Credit Scoring Under Annex III: Are You the Provider or the Deployer?
Most banks buy their scoring models rather than build them, and conclude from that they are deployers with a light obligation set. Many of them are wrong, and they are wrong for a reason nobody warned them about: Article 25.
First, what is actually high-risk
Annex III names the high-risk use cases outright. For a financial institution, the list is shorter and stranger than the internal scoping deck usually suggests. Two entries are specific to finance:
- Point 5(b) — AI used to evaluate the creditworthiness of natural persons or establish their credit score.
- Point 5(c) — AI used for risk assessment and pricing in life and health insurance.
Two more catch you as an employer rather than as a bank: point 4 (recruitment, CV screening, worker evaluation) and point 1 (biometric identification and categorisation).
The exception is narrow, though. If the same model also feeds a creditworthiness decision, or profiles individuals in a way that reaches another Annex III point, it comes straight back into scope. Classify by intended purpose, system by system, not by team or by department.
Deployer or provider: the question that sets your cost
Assume the model is high-risk. What you owe now depends entirely on your role, and the gap between the two roles is enormous.
| Deployer (Art. 26) | Provider (Art. 16) | |
|---|---|---|
| You are this if | You bought the system and use it as delivered | You built it — or Article 25 flipped you |
| Quality management system | No | Yes |
| Conformity assessment | No | Yes, before it goes into service |
| CE marking | No | Yes |
| EU database registration | No | Yes |
| Technical documentation (Annex IV) | No | Yes |
| Human oversight | Assign competent people | Design it into the system |
| Logs | Keep them | Make the system produce them |
| Inform affected people | Yes | — |
| Post-market monitoring | Monitor operation | Full programme |
Article 25: the trapdoor
Here is the provision that catches banks. Under Article 25, a deployer becomes the provider — inheriting the entire right-hand column above — if it does any of three things to a high-risk system:
- Puts its own name or trademark on it. White-labelling a vendor scoring engine as "our internal decision model" can be enough.
- Substantially modifies it.
- Changes its intended purpose. Buying a system marketed for one use and deploying it for another.
The second one is where the damage is done. Fine-tuning a purchased credit-scoring model on your own loan book is a substantial modification. It is also the single most natural thing for a bank to do: the vendor model is trained on a market, yours needs to reflect your portfolio. Teams do it as a matter of course, treat it as configuration, and never revisit the regulatory classification.
The result is an institution that procured a vendor, assumed the vendor held the conformity assessment and the CE marking, and is in fact the provider of an unassessed, unmarked, unregistered high-risk AI system. Deployer penalties and provider penalties sit in the same tier — up to €15m or 3% of worldwide turnover under Article 99 — but the provider has vastly more to get wrong.
What to put in the contract
Your DORA third-party pack (Articles 28-30) already gives you audit rights, sub-outsourcing controls, incident cooperation and exit provisions. It does not give you what the AI Act needs. Add:
- A warranty that the provider has completed the conformity assessment and affixed the CE marking, with the declaration of conformity supplied.
- The technical documentation and the instructions for use, in a form you can actually act on — Article 26 requires you to use the system according to them.
- A notification duty when the provider substantially modifies the system.
- An explicit statement of the intended purpose, so that any drift on your side is visible as a change.
- A clause requiring the provider to tell you if your configuration would, in their view, constitute a substantial modification. They know the model; you know your use. Neither of you sees the Article 25 line alone.
Getting your own answer
Our free AI Act exposure check asks the role question directly and flips the verdict to provider obligations when the answers warrant it — which, in our experience of running it, is more often than teams expect. The full picture of what this adds to a DORA programme is on the AI Act hub for financial institutions.
For the underlying text, our sister site regulation-ai.eu carries Article 25 on responsibilities along the AI value chain, Article 26 on deployer obligations, and the full Annex III list.
This article is analytical guidance for compliance and legal teams, not legal advice. References: EU AI Act (Regulation (EU) 2024/1689), the Digital Omnibus on AI (Council green light, 29 June 2026), DORA (Regulation (EU) 2022/2554), and the Commission guidelines on GPAI of 18 July 2025.