Is AI Fraud Detection High-Risk Under the EU AI Act?
Is AI fraud detection high-risk under the EU AI Act? Annex III 5(b) carves it out of the creditworthiness category. Here is what actually applies.
The short answer is: probably not, via the most obvious route. AI systems that detect financial fraud sit inside a category in Annex III that explicitly carves them out of the high-risk classification. That carve-out is narrow and precise — it covers the fraud-detection function specifically, not every system a fintech or bank might deploy. If your system does more than flag fraudulent transactions, or if it operates in a different Annex III area entirely, the picture changes quickly.
This guide works through the Article 6 classification logic, the Annex III Area 5(b) carve-out, the scenarios that can pull a fraud-detection system back into scope, and the obligations that realistically apply to a typical back-end fraud engine.
Is AI Fraud Detection High-Risk Under the EU AI Act?
Annex III of Regulation (EU) 2024/1689 lists the eight areas in which AI systems are presumed high-risk. Area 5 covers access to essential private and public services. Point 5(b) specifically addresses AI systems intended to evaluate the creditworthiness of natural persons or establish their credit score.
Crucially, point 5(b) contains an explicit exclusion: AI systems used for the purpose of detecting financial fraud are carved out of that high-risk category. The regulation draws a functional line between two quite different things. A model that scores whether an applicant is likely to repay a loan — that is an assessment of creditworthiness, and it is high-risk. A model that flags whether a transaction looks fraudulent — that is a fraud-detection function, and it is explicitly excluded from point 5(b).
The distinction matters because the two models may look superficially similar. Both might process financial history, transaction patterns, and behavioural signals. What separates them is the question they are built to answer. Creditworthiness models ask: will this person repay? Fraud-detection models ask: is this transaction genuine? The EU AI Act answers those two questions very differently.
Before resting on the Annex III carve-out, you also need to apply the Article 6(3) filter. Article 6(3) provides that an AI system falling within an Annex III area is still not treated as high-risk if it does not pose a significant risk of harm to health, safety, or fundamental rights. The conditions listed include performing a narrow procedural task, improving the result of a previously completed human activity, detecting decision patterns without replacing or influencing individual human assessments, and performing preparatory work. For a back-end fraud engine that flags transactions for human review, the Article 6(3) filter often points in the same direction as the Annex III carve-out — but these are two separate legal steps, and both should be documented.
One important constraint: the Article 6(3) exemption does not apply to any system that profiles natural persons. If your fraud model builds or applies individual profiles — scoring people rather than transactions — that route to a lower classification closes off.
When Fraud-Detection AI Can Be High-Risk
The Annex III carve-out is a surgical exclusion, not a blanket exemption for anything a company calls fraud detection. Several scenarios can pull a fraud system back into the high-risk stack.
The system also performs creditworthiness scoring. This is the most common edge case. A single model may detect suspicious behaviour and simultaneously feed a risk score that informs whether a customer gets access to a service or credit product. The fraud-detection component benefits from the carve-out; the creditworthiness-scoring component does not. If the outputs of a combined system are used to make or influence decisions about an individual's access to financial services, the creditworthiness function is high-risk under Annex III point 5(b) regardless of what else the system does.
Deployment in a law-enforcement context. Annex III Area 6 covers AI used by law-enforcement authorities, including systems that assess the risk an individual poses in criminal contexts. A fraud-detection system deployed by or for a law-enforcement authority — for example, to identify suspects in financial crime investigations — may fall into Area 6 even if it would be carved out of Area 5(b). The applicable Annex III area depends on who uses the system and for what purpose, not only on what the model technically does.
Biometric elements. If fraud detection relies on biometric verification — facial recognition to confirm that the person initiating a transaction is who they claim to be — Annex III Area 1 comes into play for that component. Real-time remote biometric identification in publicly accessible spaces for law-enforcement purposes is prohibited under Article 5; biometric categorisation based on sensitive attributes is also prohibited. A passive 1:1 biometric check (phone unlock, enrolled face matched to the account holder) is generally minimal-risk. The line matters, and the biometric component needs its own classification.
Article 5 applies regardless of classification. The prohibitions in Article 5 have applied since 2 February 2025 and are not switched off by the Annex III carve-out. A fraud-detection system that operates by assigning social scores to individuals based on their social behaviour or personal characteristics would fall under the Article 5(1)(c) prohibition on social scoring, regardless of what the vendor calls it. Prohibited means prohibited — the fine ceiling is €35,000,000 or 7% of total worldwide annual turnover, whichever is higher (Article 99(3)).
What Obligations Actually Apply
If your fraud-detection AI clears the Article 6(3) filter and the Annex III Area 5(b) carve-out, the full high-risk stack — risk management under Article 9, technical documentation under Article 11, human oversight under Article 14, conformity assessment under Article 43, registration under Article 49 — does not apply. That is a meaningful reduction in compliance workload.
What does apply:
Article 5 screen. Every AI system, whatever its tier, must be checked against the Article 5 prohibitions. For fraud detection, the relevant prohibitions are social scoring (Article 5(1)(c)), systems that exploit vulnerabilities to influence behaviour (Article 5(1)(b)), and any biometric-related prohibitions in Articles 5(1)(e)–(h). This is not a one-time check — the purpose and function of the system should be reviewed whenever the use case changes materially.
Article 4 AI literacy. Since 2 February 2025, every organisation that uses AI in a professional capacity must ensure that the people working with it have a sufficient level of AI literacy — not a statutory certification, but genuine competence proportionate to the role. For a company running a fraud-detection system, that includes the analysts who review model outputs and the risk owners who set thresholds and act on alerts.
GDPR obligations. Fraud scoring of natural persons engages several GDPR duties in parallel with the EU AI Act. GDPR Article 22 covers solely automated decisions that produce legal or similarly significant effects — if your fraud model can decline a transaction or block an account without human review, that is a GDPR Article 22 process. Data minimisation under GDPR Article 5(1)(c) applies to the personal data the model processes. A data-protection impact assessment under GDPR Article 35 may be required where the processing is high-risk within the GDPR's own risk framework, which large-scale fraud-pattern processing often is. GDPR obligations sit alongside the EU AI Act; clearing one framework does not satisfy the other.
Documentation of classification reasoning. Article 6(3) requires providers who rely on the non-high-risk exemption to document their assessment and register it. In practice, this means recording in writing: why the system falls within Annex III Area 5(b); why the fraud-detection carve-out applies; whether the Article 6(3) filter conditions are met; and whether any biometric or profiling elements are present. This is not bureaucratic box-ticking — if a supervisory authority or counterparty questions the classification, the documented reasoning is what you show them.
Article 50 transparency. Article 50 applies from 2 August 2026 to limited-risk systems — primarily chatbots, emotion-recognition interfaces, and synthetic-content generators. A back-end fraud engine that runs invisibly and does not interact with individuals in real time is unlikely to engage Article 50. If the system generates notifications, communications, or decisions that reach individuals and those outputs are AI-generated, the analysis becomes more fact-specific.
What to Do
Classify and document. Run the Article 6 classification for every AI system you build or deploy, including fraud models. Record: which Annex III area, if any, the system touches; whether the fraud-detection carve-out in Area 5(b) applies; whether the Article 6(3) filter is satisfied; and whether any Article 5 prohibitions are in scope. Keep this record current — the classification can change if the system's purpose, outputs, or deployment context changes.
Screen for Article 5. Before anything else, confirm that the system does not cross into prohibited territory. Social-scoring mechanics, behavioural manipulation, and biometric prohibitions are live since 2 February 2025. No classification exercise is complete without this screen.
Check GDPR in parallel. Map the personal data the fraud model processes. Identify whether GDPR Article 22 applies to any automated decisions the model outputs. Consider whether a DPIA under GDPR Article 35 is required. GDPR does not defer to the EU AI Act, and the two frameworks overlap materially for any system that processes personal financial data at scale.
Reassess when the use changes. The carve-out is tied to function, not to the name of the product. If the fraud model's outputs begin to feed creditworthiness decisions, or if the system is extended to a law-enforcement customer, the classification needs to be rerun from scratch. A model that was non-high-risk last year may not remain non-high-risk after a product update.
How Confir Helps
Confir's classification engine is rule-based and deterministic — not an AI or LLM. It encodes the Article 6 classification logic and the Annex III area map in explicit rules, so the same intake produces the same finding every time. For a fraud-detection system, the workflow walks through the Article 5 screen, the Annex III Area 5(b) analysis including the fraud-detection carve-out, and the Article 6(3) filter. Where the system is non-high-risk, Confir records the reasoning in a classification record you can show to a DPO, an auditor, or a counterparty in a vendor-assessment process.
For combined systems that have both fraud-detection and creditworthiness components, Confir flags the mixed-function scenario and derives the obligations for each component separately. The full high-risk stack applies to the creditworthiness function; the lighter set applies to the carved-out fraud-detection function.
Pricing starts at €600/year at confir.eu, with self-serve checkout and no consultants.
Frequently Asked Questions
Is a transaction fraud-detection model automatically non-high-risk under the EU AI Act?
Not automatically, but the default starting point is favourable. Annex III Area 5(b) explicitly excludes AI systems used for the purpose of detecting financial fraud from the creditworthiness high-risk category. If the system solely detects fraud, does not profile individuals in a way that triggers the Article 6(3) proviso, and passes the Article 5 screen, it sits below the high-risk threshold. The Article 6(3) filter still needs to be applied and documented.
What if the fraud model and the credit-scoring model are the same system?
If a single system performs both functions, the creditworthiness-scoring function is high-risk under Annex III point 5(b). The fraud-detection carve-out covers only the fraud-detection output. Practically, you would need to assess whether the outputs are separable, and the high-risk obligations — including Article 9 risk management, Article 11 technical documentation, Article 14 human oversight, and Article 43 conformity assessment — apply to the creditworthiness component. If separation is not feasible, treat the system as high-risk overall.
Does GDPR Article 22 apply to automated fraud decisions?
Yes, if the system makes or contributes to automated decisions that produce legal or similarly significant effects on individuals — blocking an account, declining a payment, flagging an account for restriction — GDPR Article 22 is engaged. The individual is entitled to human review, an explanation, and the right to contest the decision. The EU AI Act and GDPR run in parallel; clearing the AI Act classification does not discharge the GDPR obligations.
When do the high-risk obligations apply if a fraud model is classified as high-risk?
For stand-alone high-risk AI systems in the Annex III list (which includes the creditworthiness category), the full high-risk stack applies from 2 December 2027, under the Digital Omnibus political agreement reached in May 2026. The original date of 2 August 2026 has been deferred. Article 5 prohibitions and Article 4 AI literacy have applied since 2 February 2025 — those were not deferred.
Does the carve-out apply if the fraud system is deployed by a law-enforcement authority?
The Annex III Area 5(b) carve-out removes fraud-detection AI from the creditworthiness high-risk category. It does not remove the system from Annex III Area 6, which applies to AI used by law-enforcement authorities. A fraud system deployed in that context needs a separate Area 6 analysis. Depending on its function, it may be high-risk under Area 6 even though it would be carved out under Area 5(b).
What documentation is needed even for a non-high-risk fraud system?
Article 6(3) requires providers relying on the non-high-risk exemption to record the assessment in writing. The record should cover: the Annex III area analysis, the fraud-detection carve-out reasoning, the Article 6(3) filter conditions, and any Article 5 screen findings. This does not require the full Annex IV technical documentation pack that high-risk systems need, but it should be substantive enough to withstand scrutiny from a market-surveillance authority or a customer conducting vendor due diligence.
Related guides
- Credit scoring AI and the EU AI Act
- Fintech AI compliance under the EU AI Act
- EU AI Act risk classification: the four tiers explained
- Annex III: the high-risk use-case list
- Article 6: how high-risk classification works
- Is my AI system high-risk? A classification walkthrough
Manage your EU AI Act compliance in one place
Confir automates risk classification, technical documentation, and audit trails for any company. No consultants. No 6-month projects. 7-day free trial.
Start free trial →