Compliance · Finance

EU AI Act compliance
for finance in Norway

Credit scoring, insurance pricing, and the high-risk line. The high-risk obligations bind from 2 August 2026, transposed into Norwegian law through KI-loven. Below is the obligation map for your sector, drawn live from the Kernal compliance graph.

High-risk deadline 2 August 2026 · Andes Labs · Oslo, Norway

Creditworthiness and insurance are named high-risk uses

Annex III names two finance uses explicitly: evaluating the creditworthiness or credit score of a person (fraud detection is the one carve-out), and risk assessment and pricing for life and health insurance. Both are high-risk by default, so the deployer duties — human oversight, logging, a Fundamental Rights Impact Assessment before first use — apply. Knowing whether a model is in scope, and documenting the fraud-detection exclusion where it applies, is the first compliance step.

Obligations that apply to finance

5 obligations from the EU AI Act apply to this sector. Each shows what the duty requires and the evidence you will need to demonstrate it.

Article 26(2)Your duty (deployer)

Human oversight

Assign human oversight to a competent, resourced, named person with authority to monitor, intervene, and stop the system.

Evidence you will need

  • signed oversight assignment naming the owner
  • oversight monitoring log
Article 26(5)Your duty (deployer)

Monitor and suspend on risk

Monitor operation; suspend use and inform the provider or authority if a risk to health, safety or fundamental rights emerges or a serious incident occurs.

Evidence you will need

  • monitoring procedure
  • incident-escalation runbook
Article 26(6)Your duty (deployer)

Keep logs

Retain the automatically generated logs under the deployer’s control for the appropriate period.

Evidence you will need

  • log-retention policy
  • sample retained logs
Article 6(2) / Annex III(5)(b)Demand from your AI vendor (provider)

High-risk: AI for creditworthiness and credit scoring

AI used to evaluate the creditworthiness of natural persons or to establish their credit score is high-risk, except where used to detect financial fraud.

Evidence you will need

  • use-case classified high-risk under Annex III(5)(b)
  • documented exclusion if the system is fraud-detection only
Article 6(2) / Annex III(5)(c)Demand from your AI vendor (provider)

High-risk: AI for life and health insurance risk and pricing

AI used for risk assessment and pricing of natural persons in life and health insurance is high-risk.

Evidence you will need

  • use-case classified high-risk under Annex III(5)(c)
  • pricing/risk-model documentation

Source: Regulation (EU) 2024/1689 (EU AI Act). This is general information, not legal advice; the high-risk classification of a specific system is fact-specific and should be confirmed with counsel.

How Kernal helps

Most of these duties are not about whether you comply — they are about whether you can demonstrate it. Human oversight, monitoring, logging, and impact assessments all produce evidence a regulator can ask for at any time. Kernal is the context layer that captures that evidence as the work happens: every interaction logged, the human decision recorded, an oversight chain you can show rather than assert.

The same obligation graph that renders this page is the one the product runs on. The Compliance Cartridge maps your AI systems to the obligations above and assembles the burden-of-proof record continuously, so the answer to "show us" is already structured.

Kernal does not make Claude smarter. It makes Claude provable.

See your finance obligations

Thirty minutes to map your AI usage against the EU AI Act (KI-loven) obligations for finance, and to see how the governance layer supports your programme before the 2 August 2026 deadline.

Book a session explore@andes.no

kernal.andes.no · Andes Labs · Oslo, Norway