With no grace period or implementation pause, payment providers face mounting pressure to meet the EU’s AI compliance deadlines, covering generative models, fraud detection, and biometric verification.
Despite calls from Big Tech companies to delay the changes to the European Union’s (EU) AI Act, a Commission spokesperson stated on July 4 “there is no pause” on its implementation.
Facebook, Google and Meta are just some of the tech companies calling for more time for the AI Act to be revised in order to comply upon its impending launch. EU spokesperson Thomas Regnier quickly dismissed this attempt.
“I’ve seen, indeed, a lot of reporting, a lot of letters and a lot of things being said on the AI Act,” said Regnier at a press conference.
“Let me be as clear as possible, there is no stopping the clock. There is no grace period. There is no pause.”
The EU officially rolled out the first iteration of the AI Act in August 2024 as a framework to mitigate risk associated with implementing AI. Regulators provided a specific transparency risk-based model for companies to acknowledge before implementing.
In February 2025, the EU began rolling updates to the legislation; this included rules around prohibiting unlawful AI practices and literacy. The AI Act is also set to introduce governance rules and obligations for general-purpose AI models in August 2025.
Over the next two years, two further provisions will be rolled out in August 2026 and 2027, which will include the aforementioned obligations for high-risk AI models, as well as allowing an extended transition period for high-risk models.
Under Article 6 of the AI Act, the EU classifies a high-risk AI model if it is being used as a safety component of a product, or if it is a product that is listed in Annex III. An Annex III listed AI model is required to follow strict and specific obligations related to accountability, transparency and safety.
Regnier maintained the August 2025, 2026 and 2027 implementations will remain on schedule in spite of concerns around cost of implementation flagged by tech companies.
Why payments companies need to take note
The AI Act will be of particular interest to European financial service providers and banks as the integration of AI models has significantly ramped up across the finance sector in recent years.
Fintechs such as Starling Bank have recently integrated Generative AI models like Google’s Gemini to assist in customer queries, while French bank BNP Paribas has enlisted the support of Mistral AI to develop models which secure customer data from within the bank’s infrastructure.
As Starling operates digitally in France, Germany and the Netherlands, its usage of Gemini will be subject to checks from the EU in regards to the EU AI Act.
In a blog post from June 2024, Google stated its “AI Act readiness program is focused on ensuring our products and services align with the Act’s requirements while continuing to deliver the innovative solutions our customers expect. This is a company-wide initiative that involves collaboration among a multitude of teams”.
For banks like BNP Paribas, the EU AI Act covers provisions regarding the usage of AI pertaining to consumer credit and mortgages. Banks have been rolling out AI agents to automate the information collection process of consumer credit checks, as well as being used for the mortgage application process to handle large amounts of documents.
While AI has greatly accelerated both processes, it handles a lot of sensitive customer information that if not trained properly could result in potential data hacks and leaks.
Article 10 of the AI Act obligates companies to train their native or integrated AI models to regularly evaluate the training, validation and testing of datasets processed by the model to meet the Act’s quality requirements.
Needed AI-fraud oversight?
Financial service companies may also be subject to certain biometric verification guidelines. This comes as the surge in AI-related fraud cases have significantly increased and companies have been using AI to mitigate this.
There are guidelines on how biometric categorisation systems will be based on certain sensitive characteristics, untargeted scraping of facial images and social scorings.
When it pertains to using real-time biometric AI technology to identify potential fraud crimes, the AI Act states it can be used in public spaces for law enforcement under strict conditions. These conditions are for serious crimes and court approvals which relate to payment and financial companies.
Speaking to Payment Expert when the EU AI Act enforced its first phase in February 2025, Mario Joannou, Head of Digital Risk and Privacy at payabl., believed the introduction of the Act brings an end to an era of “opaque, black-box AI”.
He said: “The shift isn’t just about avoiding fines or regulatory checkboxes, it’s about redefining how AI operates in financial decision-making.
“Credit scoring, fraud detection, and customer authentication – until now dominated by complex machine learning models – must now be built with interoperability at their core. Regulators and customers must be able to understand the ‘why’ behind every decision.”