Breaking Down FSI Regulations for AI in 2025

Introduction

The financial services industry (FSI) is entering a transformative period with significant regulatory changes on the horizon for 2025. From the EU’s Digital Operational Resilience Act (DORA) to the Anti-Money Laundering Authority (AMLA) Regulation, financial institutions are facing increasing pressure to ensure operational resilience, enhance cybersecurity, and adopt AI/ML technologies responsibly. Meeting these demands requires more than traditional approaches, it requires innovative platforms designed to streamline compliance while guaranteeing operational efficiency.

Hopsworks, the pioneering AI Lakehouse platform, is uniquely positioned to help FSIs navigate these challenges. By providing a unified environment for data science, MLOps, and AI governance, and with a feature store at its core, Hopsworks empowers organizations to achieve compliance with upcoming regulations while optimizing their AI and ML workflows. This blog explores how Hopsworks can support FSIs in addressing key regulations, including DORA, AMLA, PSD3, and more.

How an AI Lakehouse Can Support Regulatory Compliance

This article will clarify how a specific type of Machine Learning (ML) and Artificial Intelligence (AI) architecture, will help any organization achieve better and simpler governance and compliance policies. We have written about the generic, industry-agnostic case before when we wrote about the EU AI Act, when we wrote about the F.A.I.R. principles for building AI systems, and when we articulated the importance of Sovereign clouds in AI Lakehouse architectures. The general theme was always the Feature Stores and the MLOps platforms that are built around these platforms offer great generic governance advantages: the centralised nature of the architecture and the specific security, versioning, lineage and reporting capabilities of the platform have been a tremendous help in doing so. Now, however, we are going to use the rest of this article to make this very specific and tangible, by zooming in on specific regulations for the Financial Services Industry (FSI), and clarifying the particular ways in which an AI Lakehouse can help. 

Specific Benefits for FSI Regulations 

DORA - Digital Operational Resilience Act

The Digital Operational Resilience Act (DORA) aims to create a unified approach to operational resilience and cybersecurity within the EU's financial sector. It establishes a framework for reporting and information sharing to help financial institutions withstand and recover from ICT disruptions. DORA provides specific guidance on managing third-party provider risk, ICT risk, and ICT incidents, as well as testing digital operational resilience.

Applicable as from: January 17, 2025

What this means:

For teams that are building ML and AI systems, the DORA regulation will have significant implications. DORA implies that a Financial Services organisation cannot run these types of systems without thinking about Operational Resilience. That means that deployments have to be managed on solid platforms that have all the appropriate measures and guarantees available on them, so as to ensure that they become very dependable and reliable for all stakeholders using the system. 

Hopsworks contribution:

As an AI Lakehouse, Hopsworks offers true “High availability” to the  AI systems that are built on its foundation. We have written about this in the past in detail to explain all the intricate details of how we provide our users with this capability in our articles Single Region Highly Available Hopsworks and Multi-Region Architecture for Demanding Applications.

On top of that, it should be clear that the inherent architecture that Hopsworks proposes, offers all the MLOps benefits (allowing customers to better manage the feature engineering, training and inferencing pipelines that create the Machine Learning system) and all the Feature Store benefits (allowing customers to better govern the data underpinning their ML systems, as well as enforce efficiencies and reuse). Therefore, we think the Hopsworks architecture could be a real asset to any Financial Services Institution to achieve the DORA compliance.

Anti-Money Laundering Authority (AMLA) Regulation

The AMLA Regulation introduces a European Anti-Money Laundering Authority, responsible for overseeing high-risk financial entities within the EU. This strengthens the existing EU framework against financial crime. By harmonizing AML standards, the authority aims to improve cooperation and information sharing between member states. Consequently, this enhanced collaboration will enable better risk assessment and proactive measures against evolving financial crime threats, particularly those associated with cryptocurrencies and digital assets.

Applicable as from: July 1st, 2025

What this means: 

As part of the AMLA regulation, all Financial Services Institutions will want and need to ensure that they continue their constant arms race with potential fraudsters, in order to keep up their efforts to combat the money laundering entities and organised crime networks across the globe. Thanks to the AMLA, the financial flows within and between institutions will be made more transparent, so that better and interchangeable data will be available to use in active countermeasures.

Hopsworks contribution:

Over the years, Hopsworks has witnessed how the Anti-Money-Laundering use case is a prime candidate for AI/ML systems to help improve the accuracy and effectiveness of the effort. MLOps will help bring these AI/ML based AML systems to production quickly and allow them to be developed and run efficiently, 

The feature store will allow Financial Services Institutions to create reusable, compliant data infrastructure for AML building and operating the highest quality models. Hopsworks has contributed, and will continue to contribute more to the AML field by sharing information. Learn how Hopsworks is currently battling challenges within the AML field through our content on deep learning for AML, fraud code tutorials, and detecting financial fraud case study. 

Payment Services Directive 3 (PSD3)

In 2025, the financial services sector will see the introduction of PSD3, replacing the existing PSD2 directive. PSD2, implemented in 2018, aimed to enhance security through Strong Customer Authentication, foster competition, and enable open banking. However, the rapid pace of technological innovation and the evolving landscape of cyber threats have prompted regulators to revisit and update the directive. PSD3 will prioritize enhanced consumer protection and improved security measures, potentially through stricter authentication processes and protections for users engaged in digital and online transactions. We can anticipate enhanced fraud prevention measures, possibly including the expanded use of biometrics, multifactor authentication, and other secure methods that will encompass areas such as cryptocurrencies and decentralized finance. 

Furthermore, PSD3 will further advance open banking and promote the concept of open finance, extending beyond payment accounts to encompass products like mortgages, savings accounts, and insurance. This will empower consumers with better access to their financial data and stimulate competition by enabling a wider range of financial service providers to offer tailored products and services. The Directive also seeks to establish a level playing field between banks and non-banks while enhancing cash availability in shops and through ATMs. To achieve these goals, PSD3 may also revise the scope of Third-Party Providers (TPPs) and improve API standards and integration protocols to encourage collaboration between banks, Third-Party Providers, and Fintechs.

Applicable as from: Some time in 2025

What this means: 

As ML and AI get applied to every domain in the business of a Financial Services Institution, it will also become part of the payment services processes. We can already see how financial institutions are becoming more effective at ensuring the accuracy and resilience of their payment processes, for example by implementing AI based anti-phishing policies, and the likes. These processes will become more and more based on AI/ML based technologies, and will therefore require a robust, highly available and dependable infrastructure to run on.

Hopsworks contribution:

Hopswors MLOps and Feature store technologies provide Financial Services Institutions with the secure and governable AI/ML infrastructure that will allow continued PSD3 compliance. By applying the principles of F.A.I.R. AI/ML, findability, accessibility, interoperability and reuseability, Hopsworks will make it easier for Financial Services Institutions to implement PSD3 compliant services. Hopsworks offers true “High availability” to the AI systems that are built on its foundation. As mentioned previously, we have written about our highly available capabilities in the past, explaining all the intricate details of this resilience.

Network and Information Systems Directive 2 (NIS2)

NIS2, while not exclusively targeting financial services, is designed to bolster the cybersecurity resilience of critical infrastructure and essential services, including those within the financial sector. Consequently, it will significantly impact cybersecurity practices across EU Member States. The directive mandates stricter protocols for identifying, managing, and reporting cybersecurity risks and incidents. Additionally, NIS2 promotes cooperation between sectors and EU member states, requiring financial institutions to comply with both national and EU-wide cyber incident reporting frameworks and ensuring timely communication about threats and incidents. Non-compliance can result in substantial penalties, incentivizing financial institutions to prioritize cybersecurity and integrate it into their core operations. This emphasis on collaboration aims to enhance the ability of financial institutions across Europe to manage systemic risks, especially given the increasing sophistication and frequency of cyberattacks targeting financial markets and systems.

Applicable as from: 

• October 2024: Directive to be implemented by Member States
• April 17, 2025: Member States to establish a list of essential and important entities
• Every two years from April 17, 2025: Regular updates and notifications to the European Commission

What this means:

For teams that are building ML and AI systems, the NIS2 regulation will have significant implications. NIS2 implies that a Financial Services organisation cannot run these types of systems without thinking about Network and Information security implications. That means that deployments have to be managed on solid platforms that have all the appropriate measures and guarantees available on them, so as to ensure that they can provide the required security to all stakeholders using the system. 

Hopsworks contribution:

As an AI Lakehouse, Hopsworks offers true “High availability” to the AI systems that are built on its foundation, something that we’ve referred to throughout this article. The centralized AI lakehouse is a much more secure and manageable environment for developing AI and ML systems than to have every individual data scientist / data engineer do their own thing. The AI lakehouse has a wide range of security and availability guarantees built in that make it a much better foundation for a NIS2 compliant system. Therefore, we think the Hopsworks architecture could be a real asset to any Financial Services Institution to achieve NIS2 compliance.

Sustainable Finance Disclosure Regulation (SFDR) and EU Taxonomy

The EU introduced the Sustainable Finance Disclosure Regulation (SFDR) in 2021. It mandates that financial entities, market participants, and advisors disclose the sustainability aspects of their investment products. The primary goal of SFDR is to enhance transparency around sustainable investments by standardizing disclosures on environmental, social, and governance (ESG) factors. The EU Taxonomy complements SFDR by providing a classification system for environmentally sustainable investments and activities. This framework helps assess alignment with the EU's sustainability goals, particularly the European Green Deal. In 2025, SFDR will be updated to include detailed reporting templates. Meanwhile, the UK is developing its own Green Taxonomy, expected to be announced by the end of 2024.

‍Applicable as from:

• End of 2024: SFDR Level 2 requirements fully implemented
• 2025: First reports due under the Corporate Sustainability Reporting Directive (CSRD) for the 2024 financial year

What this means: 

While most Financial Services Institutions are aware of and see the clear value that ML and AI systems are delivering, there is also a growing awareness that this comes at a financial and an environmental cost that needs to be monitored in the context of our sustainability goals. This is much easier to achieve on a centralised AI lakehouse architecture.

Hopsworks contribution:

By applying the principles of F.A.I.R.  AI/ML, Hopsworks will make it easier for Financial Services Institutions to implement the SFDR compliant services. The AI lakehouse, by virtue of it providing a centralised infrastructure for most of an organisations AI/ML systems, will make it much easier for the organisation to monitor and report the amount of compute and storage resources that have been used for developing and deploying a particular system. 

Summary

This article  discusses how the Hopsworks AI Lakehouse platform can assist the Financial Services Industry (FSI) in complying with upcoming regulations in 2025. The regulations covered include:

• DORA (Digital Operational Resilience Act): Focuses on operational resilience and cybersecurity in the EU financial sector. Hopsworks helps with its high availability and MLOps benefits.
• AMLA (Anti-Money Laundering Authority): Establishes a European authority to oversee AML efforts. Hopsworks supports AML use cases with its MLOps and Feature Store capabilities.
• PSD3 (Payment Services Directive 3): Updates existing payment service regulations with a focus on consumer protection and security. Hopsworks' secure infrastructure and high availability aid in compliance.
• NIS2 (Network and Information Systems Directive 2): Strengthens cybersecurity for critical infrastructure. Hopsworks' centralized platform and security features contribute to NIS2 compliance.
• SFDR (Sustainable Finance Disclosure Regulation): Mandates disclosure of sustainability aspects of investments. Hopsworks' FAIR AI principles and centralized infrastructure help with monitoring and reporting.

Overall, the article emphasizes that Hopsworks' AI Lakehouse capabilities, such as high availability, MLOps, Feature Store, and security measures, can be valuable assets for FSIs seeking to navigate the complex regulatory landscape of 2025.

About Hopsworks

Hopsworks is the first and only open and modular AI Lakehouse platform. It is designed to enable the reliable management and scaling of enterprise AI initiatives. With a strong emphasis on data security, governance, and collaboration, Hopsworks offers a comprehensive solution for organizations seeking to operationalize and manage ML models at scale. Its key features include a feature store for efficient data management, an MLOps platform for streamlined model deployment and monitoring, and robust security and governance capabilities. Hopsworks boasts a growing roster of enterprise clients across various industries, including financial services, healthcare, and technology. The company's team comprises experienced data scientists, engineers, and AI experts committed to advancing the field of AI and machine learning.