Compliance · Finance
EU AI Act compliance
for finance in Norway
Credit scoring, insurance pricing, and the high-risk line. The high-risk obligations bind from 2 August 2026, transposed into Norwegian law through KI-loven. Below is the obligation map for your sector, drawn live from the Kernal compliance graph.
High-risk deadline 2 August 2026 · Andes Labs · Oslo, Norway
Creditworthiness and insurance are named high-risk uses
Annex III names two finance uses explicitly: evaluating the creditworthiness or credit score of a person (fraud detection is the one carve-out), and risk assessment and pricing for life and health insurance. Both are high-risk by default, so the deployer duties — human oversight, logging, a Fundamental Rights Impact Assessment before first use — apply. Knowing whether a model is in scope, and documenting the fraud-detection exclusion where it applies, is the first compliance step.
Obligations that apply to finance
5 obligations from the EU AI Act apply to this sector. Each shows what the duty requires and the evidence you will need to demonstrate it.
Human oversight
Assign human oversight to a competent, resourced, named person with authority to monitor, intervene, and stop the system.
Evidence you will need
- signed oversight assignment naming the owner
- oversight monitoring log
Monitor and suspend on risk
Monitor operation; suspend use and inform the provider or authority if a risk to health, safety or fundamental rights emerges or a serious incident occurs.
Evidence you will need
- monitoring procedure
- incident-escalation runbook
Keep logs
Retain the automatically generated logs under the deployer’s control for the appropriate period.
Evidence you will need
- log-retention policy
- sample retained logs
High-risk: AI for creditworthiness and credit scoring
AI used to evaluate the creditworthiness of natural persons or to establish their credit score is high-risk, except where used to detect financial fraud.
Evidence you will need
- use-case classified high-risk under Annex III(5)(b)
- documented exclusion if the system is fraud-detection only
High-risk: AI for life and health insurance risk and pricing
AI used for risk assessment and pricing of natural persons in life and health insurance is high-risk.
Evidence you will need
- use-case classified high-risk under Annex III(5)(c)
- pricing/risk-model documentation
Source: Regulation (EU) 2024/1689 (EU AI Act). This is general information, not legal advice; the high-risk classification of a specific system is fact-specific and should be confirmed with counsel.
How Kernal helps
Most of these duties are not about whether you comply — they are about whether you can demonstrate it. Human oversight, monitoring, logging, and impact assessments all produce evidence a regulator can ask for at any time. Kernal is the context layer that captures that evidence as the work happens: every interaction logged, the human decision recorded, an oversight chain you can show rather than assert.
The same obligation graph that renders this page is the one the product runs on. The Compliance Cartridge maps your AI systems to the obligations above and assembles the burden-of-proof record continuously, so the answer to "show us" is already structured.
See your finance obligations
Thirty minutes to map your AI usage against the EU AI Act (KI-loven) obligations for finance, and to see how the governance layer supports your programme before the 2 August 2026 deadline.
kernal.andes.no · Andes Labs · Oslo, Norway