When a lender runs an application through an AI model, and that model says no, three things are supposed to happen: the applicant gets told why, the reason has to be specific enough to be useful, and the decision has to be one the lender can actually explain.

That requirement isn’t new. What’s changed is that regulators in all three jurisdictions are now actively testing whether companies running black-box models are meeting it, and finding they’re not.

Credit AI sits at a corner where consumer protection law, anti-discrimination law, and data protection law all arrive at once. Using AI to make credit decisions is legal. What regulators care about is whether you can explain what the model is doing, prove it isn’t discriminating, and give applicants something they can actually act on when they’re denied.

Enforcement is moving. The CFPB’s 2025 supervisory findings named model explainability failures explicitly. The EU AI Act’s high-risk rules start applying to credit scoring in August 2026. The UK ICO is updating its guidance following the Data (Use and Access) Act.

If you’re building or deploying a credit AI model in any of these markets and you haven’t audited your adverse action process, this is the year to do it.

The Map

🇺🇸 USA