The EU AI Act: What Irish Financial Services Firms Need to Know

The European Union's Artificial Intelligence Act, which entered into force in August 2024, is the world's first comprehensive legal framework for AI. For Irish financial services firms, it represents a fundamental shift in how AI systems must be developed, deployed, and governed. While the full force of the regulation for high-risk systems will not apply until December 2027, the Central Bank of Ireland has made it clear that it expects firms to be preparing now.

This article provides a practical overview of what the EU AI Act means for your firm, focusing on the areas most relevant to the regulated financial sector in Ireland.

A Risk-Based Approach
The AI Act is not a one-size-fits-all regulation. It adopts a risk-based approach, categorising AI systems into four tiers:

Risk Tier
High-Risk
Limited Risk
Minimal Risk

For financial services, the most significant category is High-Risk. The Act explicitly classifies AI systems used for creditworthiness evaluation and life and health insurance risk assessment and pricing as high-risk. This means that any firm using AI in these areas will be subject to the Act's most stringent requirements.

Key Requirements for High-Risk AI Systems
If your firm deploys a high-risk AI system, you will be required to demonstrate compliance across several key domains:

Risk Management System: You must establish, implement, document, and maintain a continuous risk management system throughout the AI system's lifecycle.
Data Governance: The data used to train and test your AI models must be relevant, representative, and of high quality.
Technical Documentation: You must maintain detailed technical documentation that allows authorities to assess the system's compliance.
Record-Keeping: Your AI system must be capable of automatically recording events (logs) while it is in operation to ensure traceability.
Transparency: You must provide users with clear and adequate information about the AI system, its capabilities, and its limitations.
Human Oversight: High-risk AI systems must be designed to be effectively overseen by humans, including the ability to intervene or discard the system's output.
Accuracy, Robustness, and Cybersecurity: Your AI systems must perform consistently throughout their lifecycle and be resilient against both errors and attempts to alter their performance.

The Role of the CBI and the National AI Office
In Ireland, the CBI has been designated as the competent authority for supervising the use of AI in financial services under the Act. A new National AI Office is also being established to serve as the central coordinating authority for the Act's implementation across all sectors.

This dual structure means that financial services firms will be interacting with the CBI on AI governance as part of their regular supervisory engagement. The CBI has already indicated in its 2026 Supervisory Outlook that it will be assessing firms' preparedness for the AI Act this year.

What You Should Be Doing Now
December 2027 may seem distant, but achieving compliance with the AI Act is a significant undertaking. The essential first steps for any regulated firm are:

Create an AI System Inventory. You cannot govern what you do not know you have. Conduct a firm-wide inventory to identify and document every AI system currently in use or in development.
Conduct a Risk Classification. Using the criteria in the AI Act, classify each system in your inventory to determine which ones are likely to be considered high-risk.
Perform a Gap Analysis. For each high-risk system, assess your current governance, risk management, and documentation practices against the requirements of the Act.

The EU AI Act is a landmark piece of legislation that will reshape the use of technology in financial services. The firms that start preparing now will not only ensure compliance but will also build more robust, trustworthy, and effective AI capabilities for the future.

References
1. Central Bank of Ireland. (2026, February). Regulatory & Supervisory Outlook 2026. centralbank.ie
2. European Commission. (2024, August). The EU Artificial Intelligence (AI) Act. gov.ie
3. William Fry. (2025, September). Ireland Establishes Comprehensive AI Regulatory Framework. williamfry.com

Liz Bancroft-Turner
Founder & Managing Director, Tolt Innovations
With over 25 years of experience leading technology and transformation programmes across the UK, US, Europe, and Asia for organisations including Credit Suisse, HSBC, Barclaycard, AIB, EY, Accenture, and Microsoft ,Liz founded Tolt Innovations to help Irish regulated financial services firms achieve CBI supervisory readiness.