The EU AI Act Explained: What Banks and Startups Need to Know

Written By Contextual Solutions

Throughout history, new technologies have always driven societal progress. However, with this progression came risks that needed to be mitigated. Whether it’s for automobiles, FinTech instruments, or data collection systems, new technologies have always required regulation to facilitate innovation while protecting the safety of its users, and AI is no exception.

AI has revolutionized industries through automating tasks, personalizing experiences, and advancing education and healthcare. However, its rapid adoption has raised significant concerns, including privacy violations from the vast data required to train models, bias, discrimination that comes from flawed datasets, and cybersecurity threats from weaponized AI tools. The World Economic Forum even spoke about AI as the main topic of discussion when outlining ‘the 3 biggest emerging risks the world is facing.’.

These challenges highlight the urgent question: how do we harness AI's potential while ensuring user safety and privacy? The European Parliament’s response to this is the EU AI Act.

What is the EU AI Act?

The EU is known for its tight technology regulations, such as the General Data Protection Regulation (GDPR), the Digital Services Act (DSA), and more.

In April 2021, it introduced the EU AI Act, the first comprehensive legal framework for AI. Its goal is to establish uniform rules for AI development, market placement, and usage, promoting ‘human-centric, trustworthy AI while safeguarding health, safety, and fundamental rights’. The Act aims to balance innovation with user protection.

The Act classifies AI technologies into risk levels, each requiring varying degrees of human intervention:

  • Unacceptable Risk: Completely banned tools, such as behavioral manipulation (e.g., voice-activated toys encouraging unsafe activities), social scoring systems, or real-time biometric identification (e.g., facial recognition without consent).

  • High Risk: Permitted but tightly regulated tools requiring conformity assessments, technical documentation, risk management plans, and user disclosure. Examples include AI used in education, critical infrastructure, law enforcement, and employment, all of which must be registered in the EU database.

  • Limited Risk: Systems in this category require transparency measures, such as informing users that they are interacting with AI. Providers must design outputs such as text, audio, or images in a way that they’re machine-readable so they can be identified as AI-generated. Examples include AI virtual assistants and chatbots.

  • Minimal Risk: This category includes technologies that pose little to no risk to users’ safety or rights. While there are no mandatory obligations, providers are encouraged to follow ethical guidelines and best practices, such as incorporating human oversight, ensuring fairness, and avoiding discrimination.

The regulations don’t just apply to providers and users but extend to importers, distributors, and manufacturers serving the EU market.

These changes will significantly impact how banks and startups introduce and operate AI technologies. Businesses will need to ensure compliance while fostering innovation to address challenges effectively and leverage opportunities in the EU market.

Fines and Penalties

Under Article 99 of the Act, engaging in prohibited AI practices listed in Article 5 can result in fines of up to €15 million or 3% of the company's annual global turnover. For more severe violations, such as failing to comply with high-risk AI system requirements, fines can escalate to €35 million or 7% of the company’s annual turnover.

How will the Startup Ecosystem be impacted?

Compliance with the EU AI Act introduces significant costs, particularly in legal and consulting services.

For startups with limited resources, this may mean diverting funds from critical areas like product development and marketing, potentially slowing innovation and hindering the entry of new initiatives into the market.

However, while these challenges are evident, there are also untapped opportunities when aligning with these regulations.

Strategic Opportunities for Startups

According to PWC, trust has become the new currency for business, with 71% of consumers stating they are unlikely to buy from a company that loses their trust.

Rachel Botsman, an author, lecturer at Oxford University, and expert on trust and collaboration in the digital age, emphasized in her renowned TED Talk how trust has become the backbone of how people use digital platforms. She highlighted how companies like Airbnb leveraged this principle, building trust between users to facilitate billions in transactions and scaling into a global giant.

For early-stage startups, compliance may not initially seem like a priority. However, those who proactively adopt ethical AI practices and align with regulations can stand out, appealing to consumers and businesses seeking responsible solutions.

Demonstrating compliance signals trustworthiness to investors, attracting funding that can be reinvested into growth areas like product development and marketing, further accelerating their progress against competitors.

Trust-driven startups are also more likely to form collaborations with larger partners and, most importantly, build strong, lasting relationships with customers, ensuring long-term sustainability and retention.

How Will Banks Be Impacted?

Although the EU AI Act is not industry-specific (it currently excludes military, defense, and research applications), it will have significant implications for financial services.

With 70% of financial service firms in the pilot stage of Generative AI testing and 91% using predictive AI for functions like fraud detection and risk analysis, banks must evaluate the risk categories their AI technologies fall under to ensure compliance.

Existing non-compliant AI systems may need updates or replacements, incurring additional costs, which would become a considerable challenge given the widespread adoption of AI in the financial sector.

The risk level of AI systems under the EU AI Act is determined by their use case rather than the technology itself. For instance, AI tools used for fraud detection are unlikely to be classified as high-risk. On the other hand, systems designed for social scoring, where individuals are rated based on behavior, may fall under the "unacceptable" category and are strictly prohibited.

However, these challenges also present opportunities. In trust-driven industries like online banking, where customers rely on secure systems for managing their capital, compliance can become a competitive advantage. By investing in regulatory alignment, banks can enhance customer trust and loyalty, gaining an edge in the evolving trust economy. This approach not only strengthens relationships with existing clients but also opens doors to new partnerships and market opportunities.

Despite the challenges of compliance, financial institutions won’t navigate this transition alone. The National Competent Authority (NCA) will play a crucial role in guiding companies through the regulatory landscape. They’ll oversee the deployment of high-risk AI systems, conduct conformity assessments, and offer best practice guidelines. By creating frameworks and providing resources, the NCA will support institutions in aligning with the new requirements while maintaining operational efficiency.

Next Steps: How To Prepare?

The introduction of the EU AI Act requires startups and banks to change their approach to balance innovation with compliance. While this shift may demand resources upfront, it prevents the costly consequences of non-compliance in the future.

Early-stage startups, often not used to prioritizing compliance, must dedicate time to understanding the Act's requirements. Regulatory considerations should shape their product development strategies from the start. This includes conducting thorough risk assessments prior to product launches and ensuring systems are properly registered in the EU. High-risk AI systems will require robust data governance frameworks to avoid operational or financial setbacks during product rollout or investment rounds.

Startups unfamiliar with regulatory navigation can benefit from forming partnerships with banks or larger corporations. Such collaborations can provide access to compliance resources and mentorship, ensuring adherence to the regulations while enabling startups to remain competitive.

Banks with existing AI systems or those in development face a different challenge. With access to more resources, they may need to establish specialized AI compliance teams. These teams can evaluate current systems, identify non-compliance risks, and implement internal policies and procedures to ensure future developments align with the Act’s requirements. Proactive investment in compliance infrastructure will help banks sustain innovation while maintaining regulatory integrity.

Banks and startups will also need to cultivate a compliance-oriented culture across the entire organization rather than delegating the responsibility to a single team. Banks can achieve this by training staff on AI ethics, compliance, and the specifics of the EU AI Act to promote awareness and accountability. A strong compliance culture can also attract top talent, enhancing both productivity and reputation as a trustworthy institution.

As AI systems evolve, frameworks must be established for continuous risk assessment to proactively address risks and mitigate potential compliance issues. This enables swift and effective responses to breaches while minimizing financial and reputational damage.

From a technical standpoint, compliance may require exploring new tools and technologies. Investing in R&D can help businesses design innovative solutions that address market needs while meeting regulatory requirements. Ethical considerations must now be central to the design and development of new systems alongside traditional factors such as scalability and profitability. This ensures that compliance is not just a legal obligation but a driver of long-term growth and innovation.

The EU AI Act isn’t solely about restrictions but also opens doors for growth. Companies that adapt early and position themselves as ethical and compliant will gain a competitive advantage. This includes increased customer loyalty, access to partnerships, and potential for market expansion. Banks and startups must strategize with marketing teams to effectively communicate their commitment to compliance, strengthening their reputation and appeal.

By embracing these strategies, startups, and banks can navigate the challenges of the EU AI Act while positioning themselves to thrive in a trust-based economy.

Conclusion: Is the Eu AI Act a Setback or An Opportunity?

While the EU AI Act may initially appear as a restrictive barrier, companies that perceive it as an opportunity rather than an obstacle can position themselves for long-term success.

History demonstrates that regulation often catalyzes, rather than hinders, innovation. The automotive industry is a prime example, with companies like Tesla thriving despite safety and environmental regulations. Similarly, the EU AI Act should not deter innovation within the tech sector but instead be leveraged as a framework for building a prosperous and responsible AI ecosystem.

Although the Act officially entered into force in 2024, certain provisions, particularly for high-risk AI systems, are yet to be implemented. To bridge this gap, the European Commission introduced the AI Pact aimed at facilitating early adoption of these measures. This Pact provides a collaborative environment for stakeholders, helping them better understand AI's implications and prepare for full compliance.

By embracing the opportunities within this regulatory framework, companies can not only ensure compliance but also build trust, foster innovation, and secure their future in the rapidly evolving AI landscape.

Ready to launch or expand your AI startup into the EU Market?

Navigating the EU AI Act and compliance regulations can be overwhelming, particularly for startups, but it can also be a powerful opportunity. At Contextual Solutions, we specialize in helping startups and fintech businesses confidently launch and thrive in the EU, guiding them every step of the way.

Contact us today to get tailored guidance for your market launch or expansion.

Contextual Solutions
Previous

Should BigTech Stay Out of Politics? Big Tech Needs Responsible Data Usage
Next

European Tech Entrepreneurs in Africa: Can They Succeed?