EU financial-services agentic AI deployments operate under a compounded five-framework obligation surface (DORA, NIS2, MiFID II, EU AI Act, GDPR) that sits on top of general AI governance. Liability does not transfer to the vendor contractually regardless of SLA language — MiFID II conduct rules, EU AI Act deployer obligations, and DORA third-party-risk provisions place customer-facing and regulator-facing liability on the deploying financial institution. Compliance-posture and vendor-lock-in are the dominant GAUGE dimensions for the sector, scoring 15-25 points lower than cross-industry averages on first pass.

First piece in planned vertical-industry series. Cluster G anchor. 60-day review cadence. Watches: (1) major ESA (EBA/ESMA/EIOPA) publishing agentic-AI-specific guidance, (2) DORA or EU AI Act enforcement action redefining liability-transfer boundaries, (3) industry-body vendor contract templates closing DORA third-party-risk gap.