The European Union (EU) is emerging as a global standard-setter for responsible innovation, actively constructing a comprehensive digital ecosystem rooted in trust, ethics, and resilience. This commitment is evident in a recent surge of regulatory initiatives, including consultations on high-risk AI systems and data use, a new international digital strategy, guidelines from the European Data Protection Board (EDPB) on cross-border data transfers, and a European Parliament report on AI in the financial sector. For banks, this concerted effort signals a pivotal shift: compliance is no longer a siloed function but a strategic imperative. Navigating this evolving landscape demands a holistic approach to innovation—one that aligns with regulatory expectations while unlocking long-term value and building enduring resilience.
Recent regulatory developments
The five key recent announcements from EU regulators support this vision for a resilient and responsibly innovative digital future:
Consultation on high-risk AI systems (open until July 18, 2025): The European Commission (EC) has launched a consultation on implementing the AI Act's stringent rules for high-risk AI. For banks, AI models in critical functions like credit scoring, risk assessment, and pricing are likely to be classified as high-risk. This necessitates rigorous standards for data quality, human oversight, transparency, and accuracy. This consultation is a vital step in defining practical compliance guidelines, directly impacting how banks develop, deploy, and govern their AI models ahead of the classification guidelines by February 2, 2026, and the applicability of high-risk provisions under the AI Act from August 2, 2026.
Consultation on use of data in AI (open until July 18, 2025): This EC consultation is a cornerstone of the forthcoming Data Union Strategy and integral to the broader "AI Continent Action Plan." It aims to shape data availability and utilization for AI development by addressing the need for high-quality, interoperable datasets, streamlined data rules, and trusted cross-border data flows, particularly for generative AI. For banks, this directly impacts their ability to access, govern, and leverage large datasets for AI-driven solutions, affecting model development, data quality, and the overall resilience of AI initiatives amid stringent data privacy mandates. The full Data Union Strategy is anticipated in Q3 2025.
International digital strategy of EU (to support digital transition globally): The EC and the High Representative have unveiled a joint vision to strengthen the EU's international digital cooperation. This strategy aims to solidify the EU's global digital leadership by promoting a rules-based digital order. It prioritizes strengthening digital partnerships for collaboration on emerging technologies (like AI and quantum computing), enhancing international cybersecurity cooperation, combating online harms through alignment on platform regulation, and advancing interoperable frameworks for data governance and digital identity (like EU eID Wallet and e-signatures) to simplify cross-border digital interactions. For banks, this fosters a more predictable, secure, and values-aligned global digital environment, crucial for international digital expansion and building trust, while providing resilience against regulatory fragmentation.
Guidelines on cross-border data transfers (Article 48 GDPR): The EDPB has finalized guidelines clarifying how EU organizations, including banks, must handle requests from non-EU authorities for personal data. This guidance reaffirms that such transfers are generally only permissible if based on an international agreement (like a Mutual Legal Assistance Treaty). This reinforces the principle that foreign judgments or administrative decisions cannot directly override GDPR safeguards. For global banks accustomed to cross-border data requests, this mandates a significant strengthening of their data governance frameworks and legal protocols to ensure strict GDPR compliance, thereby enhancing resilience and protecting client data integrity.
Draft report on AI impact on financial services (from European Parliament): This non-binding report from the Committee on Economic and Monetary Affairs (ECON) acknowledges the benefits of AI in finance (for example, fraud detection, AML) but highlights concerns about regulatory overlaps and systemic risks. It calls for clear EC guidance on applying existing financial regulations to AI, promoting consistent definitions across legislative frameworks, and simplifying the regulatory framework to avoid duplicative requirements for financial institutions. For banks, this report signals a parliamentary push for a streamlined, coherent regulatory environment, urging integrated governance strategies that bolster resilience by aligning with existing financial regulations rather than through new sector-specific AI laws.
Building resilience through responsible innovation
These five recent EU digital developments, while distinct, collectively affirm the EU's commitment to establishing itself as a global standard-setter for value-driven digital governance. For global banks, this evolving landscape presents a clear strategic imperative: to build enduring resilience through responsible innovation. This involves a multifaceted approach, including proactively embedding robust AI governance frameworks. Key elements include investing in comprehensive data governance for AI training, ensuring diligent human oversight, and maintaining meticulous documentation—all vital for the reliability and trustworthiness of AI-driven financial processes like credit risk assessment and stress testing. By embracing these principles, banks can navigate the digital crossroads, transforming regulatory challenges into opportunities for strategic advantage and sustainable growth.
Related links
LEARN MORE
Innovating with purpose
Moody’s is incorporating cutting-edge technologies, such as artificial intelligence, to help banks meet their existing challenges more effectively.