perform risk assessment or to determine pricing in the context of public or private life and health insurance are also classified as high-risk.

The Guidelines clarify that, in this context, risk assessment involves “the evaluation of a natural person’s risk profile to determine whether to offer, deny, revoke or deliver services related to health and life insurance, in particular full or partial insurance coverage, including the establishment or modification of policy terms and conditions (for example, coverage, exclusions, deductibles and policy limits)”. Pricing is described as the “methodologies and criteria used to determine insurance premiums as an integral part of policy terms and conditions”.

As with credit-related use cases, classification turns on the system’s intended purpose. AI systems used solely for distinct functions outside these parameters, such as claims management or product design, do not fall within this high-risk category.

However, the position differs from that applicable to creditworthiness assessments in one important respect. There is no equivalent exclusion for fraud detection in the context of life and health insurance risk assessment and pricing. AI systems intended for these high-risk purposes will remain classified as high-risk even when they also incorporate functionality capable of supporting fraud detection. The only exception would arise where the fraud detection functionality can properly be regarded as a separate system with a distinct intended purpose.

Conclusion

The draft Guidelines provide welcome clarification on the application of Article 6 and Annex III, while preserving a principled and proportionate approach to high-risk classification.

For financial services providers, the focus on intended purpose, coupled with the nuanced treatment of adjacent functionalities such as fraud detection, underscores the importance of carefully defining and documenting how AI systems are designed, positioned and deployed.

As the final text of the Guidelines is settled and implementation timelines crystallise, financial services providers should prioritise a detailed assessment of their AI use cases against these criteria, ensuring that classification decisions are robust, well-evidenced and aligned with the evolving regulatory framework.

In particular, Irish financial services providers should ensure that appropriate classifications are clearly attributed to relevant AI systems and, if required, can be substantiated with robust evidence in any engagement with the Central Bank of Ireland as the competent authority under the AI Act.

For further information, please get in touch with one of the Key Contacts listed or your usual William Fry contact.

Recommended Insights

See all
Article and Insights
5
Jun 2026
Legal News – June 26
A selection of our most recent publications from the past month.
WF_author_blank
Knowledge Lawyer
Tracy MacDevitt
Article and Insights
19
May 2026
EU Publishes Draft Guidelines on Classification of High-Risk AI Systems
The European Commission opened a five-week consultation on 19 May 2026 on its draf...
WF_author_blank
Partner
Barry Scannell
Article and Insights
14
May 2026
William Fry Technology Report 2026: A new era of vast transformation
AI readiness gap emerging among Irish businesses despite Ireland’s strong global t...
WF_author_blank
Partner
Leo Moore
Article and Insights
12
May 2026
EU AI Act Omnibus Deal Reached: Postponed Deadlines, Watermarking Compromise, and the Nudificiation Prohibition
The EU reached a provisional AI Act deal delaying high‑risk obligations, tightenin...
WF_author_blank
Partner
Barry Scannell
Article and Insights
8
May 2026
Legal News – May 26
A selection of our most recent publications from the past month.
WF_author_blank
Consultant
Tara Rush
Article and Insights
1
Apr 2026
Legal News – April 26
A selection of our most recent publications from the past month.
Article and Insights
19
Mar 2026
World Consumer Rights Day (Part 3): Mandatory Withdrawal Button Coming June 2026
In this part 3 of our series, the spotlight is on the new mandatory "withdrawal bu...
WF_author_blank
Senior Associate
Laura Casey
Article and Insights
18
Mar 2026
World Consumer Rights Day (Part 2): Reshaping Online Subscription Rights? The Sky Austria Case
Part 2 of our World Consumer Rights Day series examines the Sky Austria case, whic...
WF_author_blank
Partner
Rachel Hayes
Article and Insights
16
Mar 2026
World Consumer Rights Day (Part 1): Digital Fairness Act – the Road to Fitness for Online Consumers?
Part 1 of our series examines the Digital Fairness Act (DFA), which proposes enhan...
WF_author_blank
Partner
Rachel Hayes
Article and Insights
4
Mar 2026
Legal News – March 26
A selection of our most recent publications from the past month.
WF_author_blank
Consultant
Ann Shiels
prev
next
See all