EU AI Act for Finance Professionals: What CFOs, Controllers and Compliance Teams Need to Know

EU AI Act: The Finance Function Implications

The EU AI Act introduces a risk-based classification framework for AI systems. Finance professionals need to understand two categories particularly relevant to their work:

High-risk AI systems: AI used in credit scoring and assessment of creditworthiness (Annex III, point 5(b)); AI used in insurance and financial services pricing (Annex III, point 5(a)); and AI used in employment and HR management (Annex III, point 4) affecting finance staff. High-risk AI systems require conformity assessments, technical documentation, logging systems, transparency measures and human oversight mechanisms. CFOs overseeing these systems have specific governance obligations.

General purpose AI (GPAI) models: Tools like ChatGPT, Copilot and Claude used in finance workflows are general purpose AI models subject to transparency requirements. Finance teams using these tools to generate financial analysis, draft reports or support decisions need clear policies on appropriate use, human review of outputs, and documentation of AI-assisted processes.

What Finance Professionals Need to Do

By August 2026, organisations using high-risk AI in finance functions must: complete conformity assessments for in-scope AI systems; establish AI governance policies and oversight procedures; implement logging and monitoring for high-risk AI decisions; ensure affected employees are appropriately trained; and register systems in the EU AI Act database where required.

CFOs are responsible for ensuring these obligations are met for finance function AI. Compliance officers and internal auditors play key roles in assessing AI governance. Controllers are often involved in documenting AI-assisted close and reporting processes.

Frequently Asked Questions

What does the EU AI Act mean for CFOs?

CFOs must: identify AI systems used in the finance function and classify them under the EU AI Act risk framework; ensure high-risk AI systems have appropriate governance, documentation and human oversight; establish policies for GPAI tool use (ChatGPT, Copilot) across the finance team; and report material AI risks in financial statements where relevant. AI training for CFOs should provide practical coverage of these obligations.

Does the EU AI Act apply to Irish and UK companies?

The EU AI Act applies to organisations placing AI systems on the EU market or using them in the EU, regardless of where the organisation is headquartered. Irish companies are directly in scope as EU entities. UK companies with EU customers or operations are also affected for those EU-facing activities. The Act is already in force (August 2024) with a phased implementation timeline.

What AI governance frameworks should finance teams implement?

Finance teams should implement: an AI use policy covering approved tools and permitted use cases; a review and sign-off process for AI-generated financial analysis before use; documentation standards for AI-assisted processes in the working paper file; model risk management processes for AI models used in financial calculations; and training records demonstrating staff competency in appropriate AI use. Learnsignal's AI governance module covers each of these elements.