Comparative analysis of AI regulation for fintech cybersecurity and privacy in the European Union and Qatar

Abstract Artificial Intelligence (AI) is transforming the finance industry, resulting in exponential growth opportunities as well as significant risks and challenges. This paper is a document analysis of AI regulatory frameworks and guidelines in the fintech sectors of the European Union (EU) and Qatar. It aims to identify relevant lessons and propose actionable, contextualised recommendations. It compares regulations central to governance, oversight, enforcement and the institutional architecture of AI regulation related specifically to fintech, cybersecurity and privacy. The paper illustrates that the EU leans towards risk management with clear, structured and comprehensive regulations with strict enforcement. On the other hand, Qatar is a small state with a highly ambitious vision of reform that wants to foster an environment conducive to innovative start-ups. This leads to regulatory flexibility and non-binding guidelines without enforcement mechanisms. The paper recommends that Qatar can strengthen its AI governance in the following ways: first, adopting a tiered, risk-based regulatory approach, similar to the EU, however, ensuring only those deemed high-risk are legally binding; second, establish a centralised AI governance unit; third, leverage its small size and research ecosystem to develop local innovation through regulatory sandboxes and public–private partnerships; and fourth, tap into the lucrative market of Shariah-compliant financial services.