Reg (EU) 2024/1689Generate dossier — €249

Your fintech uses an algorithm to assess borrower creditworthiness. Annex III.5(a) of Regulation (EU) 2024/1689 classifies that system as high-risk. Article 11 requires you to document it.

Annex III, point 5(a) is explicit: AI systems intended to evaluate the creditworthiness of natural persons or establish their credit score are high-risk. It does not matter whether it is logistic regression, gradient boosting, or a neural network. If it produces a score that influences lending decisions, Article 11 requires technical documentation under Annex IV. Nine documentation blocks. AICheck generates them in 45 minutes from your data. €249 one-time. Everything runs in your browser.

Generate Annex IV dossier — €249Free: check if your system is high-risk

€249 one-time · 12-document ZIP · 45 minutes · Browser-side

Regulation (EU) 2024/1689 · Article 11 + Annex IV · 12 documents · 100% browser-side — your data never leaves your device

Credit scoring and the AI Act: the numbers

Regulation (EU) 2024/1689 explicitly classifies creditworthiness assessment systems as high-risk. European fintechs have until 2 August 2026 to document all production systems that fall under Annex III.5(a). The EBA flagged AI-driven credit scoring as a supervisory priority in its November 2025 report.

Annex III.5(a)
Explicit classification: credit scoring = high-risk
€15M / 3%
Maximum fine for non-compliance with high-risk obligations. Art. 99.4
9 blocks
Annex IV documentation points your technical file must cover

What AICheck does with your credit scoring system

You enter your system's data. AICheck structures the documentation per all nine Annex IV points.

1
Company data
Legal name, role under the Regulation (provider), fintech sector, market of deployment.
2
Article 5 check
Confirms your scoring system does not fall under prohibited practices (subliminal manipulation, public social scoring).
3
Annex III classification
Confirms category 5(a): systems intended to evaluate the creditworthiness of natural persons or establish their credit score.
4
Annex IV points 1–5
General description, intended purpose, hardware interaction, previous versions, system dependencies.
5
Annex IV points 6–9
Training and validation data, performance metrics, risk management system, human oversight measures.
6
EU Declaration of Conformity
Per Article 47 and Annex V. Signable document accompanying the technical documentation.
7
ZIP download
12 PDF documents ready for regulatory filing and audit. Generated in your browser. No data leaves your device.

Three mistakes fintechs make with the AI Act

COMMON MISTAKE

"Our system is not AI, it's a statistical model"

Article 3(1) of Regulation (EU) 2024/1689 defines AI system broadly: a machine-based system that infers outputs that can influence decisions. A logistic regression or random forest that evaluates creditworthiness and produces a score influencing credit decisions fits the definition. It does not matter what you call it internally.

COMMON MISTAKE

"We have ISO 27001 and SOC 2, that covers the AI Act"

ISO 27001 covers information security. SOC 2 covers organizational controls. Annex IV of the Regulation requires AI-specific documentation: training data description (point 2(d)), performance metrics and limitations (point 3), bias analysis (point 2(g)), human oversight measures (point 4). These are separate obligations with no overlap with existing security certifications.

COMMON MISTAKE

"We only do pre-scoring, the bank makes the final decision"

Annex III.5(a) classifies as high-risk systems intended to evaluate creditworthiness, not only those making the final decision. If your fintech produces the score the bank uses to decide, you are the AI system provider. The Article 11 documentation obligation is yours. The bank is the deployer — they have different obligations (Art. 26), not yours.

What the ZIP contains

12 PDF documents generated from your data. Each cites the specific article of Regulation (EU) 2024/1689 it complies with.

1

Risk Classification

Identifies your system as high-risk under Annex III.5(a) and determines your role as provider. Art. 6 + Annex III.

2

Annex IV Technical Documentation

All 9 Annex IV points: description, purpose, training data, metrics, risks, human oversight. Art. 11 + Annex IV.

3

EU Declaration of Conformity

Signable document per Art. 47 and Annex V. Declares conformity with Chapter III obligations.

4

Compliance Calendar

Key dates: 2 Aug 2026 (Annex III), post-market monitoring obligations, review deadlines. Art. 111.

5

Conformity Sheet

Executive summary of your system's compliance status for authorities or clients.

6

Quality Management System (QMS)

QMS document structure required by Art. 17 for providers of high-risk AI systems.

7

Deployer Instructions

Document you deliver to the bank or financial entity deploying your system. Content required by Art. 13.

8

Evidence Checklist

Verifiable list of evidence supporting each Annex IV point. Basis for internal audit.

9

Incident Template

Serious incident notification protocol per Art. 73. Includes deadlines and reporting channels.

10

AI Literacy Programme

AI training plan for involved personnel per Art. 4 of the Regulation.

11

Provider–Deployer Clauses

Model contractual clauses between provider and deployer for Chapter III responsibility allocation.

12

Risk Committee Minutes

Template for documenting risk management committee meetings required by Art. 9.

Generated from your data, in your browser. No data leaves your device.

What you pay

🧾 AI ACT CONSULTANCY FOR FINTECHS
€8,000–€15,000
3–6 months. Generic report.
✓ AICHECK
€249
12-document dossier. 45 min.

Technical documentation and audit: two layers

● LAYER 1

Annex IV technical documentation

12 docs. 45 min. €249. The documentation your system needs before market placement.

∅ LAYER 2

Conformity assessment by notified body

If your scoring system falls under Art. 43.1, you may need third-party assessment. Separate process. AICheck does not replace it.

We do not sell audits. We do not sell consulting. We sell the tool that structures your documentation per Annex IV.

Enforcement regime

Article 99 of Regulation (EU) 2024/1689.

🇪🇺
Non-compliance with prohibited practices
€35M / 7%

Art. 99.3. Up to €35 million or 7% of worldwide annual turnover, whichever is higher. For SMEs: the lower of the two.

🇪🇺
Non-compliance with high-risk obligations
€15M / 3%

Art. 99.4. Includes failure to produce technical documentation per Art. 11 and Annex IV.

🇪🇺
Supply of false or incomplete information
€7.5M / 1%

Art. 99.5. Applies if submitted documentation contains incorrect or misleading data.

Alternatives

AlternativeCostWhat you get
Regulatory consultancy for fintechs€8,000–€15,0003–6 months. Tailored report.
Specialised law firm€5,000–€12,000Legal opinion. No technical documentation.
Ignore AI Act€0 nowUp to €15M fine later
AICheck€24912 documents, 45 min

Running multiple scoring models in production?

If you need documentation for 5 or more systems, email us for volume pricing: hello@solidwaretools.com.

Request Volume Pricing
One-business-day response

What AICheck guarantees and what it does not

AICheck generates a document structured under Article 11 and Annex IV of Regulation (EU) 2024/1689 based on the information you enter. The truthfulness, accuracy and completeness of that information is your responsibility as provider of the AI system.

We guarantee that the document structure follows Article 11 and Annex IV of Regulation (EU) 2024/1689 and that the legal references cited are correct as of the latest verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case, nor by a commercial buyer in a procurement process.

AICheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions — Credit scoring and the AI Act

Does a logistic regression model for scoring count as an AI system under the Regulation?
Yes. Article 3(1) of Regulation (EU) 2024/1689 defines AI system as a machine-based system that infers outputs that can influence decisions. A logistic regression, random forest, or neural network that evaluates creditworthiness and produces a score influencing credit decisions fits the definition, regardless of technical complexity.
What if my fintech only does pre-scoring and the bank makes the final decision?
You are still the provider of the high-risk AI system. Annex III.5(a) of Regulation (EU) 2024/1689 classifies as high-risk systems intended to evaluate the creditworthiness of natural persons, not only those making the final decision. If your system produces the score the bank uses, your system is in scope. The Article 11 documentation obligation is yours as provider.
Does ISO 27001 or SOC 2 cover AI Act obligations?
No. ISO 27001 covers information security. SOC 2 covers organizational controls. Annex IV of Regulation (EU) 2024/1689 requires AI-specific documentation: training data description (point 2(d)), performance metrics (point 3), bias analysis (point 2(g)), human oversight (point 4), and risk management (point 1). These do not overlap with existing security certifications.
Does the August 2026 deadline apply to fintechs already in production?
Yes. Article 111.2 of Regulation (EU) 2024/1689 provides that high-risk obligations under Annex III apply from 2 August 2026, both for new systems and for already marketed systems that are significantly modified. If your scoring system is in production and changes model, data, or purpose, all obligations apply, including Annex IV technical documentation.
Is the EBA involved in AI Act enforcement for fintechs?
The EBA flagged AI-driven credit scoring as a supervisory priority in its November 2025 report. However, primary enforcement under Regulation (EU) 2024/1689 rests with national market surveillance authorities (e.g. AESIA in Spain, BaFin-adjacent in Germany). The EBA provides sector-specific guidance, not direct enforcement.
Is this a subscription?
No. One-time payment. The licence includes 30 days of editing and 10 regenerations. The downloaded PDF is yours to keep.
Can I request a refund?
Under Article 16.m of Directive (EU) 2011/83 on consumer rights, by activating the licence you give express consent for the immediate generation of the digital content and waive the 14-day withdrawal period. Refunds are accepted only for verifiable reproducible technical failures.
What if the regulation changes?
If the regulation changes during the validity of your licence, you may regenerate the document with the updated version of the generator at no additional cost.

Official legal sources

⚠️ Important notice: AICheck is a self-assessment documentation tool, not legal advice and not a third-party audit. The document under Article 11 and Annex IV of Regulation (EU) 2024/1689 is generated from your input data. You are responsible for the accuracy of the data you provide. AICheck does not replace a qualified professional assessment.

Skip the consultancy queue. Generate the Annex IV dossier for your credit scoring system in 45 minutes.

Twelve documents. Annex IV fully structured. Regulation (EU) 2024/1689. Your data stays on your device. The ZIP you download is yours forever.

€249 one-time
12-document professional dossier · 45 minutes · No subscription · Browser-side
Generate Annex IV dossier — €249

Related landings

🏦 Fintech

High-risk AI system credit scoring EU regulation
🏦 Fintech

Credit scoring AI Act Annex III technical documentation
🏦 Fintech

Annex IV documentation fintech AI system
✓ Last regulatory check: 28 April 2026 · No substantive changes detected · View history