You Tracked the Publication Date. The Enforcement Date Is What Will Fail You.

The Problem With How BFSI Firms Are Tracking Regulatory Deadlines

Most AI compliance teams inside Tier-1 banks and NBFCs are maintaining a publication calendar, not an enforcement calendar. They record when a regulation was issued, when a consultation period closed, when a final text was gazetted. What they are not consistently tracking is the date on which a supervisor can open an investigation, request evidence, or impose a sanction. For the cluster of AI and ICT-risk obligations maturing between mid-2025 and early 2026, that distinction is the difference between a firm that passes its first supervisory review and one that discovers its governance programme exists only on paper. This article maps six to eight specific enforcement milestones, explains who each catches and what evidence it demands, and closes with a summary table designed to be shared with your board risk committee.

Milestone 1 — DORA Full Application: January 17, 2025

The EU Digital Operational Resilience Act reached full legal application on 17 January 2025. For any Indian bank or NBFC with EU-regulated group entities, EU-domiciled clients, or contractual obligations to EU-regulated counterparties, DORA's ICT third-party risk management requirements are now enforceable. The obligation is not limited to EU-incorporated entities: where an Indian firm provides ICT services — including AI inference, model APIs, or data processing — to an EU-regulated financial entity, the contractual requirements in Articles 28 through 44 of DORA flow upstream. Firms must hold documented ICT risk assessments, maintain a register of third-party ICT providers, and retain evidence of resilience testing for critical or important functions. For AI systems classified as supporting critical functions, the assurance evidence required includes scenario-based testing records, incident classification logs, and exit-strategy documentation. A policy that says testing will occur is not the same as a test record that proves it did.

Milestone 2 — DORA TLPT Regulatory Technical Standards: Q1 2025

The Regulatory Technical Standards governing Threat-Led Penetration Testing under DORA were finalised in early 2025. TLPT applies to firms designated as systemically significant by their competent authority, but the artefact requirements it establishes are a credible benchmark for any firm operating AI in a critical ICT function. TLPT mandates a structured red-team exercise against live production systems, conducted by an accredited tester, with a formal remediation report. For AI systems, this translates directly to adversarial prompt testing, model extraction probes, and supply-chain integrity checks against the models and APIs underpinning the system. Firms that have not commissioned any form of AI-specific adversarial evaluation by the time their competent authority schedules a TLPT review will be unable to demonstrate a history of proactive assurance — which is precisely what the RTS examines.

Milestone 3 — EU AI Act GPAI Model Obligations: August 2, 2025

Title VIII of the EU AI Act, covering General-Purpose AI models, applies from 2 August 2025. Any BFSI firm whose AI systems are built on a third-party foundation model — including large language models used for customer communication, document processing, credit narrative generation, or internal decisioning — must be able to demonstrate that the underlying model provider has complied with transparency and capability evaluation obligations. The practical exposure for Indian BFSI firms is indirect but real: if your vendor is deploying a GPAI model in a system that touches EU-regulated activity, you need a vendor attestation backed by conformity evidence you can actually inspect. A contract clause saying the vendor is compliant is not sufficient audit evidence. Firms should hold the provider's technical documentation, any third-party evaluation reports, and a record of their own due-diligence assessment of that documentation.

Milestone 4 — EU AI Act High-Risk AI System Obligations: August 2, 2026

For AI systems classified as high-risk under Annex III of the EU AI Act — which includes systems used in creditworthiness assessment, insurance risk scoring, and employment decisions — the full conformity obligations apply from 2 August 2026. However, the preparation window opens now. Article 9 requires a documented risk management system that operates continuously throughout the lifecycle, not a one-time pre-deployment check. Article 10 mandates data governance covering training, validation, and testing datasets. Article 17 requires a quality management system. Firms that begin their conformity work in mid-2026 will not have 12 months of operational risk management records to present — they will have weeks. The audit exposure is created not by the deadline itself but by the gap between when the obligation started accumulating evidence and when the firm started generating it.

Milestone 5 — RBI Model Risk Management Guidelines: Implementation Review H2 2025

The Reserve Bank of India's guidance on model risk management, drawing on the principles established through successive IT governance and risk circulars and aligned with the spirit of SR 11-7, sets expectations for an end-to-end model governance lifecycle across Indian banks and NBFCs. While the RBI has not published a single titled circular exclusively labelled model risk management in the manner of the US Federal Reserve, its Master Direction on IT Governance, Risk, Controls and Assurance Practices and subsequent guidance on digital lending and AI/ML in credit establish clear obligations: model inventory, independent validation, challenger model testing, and ongoing performance monitoring. By H2 2025, supervisory reviews conducted under RBI's Risk-Based Supervision framework are expected to examine whether institutions have operational model validation functions — not whether those functions are described in a policy. The assurance evidence required is a model inventory that is current and complete, validation reports signed by a function independent of model development, back-testing records, and documented escalation trails for models that breached performance thresholds.

Milestone 6 — EU AI Act Codes of Practice and Conformity Infrastructure: Mid-2025 to Early 2026

The EU AI Act establishes a rolling process for Codes of Practice for GPAI models, with initial drafts circulated through 2025 and expected to reach a settled form by early 2026. For BFSI compliance teams, the practical significance is that these Codes will define the specific documentation and testing standards that GPAI model providers are expected to meet — which in turn determines what vendor attestations you can reasonably rely on. Separately, notified bodies for high-risk AI conformity assessments are being designated across EU member states through 2025. Firms should be tracking which notified body will be relevant for their sector and beginning pre-assessment engagement. Waiting for a final list of designated bodies before initiating any conformity preparation is a sequencing error: the evidence generation must precede the assessment, not coincide with it.

Why Indian BFSI Firms With EU Linkages Face Compounded Exposure

An Indian bank or NBFC with EU operations, EU institutional investors, or contractual ICT obligations to EU-regulated entities does not face a choice between RBI compliance and EU AI Act or DORA compliance. It faces both, simultaneously, with different evidentiary standards. RBI's model risk expectations are asset-centric and lifecycle-oriented; the EU AI Act's high-risk obligations are system-centric and conformity-document-oriented; DORA is ICT-function-centric and resilience-test-oriented. The overlap is not incidental. The same AI system used in a credit decision workflow may simultaneously be subject to RBI model validation requirements, EU AI Act Article 9 risk management requirements, and DORA ICT third-party obligations if it runs on an external API. Firms that manage each framework in a separate workstream, with separate evidence stores, will generate three times the effort and still fail a cross-framework audit because no single artefact maps across all three.

The Summary Table: Milestones Mapped to Assurance Actions

The following maps each milestone to the minimum testing or evaluation action that generates defensible audit evidence.

Milestone 1 — DORA Full Application (January 17, 2025): Action — complete ICT third-party risk register covering all AI vendors; commission and retain resilience test records for critical ICT functions; document exit-strategy assessments for each critical provider.

Milestone 2 — DORA TLPT RTS (Q1 2025): Action — commission an adversarial evaluation of AI systems in critical functions; retain scoped red-team report with remediation log; establish annual re-testing cadence.

Milestone 3 — EU AI Act GPAI Obligations (August 2, 2025): Action — obtain and review technical documentation from each GPAI model provider; record your own due-diligence assessment; establish a vendor attestation review cycle.

Milestone 4 — EU AI Act High-Risk Obligations (August 2, 2026): Action — begin Article 9 risk management system documentation now; initiate data governance records under Article 10; open a quality management system file that will hold 12 months of operational evidence by the deadline.

Milestone 5 — RBI Model Risk Supervisory Review (H2 2025): Action — complete and certify the model inventory; commission independent validation reports for all material models; establish back-testing records and a documented threshold-breach escalation trail.

Milestone 6 — EU AI Act Codes of Practice and Notified Body Designation (Mid-2025 to Early 2026): Action — track Code of Practice drafts relevant to your GPAI vendors; identify the notified body for your sector; initiate pre-assessment engagement and gap analysis.

What Defensible Evidence Actually Means

Supervisors reviewing AI governance programmes in 2025 and 2026 will not accept internal policy documents as evidence of compliance. What they will examine is the audit trail: dated test records, independent validation sign-offs, vendor due-diligence files, model inventory exports, and remediation closure logs. The word defensible has a specific meaning in a supervisory context — it means that a third party, with no prior knowledge of your programme, can reconstruct what you did, when you did it, and why it was sufficient. That standard is achievable, but only by firms that started generating evidence before the enforcement date arrived, not after the first supervisory letter was received. The calendar above is not a reading list. It is a production schedule for the evidence your organisation will need to present.