A European Bank Just Asked Whether Your AI Fraud Detection Tool Is Registered in the EU AI Act Database: Answering the Article 60 Registration Questions
A European Bank Just Asked Whether Your AI Fraud Detection Tool Is Registered in the EU AI Act Database: Answering the Article 60 Registration Questions
The question came from a compliance officer at a Dutch retail bank. Your fintech company had been selling AI-powered transaction fraud detection to European financial institutions for two years. No customer had ever asked this before. Now one did:
"We require confirmation that your AI system is listed in the EU AI Act database under Article 60. If it is not yet registered, please provide a registration timeline and the relevant fields that will be submitted. This is required before we can proceed to contract."
You had heard of the EU AI Act database. You did not know it was a procurement requirement.
It is. Here is what Article 60 requires and how to answer.
What the EU AI Act Database Is
Article 60 of the EU AI Act establishes a public EU-wide database of high-risk AI systems. The database is operated by the European Commission and is publicly searchable. Providers of high-risk AI systems are required to register their systems in the database before placing them on the market in the EU or putting them into service.
For a fraud detection AI system in financial services, classification as high-risk is highly likely. Annex III Category 5 covers AI systems used in the areas of administration of justice and democratic processes — but more directly, an AI system that makes or informs decisions about financial transactions affecting individuals may fall under Annex III Category 5(b) or be captured under the broader risk-based provisions.
The practical question is not whether the database exists. It does. The question is: are you in it?
What Article 60 Registration Requires
To register your system, you provide the following information in the EU AI Act database:
Provider identity: Your company name, registration number, and contact point for the purposes of the regulation.
System name and version: The specific system being registered, including version number. If you release material updates, you may need to re-register or file an update.
Intended purpose: A description of what the system does — in this case, fraud detection — and the specific deployment context (transaction screening, account takeover detection, and so on).
General description of the system: A non-technical overview of how the system operates, what inputs it uses, and what outputs it produces.
Conformity assessment information: Whether the system underwent a third-party conformity assessment or a provider self-assessment under Article 43, and the reference number of the certificate (if applicable).
EU Declaration of Conformity: A reference to your Declaration of Conformity under Article 47.
Status: Whether the system is on the market, in service, or withdrawn.
The database entry is not a technical deep-dive. It is a public-facing registration record. Think of it as the equivalent of a company registration — a public declaration that this system exists, who made it, and that the maker has assessed it against EU AI Act requirements.
How to Answer the Bank's Question
The bank's compliance officer needs three things:
First: Confirmation of whether you are registered. If you are, provide your database entry reference number and a link to the public record. The database is searchable by provider name and system name.
Second: If you are not yet registered, a clear explanation of why (for example: the registration obligation applies from the date enforcement begins for your system category, and you are currently completing the conformity assessment documentation that is a prerequisite to registration) and a realistic timeline.
Third: A copy of your EU Declaration of Conformity (Article 47). This is the document that certifies your system meets EU AI Act requirements. It is a precondition to registration and is typically what procurement teams actually need to file.
Many fintech vendors at this stage are mid-process: they have completed risk classification and are working through technical documentation and conformity assessment, but are not yet registered. That is a defensible position — provided you can show the documentation trail and give a credible timeline.
What is not defensible: not knowing whether registration applies to your system, or not having started the process.
The Deeper Commercial Point
Article 60 registration is becoming a sales requirement in European financial services procurement — not because regulators are demanding it at the point of sale, but because compliance teams at banks are adding it to vendor checklists. A bank that deploys an unregistered high-risk AI system takes on its own regulatory exposure.
This means your registration status is now a competitive differentiator. Vendors who are registered close faster with risk-aware buyers. Vendors who cannot answer the Article 60 question lose deals at legal sign-off.
The earlier you register — or the further along your documentation process is — the fewer deals you lose to this question.
Try Complizo free at complizo.com