Domain 5 of Annex III AI Act bundles four very different use cases whose common thread is that they govern access to services profoundly affecting daily life. The Commission guidelines of 19 May 2026 devote over fifteen pages to this domain, with specific clarification for the financial sector.
For the general framework, see the main article on the Article 6(3) filter. For all eight domains, see the hub overview.
The Four Use Cases of Domain 5
- Point 5(a): Eligibility assessment for public assistance benefits and services, and granting or denying them
- Point 5(b): Creditworthiness of natural persons and credit scoring
- Point 5(c): Risk assessment and pricing in life and health insurance
- Point 5(d): Triage and prioritisation of emergency calls and dispatch
Point 5(a): Public Benefits and Services
This touches municipalities, executive agencies and all public bodies using algorithms to select citizens for granting, withdrawing or fraud-investigating benefits or services.
High-risk:
- AI scoring benefits applications on eligibility
- AI prioritising fraud investigation at individual level
- AI targeting recontrols to specific citizens or households
Filter possible:
- AI checking dossier completeness without substantive assessment
- AI archiving documents into fixed folders
For the public sector specifically, see our articles on algorithm registration and the EU AI Act in the public sector.
Point 5(b): Creditworthiness
Virtually every modern lender uses AI in scoring. The Commission guidelines state this is always high-risk, with one important exception: credit scores used solely for detecting financial fraud are excluded.
High-risk:
- AI scoring mortgage, personal loan or business credit applications
- AI in retail finance, BNPL ("buy now pay later") and consumer credit
- AI deploying scoring for per-customer interest rate pricing
- AI in alternative credit scoring using non-traditional data
Interaction with CRR: The guidelines clarify that AI systems used internally by banks for calculating own funds requirements under Article 144 Capital Requirements Regulation (Internal Ratings Based approach) have a specific regime. For application to customers in credit decisions, however, it remains undiluted high-risk under the AI Act.
Point 5(c): Life and Health Insurance
Life insurers and health insurers using AI for underwriting, premium calculation or acceptance are in scope.
High-risk:
- AI estimating death or disability risk for individual applicants
- AI assigning premium tiers based on personal characteristics
- AI forecasting healthcare costs for supplementary insurance pricing
Interaction with Solvency II: For insurers, similarly to banks, AI in internal capital models under Article 120 Solvency II has its own framework, but AI in customer-facing risk assessment remains undiluted high-risk under the AI Act.
Property and casualty insurance is explicitly excluded from Point 5(c). Car, fire or home insurance with AI pricing thus does not fall under it, unless it simultaneously touches another Annex III domain.
Point 5(d): Emergency Call Triage
This touches emergency call centres, dispatch services and triage systems for ambulance, fire and police.
High-risk:
- AI determining priority of incoming emergency calls
- AI assigning precedence to certain calls based on content, location or caller history
- AI optimising routes or first-response deployment based on triage outcome
Filter possible:
- AI only transcribing or translating calls without performing triage
- AI generating statistical reports after the fact
Sector-Specific Pitfalls
Pitfall 1: Explainability Is Doubly Required
For credit scoring, the explanation requirement under GDPR Article 22 for automated decisions with legal effects already applies. Under the AI Act, transparency and human oversight come on top. Banks still relying on black-box scoring need to invest doubly in explainable AI.
Pitfall 2: Alternative Data Is Not an Escape
Some fintech players think that scoring based on alternative data (behaviour, app usage, social network) falls outside Point 5(b) because it's not classical credit scoring. The guidelines make clear the use case (creditworthiness) is decisive, not the technique or inputs.
Pitfall 3: B2B Credit Is Also in Scope
Point 5(b) refers to natural persons, but much business lending runs through persons (sole traders, freelancers, personal guarantees). For those situations, scoring still falls within high-risk.
What to Do
Map AI in customer-facing scoring
Inventory where AI models support customer- or citizen-level decisions: granting, denying, prioritising, pricing.
Separate scoring from internal risk models
For banks and insurers: make the distinction between models under CRR/Solvency II and customer-facing scoring explicit. The compliance routes differ.
Build FRIA into model governance
For public organisations, FRIA under Article 27 is mandatory. Integrate it into the model risk management process, not as a standalone compliance exercise.
Strengthen explainability
Under GDPR, financial supervision law and the AI Act combined, explainability becomes a requirement, not a nice-to-have.
For the financial sector specifically, see our article on AI governance in the financial sector.
Test your AI against the Article 6(3) filter
Free interactive self-assessment, updated for the Commission guidelines of 19 May 2026. 9 steps, personal report with reasoning, vendor questions and next steps.