# AI Act high-risk classification — DE / FR / IT

*Captured 2026-05-14T07:08:00Z · team tier · claude-opus-4-7 · https://gateway.ansvar.eu*

## Scenario

You are building a credit-scoring AI for three EU markets. Each member state may have additional national positions on top of the EU AI Act high-risk classification.

## What was asked

```
Compare AI Act high-risk classification for credit scoring across DE, FR, and IT. Include the harmonised EU position (Regulation (EU) 2024/1689 Annex III) plus any national supervisory-authority guidance. Side-by-side, with citations.
```

## Answer

## EU AI Act + national overlay — credit-scoring AI across DE, FR, IT

Credit scoring is **named explicitly** as a high-risk use case in the EU AI Act. The harmonised position is clear from the gateway's EU Regulations corpus. National supervisor-specific transpositions were not surfaced in this run — the gateway returned the EU position strongly but national searches yielded only tangential matches.

### EU harmonised position (Regulation (EU) 2024/1689)

The gateway returned the following on-point articles from the AI Act:

- **Article 6 — Classification rules for high-risk AI systems.** A system is high-risk if it falls into either the Annex I (product safety) route or the [Annex III](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32024R1689) route. Credit scoring sits in **Annex III, point 5(b)**: *"AI systems intended to be used to evaluate the creditworthiness of natural persons or establish their credit score, except for AI systems used for the purpose of detecting financial fraud."* The fraud-detection carve-out is narrow and does not cover scoring-of-individuals workflows.
- **Article 7 — Amendment of Annex III.** The Commission can add or modify high-risk use cases via delegated act; the credit-scoring entry has been stable through the negotiation.
- **Article 12 — Record-keeping.** High-risk providers must enable automatic logging over the lifecycle of the system, sufficient to trace decisions back to the input.
- **Article 27 — Fundamental rights impact assessment (FRIA).** Required for high-risk credit-scoring deployments by public-sector bodies and private bodies providing services of general interest. Banks providing consumer credit fall within scope where national law treats credit as such a service.
- **Article 43 — Conformity assessment.** Credit-scoring providers follow the Annex VI internal-control conformity-assessment route (not third-party-audit), unless a harmonised standard applicable to the system is not yet in force.
- **Article 49 — Registration in the EU database.** Mandatory before placing the system on the market.
- **Article 60 — Real-world testing outside a sandbox.** Optional regime with safeguards.
- **Article 72 — Post-market monitoring.** Continuous data-collection obligation for the provider.
- **Article 74 — Market surveillance.** Each Member State designates competent authorities; financial-sector AI systems may be supervised by the existing financial supervisor (BaFin / ACPR / Banca d'Italia) under Article 74(6).
- **[Recital 131](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32024R1689#rct_131)** confirms that AI systems intended for credit-scoring of natural persons should be classified as high-risk.

### National supervisor position — what the gateway returned

- **DE:** The German Law MCP was temporarily unavailable for this run (`servers_failed: ['German Law MCP']`). The other German MCPs (BaFin, BSI, BfDI, Bundeskartellamt) returned no on-point material for `Kreditwürdigkeit Hochrisiko`. BaFin's Merkblatt on AI in credit decision-making is not in the indexed corpus today. Re-run after the German Law MCP recovers for a fuller German picture.
- **FR:** The French Law MCP responded but the search returned articles from unrelated codes (Code monétaire, Code du travail technical-equipment articles) — not the ACPR / Banque de France position on AI in credit. The gateway did not surface AI-specific French law for this query.
- **IT:** The Italian Law MCP returned articles 3, 7, 11, 12, 14, 15 from a national code, but those entries are not the AI-specific Italian transposition. Banca d'Italia and AGCM positions on AI in credit are not in the indexed corpus.

### Side-by-side

| | EU (harmonised) | DE | FR | IT |
|---|---|---|---|---|
| Classification | **High-risk** (Art. 6 + Annex III §5(b)) | Same — direct application | Same — direct application | Same — direct application |
| FRIA required? | If deployed by public body or service-of-general-interest provider (Art. 27) | Capture gap (Law MCP down) | Capture gap (corpus thin) | Capture gap (corpus thin) |
| Competent market-surveillance authority | Member State designates (Art. 74) | Likely BaFin via Art. 74(6) financial-sector route (not gateway-confirmed) | Likely ACPR (not gateway-confirmed) | Likely Banca d'Italia (not gateway-confirmed) |
| Conformity-assessment route | Internal control (Annex VI) under Art. 43 | Same | Same | Same |

### Bottom line for your three-market deployment

The **EU position is unambiguous and harmonised**: credit-scoring AI is high-risk in DE, FR, and IT. The Article 12 logging, Article 27 FRIA, Article 43 conformity assessment, Article 49 registration, and Article 72 post-market monitoring all apply identically. **The national divergence question — which supervisor enforces, and what additional national guidance applies — was not resolvable from this gateway run.** Recommendation: commission a focused supervisor-by-supervisor review for the national overlay; the gateway is sufficient for the EU position but not for the national-supervisor positions today.

## Tool calls

| # | Tool | Result |
|---|------|--------|
| 1 | `search` | 10 results from EU Regulations MCP — AI Act Art. 6, 7, 12, 27, 43, 49, 60, 72, 74, Recital 131 |
| 2 | `search` | 0 results; partial=true — German Law MCP temporarily unavailable |
| 3 | `search` | 6 results from French Law MCP — articles from unrelated codes, off-topic for AI Act transposition |
| 4 | `search` | 6 results from Italian Law MCP — articles from a national code, not the AI-specific transposition |

## Citations

| Type | Jurisdiction | Reference | URL |
|------|--------------|-----------|-----|
| regulation | EU | AI Act Article 6 — Classification rules for high-risk AI systems | <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32024R1689> |
| regulation | EU | AI Act Annex III — High-risk use cases (point 5(b) credit-scoring) | <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32024R1689> |
| regulation | EU | AI Act Article 7 — Amendment of Annex III | <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32024R1689> |
| regulation | EU | AI Act Article 12 — Record-keeping | <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32024R1689> |
| regulation | EU | AI Act Article 27 — Fundamental Rights Impact Assessment | <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32024R1689> |
| regulation | EU | AI Act Article 43 — Conformity assessment | <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32024R1689> |
| regulation | EU | AI Act Article 49 — EU database registration | <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32024R1689> |
| regulation | EU | AI Act Article 72 — Post-market monitoring | <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32024R1689> |
| regulation | EU | AI Act Article 74 — Market surveillance + sector supervisor route | <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32024R1689> |
| regulation | EU | AI Act Recital 131 — Credit-scoring classification rationale | <https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32024R1689> |

---

Generated by Ansvar AI Gateway. This is the same artifact a customer would receive.