From 2 August, a German insurer’s pricing model and a bank’s credit-scoring engine will sit under two of Europe’s heaviest rulebooks at once. The notable part is not the count of rules. It is who reads them. Both files land on the same desk — BaFin’s — and the regulator has spent the past six months wiring them together so that one inspection answers both questions.
This is a shift in supervisory architecture, not just compliance load. Germany has decided that the authority already policing your IT resilience will also police whether your AI is safe to sell. For deployers, the two regimes stop being parallel tracks and become one supervisory relationship with two legal hooks.
The first hook: AI is already ICT
The groundwork went in quietly. On 18 December 2025, BaFin issued guidance stating that AI systems are “network and information systems” and therefore fall inside the full ICT risk-management framework of the Digital Operational Resilience Act — Articles 5 to 15, the core of DORA. The guidance applies to CRR credit institutions and Solvency II insurers, which is most of the regulated balance sheet in Germany.
That single classification does a lot of work. It means a bank’s machine-learning models are not a separate AI problem to be solved later; they are ICT assets that must already appear in the firm’s risk inventory, including “shadow AI” and models buried inside purchased software. BaFin’s guidance demands continuous monitoring of model drift with thresholds that trigger alarms, formal development and version control, adversarial and stress testing, third-party exit strategies that avoid vendor lock-in, and — the line that matters most for what follows — “detailed logging enabling reconstruction of every decision.”
DORA’s enforcement teeth were already live. The regulation has applied since January 2025, and BaFin has spent this year escalating IT inspections with AI risk explicitly in scope. So the ICT hook is not theoretical. It is the existing supervisory channel, and AI has been pulled into it.
The second hook: BaFin becomes the AI Act surveillance authority
The newer development is the one that completes the consolidation. Germany’s AI Implementation Act — the KI-MIG, approved by the federal cabinet on 11 February 2026 — sets up a hybrid model. The Bundesnetzagentur is the default market-surveillance authority and the single point of contact for the EU AI Office. But sector-specific responsibilities carve out, and BaFin keeps the financial sector. It will supervise high-risk AI systems tied to regulated financial activity.
What counts as high-risk here is not marginal. Under the AI Act’s Annex III, credit scoring is high-risk “regardless of whether the AI system makes final decisions autonomously or supports a human decision-maker,” and insurance pricing and eligibility models for individuals are high-risk too. These are not exotic systems. They are the underwriting and lending cores of every German bank and insurer.
The obligations attach on a hard date. From 2 August 2026, newly deployed high-risk systems must meet the AI Act’s full requirements at deployment; legacy systems get until 2 February 2027, but any significant modification can strip that grace period. BaFin has said it will write its own cybersecurity testing guidelines for high-risk AI, agreed with the Bundesnetzagentur. In other words, the financial supervisor is not waiting to receive a finished rulebook — it is drafting the AI-specific parts itself.
Why one desk changes the evidence
Here is the practical consequence, and it is where the two regimes collapse into one. Look at what each rulebook demands as proof, and the documents are nearly the same.
DORA, via BaFin’s December guidance, requires the AI inventory, drift logs, decision-reconstruction logging, and lifecycle documentation of model versions and effects. The AI Act, for high-risk systems, requires complete technical documentation before deployment: system description and purpose, design choices, training and validation data, risk assessments, performance and accuracy metrics, human-oversight measures, and cybersecurity controls — maintained and updated across the lifecycle, never as a post-deployment exercise.
A German lender’s credit model now produces one evidence file. BaFin reads it twice — once as an ICT asset, once as a high-risk system.
That overlap is the story. The logging that proves operational resilience under DORA is the same logging that proves traceability under the AI Act. The model documentation that satisfies an ICT inspection is the same documentation a market-surveillance review will demand. A firm that built these artifacts to clear DORA in 2025 has already built most of what the AI Act asks for in 2026 — provided the work was done properly the first time.
And the inspector is the same person. That removes a familiar arbitrage. A firm cannot present a polished resilience story to one regulator and a thinner AI-governance story to another, because there is no other regulator. BaFin can cross-reference its own ICT findings against its own AI-Act review. An incident logged under DORA’s major-ICT-incident reporting and a malfunction relevant under the AI Act’s serious-incident regime will reach the same supervisory inbox, and inconsistency between the two will be visible immediately.
What deployers should actually do
The instruction that follows is narrow. Treat the December DORA guidance as the spine of AI Act readiness, not a separate exercise. The single most valuable artifact is decision-level logging that can reconstruct any individual model output — it is mandatory under DORA already and load-bearing for the AI Act’s traceability and human-oversight requirements. Build the model inventory once, including shadow AI, and tag each system with both its ICT classification and its Annex III status, so a single register answers both supervisory questions.
The firms that struggle after 2 August will not be the ones that lacked an AI policy. They will be the ones whose DORA evidence and AI Act evidence tell different stories about the same model — and who now have to explain the gap to a supervisor that has read both. In Germany, that supervisor is one desk, and it has already started reading.
Discussion
Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.