The financial sector's growing reliance on Artificial Intelligence (AI) raises important questions about whether current European Union (EU) regulations can handle the risks. This article examines how well existing EU rules work for AI use in investment services. Since AI's impact shows up primarily through information handling—customer profiling and regulatory reporting—and suitability assessments for client investments, we identified three key risk areas specific to investment services: (1) data quality problems, (2) mismatches between clients and suitable investments, and (3) broader market structure effects. When we tested these risks against current EU regulations, we found some significant gaps. In particular, MiFID II, which is technologically neutral, lacks binding AI provisions and relies on fragmented soft-law guidelines from ESMA; meanwhile, the AI Act does not classify most investment services as “high-risk,” meaning stricter governance requirements do not apply. Although ESMA's guidance and the AI Act overlap in some useful ways, notable gaps remain—particularly around traceability, auditability, and oversight of AI-driven operations. This leaves regulators with two main options: either expand the AI Act to cover more investment services as high-risk, or build AI-specific safeguards directly into financial services law. We argue for the latter—updating MiFID II with explicit, binding AI provisions that align with the AI Act's principles while addressing sector-specific risks, fairness concerns, and market integrity issues.
Ghetti, R., Novelli, C., Hacker, P., Floridi, L. (In stampa/Attività in corso). AI and Investment Services in EU Law: The Case for MiFID III. JOURNAL OF FINANCIAL REGULATION, 12, 1-32.
AI and Investment Services in EU Law: The Case for MiFID III
Ghetti, Riccardo;Novelli, Claudio;Floridi, Luciano
In corso di stampa
Abstract
The financial sector's growing reliance on Artificial Intelligence (AI) raises important questions about whether current European Union (EU) regulations can handle the risks. This article examines how well existing EU rules work for AI use in investment services. Since AI's impact shows up primarily through information handling—customer profiling and regulatory reporting—and suitability assessments for client investments, we identified three key risk areas specific to investment services: (1) data quality problems, (2) mismatches between clients and suitable investments, and (3) broader market structure effects. When we tested these risks against current EU regulations, we found some significant gaps. In particular, MiFID II, which is technologically neutral, lacks binding AI provisions and relies on fragmented soft-law guidelines from ESMA; meanwhile, the AI Act does not classify most investment services as “high-risk,” meaning stricter governance requirements do not apply. Although ESMA's guidance and the AI Act overlap in some useful ways, notable gaps remain—particularly around traceability, auditability, and oversight of AI-driven operations. This leaves regulators with two main options: either expand the AI Act to cover more investment services as high-risk, or build AI-specific safeguards directly into financial services law. We argue for the latter—updating MiFID II with explicit, binding AI provisions that align with the AI Act's principles while addressing sector-specific risks, fairness concerns, and market integrity issues.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
