This is a cache of https://developer.ibm.com/articles/ai-financial-app-eu-act/. It is a snapshot of the page as it appeared on 2025-11-26T05:28:23.533+0000.
Is your AI financial app EU AI Act compliant? - IBM Developer
IBM Developer

Article

Is your AI financial app EU AI Act compliant?

A practical look at using generative AI to simplify regulatory compliance under the EU AI Act in the financial sector

By

Jennifer Glover,

Krishna Ratakonda,

Anuj Jain

On this page

Artificial intelligence (AI) is rapidly transforming financial services, streamlining operations, detecting fraud, and personalized investment advice. As agentic AI becomes essential for competitiveness, strong regulatory oversight is critical.

The EU AI Act marks a significant shift in AI governance. The act introduces a risk-based framework that is focused on transparency, accountability, and human oversight, especially in high-risk sectors such as financial industries. For organizations operating in or serving the European Union (EU), compliance is essential to maintain trust, avoid penalties, and deploy AI responsibly.

This article explores how an agentic system can support compliance even with complex regulations. Using a sample compliance agent and a fictional investment app - FinAI, the article demonstrates how AI agents can streamline compliance and accelerate development. It shows how adoption of agentic AI empowers compliance teams, legal professionals, and business leaders to accelerate understanding of regulations, reduce risk, and make smarter decisions.

FinAI: An example app

FinAI is a fictional smartphone app that uses generative AI trained on financial industry data to deliver real-time insights, personalized portfolio recommendations, and predictive analytics.

Key features:

  • AI insights: Real-time analysis of market trends and risks.

  • Personalized portfolios: Tailored to your goals and risk profile.

  • Predictive analytics: Anticipates market movements.

  • Risk management: Proactively identifies and mitigates threats.

  • User-friendly design: Easy-to-use, even for beginners.

  • Secure and compliant: Built with strong data protection and regulatory safeguards.

We now have an innovative investment app, but now a critical question needs to be asked - Is FinAI compliant with the EU AI Act? In the next section, explore how FinAI aligns with the EU Act requirements. While FinAI is fictional, it serves as a useful example to demonstrate how generative AI can support compliance efforts in real-world applications.

Compliance agents

To evaluate whether FinAI aligns with the EU AI Act, we use a compliance agent, which is trained for regulatory analysis. This agent uses a Granite model, fine-tuned with EU AI Act content using InstructLab. It is deployed on Red Had Enterprise Linux AI(RHEL AI), and hosted securely in IBM Cloud VPC, for a scalable, compliant, and production-ready AI solution.

What can it do?

  • Understand AI regulations: Interprets the EU AI Act and related compliance frameworks.

  • Evaluate AI services: Assesses applications such as FinAI against the EU Act’s risk-based requirements.

  • Flag and recommend: Identifies areas of noncompliance and suggests actionable remediation steps.

These capabilities reflect three agent types:

  • Informational agent: for regulatory data consumption and summarization
  • Analytical agent: for risk evaluation, insight generation, and remediation
  • Compliance agent: for audits, regulatory reporting, and continuous governance

Each agent is specialized and acts as part of a larger agent system.

By integrating these agents into the development lifecycle, teams can proactively ensure that their AI systems meet regulatory standards, turning compliance from a challenge into a strategic advantage.

watsonx Orchestrate

This multi-agent system is powered by watsonx Orchestrate, which acts as the coordination layer for the agent workflows.

What can Orchestrate do?

  • Provide knowledge: Build multi-agent systems where agents have access to the tools and information they need.
  • Enable action: Let agents use the right apps and tools to complete tasks efficiently.
  • Support teamwork: Orchestrate handles coordination so agents can work together without manual setup or oversight.
  • Guide responses: Set rules for how agents should behave, and Orchestrate helps them respond with the right tools and data.

How do the agents work to check compliance?

To evaluate FinAI’s alignment with the EU AI Act, we walk through a simple, step-by-step interaction with the compliance agent:

  1. Start the conversation: We begin by asking the agent: “What can you do for me?” The agent responds with its capabilities, analyzing AI systems, interpreting regulations, and identifying compliance gaps.

    Start the conversation

  2. Upload the FinAI service description: Next, we provide the agent with a detailed description of the FinAI app, including its features, data usage, and user impact.

    Uploading the FinAI service description

  3. Risk classification: After analyzing the service, the agent classifies FinAI as a high-risk AI system under the EU AI Act.

    Why? Because FinAI directly influences users’ financial decisions and well-being, an area that is explicitly covered by the Act’s high-risk criteria.

    Risk classification

  4. Compliance evaluation: The agent then checks FinAI against relevant articles of the EU AI Act, including requirements for transparency, human oversight, data governance, and risk mitigation.

  5. Actionable insights: Finally, it flags any areas of noncompliance and suggests specific remediation steps, helping developers align FinAI with regulatory standards early in the development process.

    Actionable insights

This demonstrates how AI can support AI governance, making compliance more accessible, proactive, and integrated into the product lifecycle. This demonstration is just one example of how agentic AI can support compliance, but the possibilities extend far beyond.

Example: Article 13 – Transparency and information

During the compliance check, the agent flagged a key issue that is related to Article 13 of the EU AI Act, which focuses on transparency.

Issues highlighted: FinAI does not clearly explain how its investment advice is generated. Users receive personalized recommendations, but the logic behind those decisions, such as how risk profiles are determined or how market data is interpreted, is not transparent.

Issues highlighted

What Article 13 requires:

  • Transparency for deployers: Organizations must ensure that users understand how AI systems decide.

  • Clear explanations: Users should receive meaningful information about the system’s logic, purpose, and potential impact.

Agent’s recommendation: To comply with Article 13, FinAI should provide detailed, user-friendly explanations of:

  • How personalization and risk profiling work.

  • What data is used to generate investment advice.

  • The role of AI in shaping recommendations.

Agent’s recommendation

By improving transparency, FinAI not only meets regulatory requirements but also builds user trust, an essential factor in financial services.

Beyond Article 13: Broader compliance review

While Article 13 highlighted transparency concerns, the compliance agents conducted a broader review across multiple provisions of the EU AI Act. The agents examined FinAI against other key articles, including:

  • Classification rules (Article 6)

  • Risk management system (Article 9)

  • Human oversight (Article 14)

These articles were flagged due to gaps in human-in-the-loop, unclear classification of high-risk AI systems, and the absence of a risk management framework. For each issue, the agent offered actionable recommendations to help bring FinAI into compliance.

Why regulatory compliance matters

Regulatory compliance in the age of AI is both complex and constantly evolving. For financial institutions, staying ahead of these requirements is critical, not just to avoid penalties, but to build trust and ensure ethical AI use. This is where agentic AI plays a transformative role.

By integrating AI-powered compliance agents into the development process, organizations can:

  • Reduce the manual effort that is involved in interpreting and applying regulations.

  • Improve accuracy in identifying compliance gaps and risks.

  • Accelerate time to market by streamlining reviews and remediation.

Conclusion and next steps

Adopting generative AI can enhance financial platforms and speed up compliance readiness. By using custom AI agents with watsonx Orchestrate, secure infrastructure on IBM Cloud VPC, model fine-tuning with RHEL AI, and InstructLab, financial enterprises can embed AI into their compliance workflows and move from reactive checks to proactive governance.

Ready to take the next step? Explore how IBM Cloud and agentic AI can support your compliance journey and turn regulation into a catalyst for innovation.


01 August 2025
Time to read: 7 minutes

Legend