As artificial intelligence becomes more deeply embedded across financial services, one of the most practical challenges facing fintechs, financial institutions, and supervisors is how to interpret and apply the EU Artificial Intelligence Act in concrete use cases.
While the EU AI Act establishes a clear risk-based framework, it does not provide a detailed mapping of how specific fintech services should be classified in practice. To support this translation from regulation to implementation, the European Digital Finance Association (EDFA) has developed an AI Risk Taxonomy for Services in Fintechs, prepared by the EDFA AI, Digital and Data Security Working Group.
Why EDFA developed an AI risk taxonomy
The EU AI Act distinguishes between unacceptable, high, limited, and minimal risk AI systems, with different legal consequences attached to each category. For digital finance, this structure has significant implications, particularly for services involving creditworthiness assessment, fraud detection, customer interaction, and automated decision-making.
In practice, however, many organisations face uncertainty when assessing which AI-enabled services are likely to attract heightened regulatory scrutiny, where transparency obligations apply, and how to distinguish between internal optimisation tools and customer-impacting systems.
The EDFA AI Risk Taxonomy was developed to provide a shared interpretative reference, supporting more consistent internal governance and supervisory dialogue, while remaining aligned with the structure and intent of the EU AI Act.
A Working Group contribution grounded in practice
The taxonomy is the result of collaborative work within the EDFA AI, Digital and Data Security Working Group, bringing together industry practitioners and policy-focused experts.
The Working Group brings together representatives from 16 national fintech associations and more than 75 experts from across the European digital finance ecosystem.
The work reflects practical experience from across digital finance while remaining anchored in the language and structure of the EU AI Act, and draws inspiration from existing industry research adapted to the European regulatory and supervisory context.
Access the full taxonomy
The full EDFA AI Risk Taxonomy for Services in Fintechs is available for download via the link below.