Compliance · EU AI Act 2024/1689

Build an EU AI Act–compliant
fintech.
Without hiring an AI-risk officer.

The AI Act (Regulation 2024/1689) classifies most fintech AI as high-risk under Article 6. That triggers Articles 9–15 obligations: risk management, data governance, technical documentation, human oversight, accuracy/robustness. Minctrl's compliance_officer agent maps every design decision to its article and produces an auditable evidence trail — the same way it does for DORA, MiCA, and SOC2.

EU AI Act Art. 6Art. 9Art. 10Art. 13Art. 14Art. 15DORAGDPRISO 42001
Generate now →See pricing
What you get

Generated automatically by the pipeline.

01

Risk management system (Art. 9)

Risk register specific to AI-as-financial-actor: prompt injection, hallucination, capability creep, model drift, supply-chain. Each with detection + mitigation + financial-loss bound.

02

Data governance (Art. 10)

Training-data provenance, bias-assessment template, statistical-property audit. Compatible with GDPR Art. 9 special categories.

03

Technical documentation (Art. 11)

Auto-generated docs/ai-act/technical-doc.md covering model card, intended purpose, deployment context, foreseeable misuse.

04

Human oversight (Art. 14)

Multi-sig governance overlay, m-of-n threshold-sig over agent decisions, kill-switch protocol, timelock for governance changes.

05

Accuracy + robustness (Art. 15)

Continuous behavioural canary (20 golden-set prompts weekly), adversarial test harness, drift-detection thresholds, model-version pinning.

06

Post-market monitoring + incident log

Append-only audit log (Art. 12), 15-min incident response, ESMA/EBA notification templates aligned with DORA Art. 17.

— Best fits

Start with one of these product types.

AI-Agent Bank β

Purpose-built for AI Act: 5 domain agents (identity, KYC, payment, risk, governance) + article-mapped audit pack.

Open archetype →
Robo Advisor

AI-driven investment advice — Art. 6 high-risk + MiFID II suitability + IAA. Triple compliance in one pipeline.

Open archetype →
Neobroker

AI-routed orders / surveillance triggers high-risk classification. MAR + MiFID overlay.

Open archetype →
KYC Platform

Biometric-liveness AI is explicitly Annex III. AI Act + AML5/6 + GDPR special-category data covered.

Open archetype →
— FAQ

Questions we hear often.

When does the AI Act apply to my fintech?

General-purpose AI obligations: Aug 2025. High-risk system obligations (Art. 9–15): Aug 2026. Most fintech AI lands in high-risk under Annex III §5(b) (creditworthiness) or §5(c) (risk assessment for life/health insurance). If your model influences a financial decision, assume scope.

We use an external LLM (Anthropic / OpenAI). Are we still in scope?

Yes. As the deployer, you're responsible under Art. 26 — the foundation-model provider has separate Art. 53 obligations. Minctrl generates the deployer-side artefacts (risk-management plan, oversight protocol, post-market monitoring) automatically.

What about non-EU companies?

Art. 2 has extraterritorial reach: any AI system whose output is used in the EU market is in scope. If you serve EU customers, you need an Authorised Representative (Art. 22) — included in the AI-Agent Bank archetype's compliance.md.

Penalties — how bad?

Up to €35M or 7% of global turnover for prohibited-AI violations. €15M / 3% for high-risk-system non-compliance. €7.5M / 1.5% for misleading information to authorities. The compliance_officer agent calibrates severity scoring against these thresholds in its gap analysis.

Ready to generate yours?

Free tier. No credit card. Bring your own LLM key — pay only when AI ships actual code.

Launch dashboard →