Podcast

Discover BoursoBank's secrets to success with Benoit Grisoni

Logo officiel de Quicksign

AI ACT: Was it really necessary?

Resources

Share:

As the AI Act is set to take effect in August 2026, many financial institutions are questioning the technical challenges and strategic decisions this regulation imposes. Between protecting individual freedoms and global competitiveness, Europe has made its choice : becoming the first global power to carve a strict legal framework for artificial intelligence into stone. But how do you navigate this new labyrinth without losing your commercial agility?

In a highly regulated sector where technological innovation has become the primary driver for customer retention and operational efficiency, a fundamental question arises: was this text an absolute security necessity, or does it risk hindering our competitiveness? How can you navigate this new labyrinth without losing your commercial agility?

AI ACT: Was it really necessary?

The “High-Risk” AI Category: The New Operational Standard for Banks and Insurance

To understand the AI Act, one must first understand its underlying logic: it is based on a risk pyramid that determines the level of obligations imposed on companies:

  • Unacceptable risks: A complete ban (e.g., Chinese-style social scoring).
  • High risks: Maximum requirements for transparency, data quality, and human oversight.
  • Limited and minimal risks: Light information obligations (e.g., chatbots).

For financial services, this regulation carries a significant impact since two of the sector’s core use cases fall directly into the “High-Risk” category: credit scoring and remote biometric identification.

This classification does not mean a ban, but it imposes a strict set of specifications for any deployed AI system. The requirements are clear:

  • Flawless data governance: training datasets must be representative, complete, and, as far as possible, free of errors to prevent discriminatory biases during credit allocation or customer onboarding.
  • Transparency and explainability: every automated decision must be documented so that it is intelligible to an auditor or the final customer.
  • Human oversight: humans must have the capacity to intervene, correct, or override a decision produced by the AI.
  • Robustness and cybersecurity: the system must withstand manipulation attempts (such as data poisoning) and guarantee a consistent level of accuracy.

“The regulator isn’t necessarily asking you for 500 pages of new procedures, they are simply asking you to prove that you control your risks.” – Armand BEDEAU

The Culture Clash: USA, China, and Europe

These rigorous technical requirements reflect a European philosophy that clashes with global dynamics. The AI Act perfectly illustrates the divergence of global legal cultures when facing the technological revolution.

  • Chinese pragmatism: Here, AI is a tool for State control and economic power. Regulation exists, but it is vertical, serving national stability above all.
  • The American laissez-faire approach: The focus is on disruptive innovation, with regulation happening through the market or lawsuits after the fact.
  • The European exception: We have chosen to be the “referees” of the world. By protecting the fundamental rights of citizens even before technologies are massively deployed, the European Union hopes to impose its standard globally, just as it attempted to do with personal data and the General Data Protection Regulation (GDPR). The risk? Refereeing a football game in which no European team is playing. Indeed, this choice of absolute protection slows down the growth of technological giants that could compete with Chinese or American players.

Toward a European Wake-Up Call?

This asymmetry has already triggered strong reactions. The tide is turning. Mario Draghi’s 2025 report on European competitiveness acted as a wake-up call in Brussels. By regulating the usage before even mastering the technology, Europe risks becoming a spectator of American and Chinese innovations.

“Europe must stop regulating what it does not yet produce.” – Mario Draghi

We are now realizing that European regulatory inflation has diverted investments away from R&D, toward compliance. The recent idea of an “Omnibus package” aimed at easing administrative burdens and fostering sovereignty shows that Europe is finally starting to understand that a rule without an industry behind it is a dead rule.

The Shadow of the GDPR

This debate on competitiveness directly echoes the lessons learned from the GDPR. The specter of a “GDPR 2.0” legitimately haunts many legal departments. While the data regulation undeniably turned Europe into a privacy fortress, its implementation has sometimes paralyzed innovative initiatives through overly rigid interpretations.

The challenge for 2026 is to avoid repeating this mistake. The AI Act must be used as a quality filter. By imposing high standards, European banks can differentiate themselves through “Trust Tech,” whereas extra-European players might stumble over the opacity of their models.

How to Apply the AI Act Intelligently

The most important message for financial institutions today is moderation: do not rush. The regulation is still a living matter. Between political pressures for simplification and technical adjustments from the European AI Office, the framework can still shift. Investing heavily in a compliance roadmap today could prove counterproductive tomorrow.

However, not rushing does not mean standing still! The goal is to be ready to act fast when the time comes. This requires:

  • Constant monitoring: Following the evolution of guidelines so you are not caught off guard.
  • A flexible infrastructure: Choosing agile technological partners capable of updating their models and technical documentation in real time.
  • A data culture: Cleaning up your databases now, as this is the single foundation that will not change, regardless of the text’s final version.

To remain agile, financial services must adopt a pragmatic posture.

  • Do not create new silos: Integrate AI into your existing risk mappings (DORA, GDPR).
  • Demand transparency from your partners: A partner like QuickSign absorbs the technical and documentary complexity for you.
  • Think “Use Case” before “Tool”: The AI Act regulates what you do with AI, not the technology itself.

A Shared Vision of Compliance

The AI Act reminds us that technology cannot develop sustainably without a clear framework of trust. By anticipating these transformations pragmatically and relying on natively adaptive architectures, the financial sector can approach the 2026 deadlines with peace of mind. The stakes are no longer just about complying with the rules, but ensuring that today’s technological choices remain the drivers of your growth tomorrow.

At QuickSign, we are preparing our tech building blocks (eID, eKYC, eSign) to be natively “AI Act compliant.” By delegating your digital onboarding to QuickSign, you secure the expertise of a partner that absorbs regulatory shifts for you, allowing you to focus on your true business priorities.

Would you like to watch our webinar on the AI ACT? Here is the replay:

Redacted by Marilou T.

Our Latest news and resources

See More Resources
BankTech Day 2026 - QuickSign roundtable : Is the promise of instant financing finally here
Article, Event
18/03/2026

BankTech Day – Is the promise of instant lending finally here?

Read article
webinar eIDAS 2.0 topic banner
Article, Event
04/02/2026

eIDAS 2.0 & EUDI Wallet – Are you Ready ? 

Read article
French investment conference by QuickSign and Finance Innovation
Article, Event
09/12/2025

How to turn French savings into investments in 2026?

Read article

Ready to build your digital onboarding journeys with an expert team?

Our specialists are at your service
Contacter an expert