AI & Compliance· Explainer· 7 Jul 2026· 2 min read

The EU AI Act is live for high-risk systems — here's what Swiss financial institutions actually have to do

AI-generated content.This article was drafted by AI from public news and reviewed for direction. It reflects Operal's perspective, is for general information only, and is not legal, financial or investment advice.

Switzerland isn't in the EU — but the EU AI Act still reaches you. Like the GDPR before it, the Act applies extraterritorially: if the output of your AI system is used in the EU, you're in scope. For Swiss banks, insurers and asset managers with EU clients or branches, that's most of the book.

The uncomfortable part is the classification. "High-risk" isn't just facial recognition and self-driving cars. It explicitly includes AI used to evaluate creditworthiness, to price and underwrite life and health insurance, and certain uses in employment and access to essential services. A "simple" chatbot can also trigger transparency duties. Many institutions are running high-risk AI without having named it as such.

What a board should be doing now

  • Inventory every AI use — including the pilots and the shadow tools a team spun up on a SaaS account.
  • Classify each one against the Act's risk tiers (prohibited, high-risk, limited, minimal).
  • For anything high-risk, put the controls in place: human oversight, logging and traceability, data governance, technical documentation, and clear user transparency.
  • Assign ownership. "Compliance will look at it later" is how you end up retrofitting — the most expensive way to do this.

Why this is our whole thesis

None of this is a reason to avoid AI. It's a reason to build it properly the first time. At Operal we call it Jurisdictional Integrity: systems that are source-grounded ("no source, no answer"), auditable end-to-end, human-overseen, and Swiss-hosted by default.

That isn't a slide we made for the AI Act. It's how we built the award-winning compliant chatbot for ASGA Pension fund — thousands of member queries answered 24/7, every answer traceable — well before "high-risk obligations" was a line item on anyone's roadmap.

The firms that treated compliance as the architecture, not the afterthought, don't have a scramble ahead of them. They have a head start.

In context of: European Commission — Regulatory framework on AI
Photo via Pexels

Turning a headline into a system?

That's what we do — compliant, Swiss-hosted, audit-ready.

Book a consultation →2-min readiness check
← All insights