FREE-AI vs the EU AI Act: A Comparative Read for the Inclusion Era

A governance framework, read in isolation, tells only part of its story. Read alongside the frameworks developed by other jurisdictions attempting the same problem, and read honestly, with attention to what each one was designed to protect, and for whom. It reveals rather more. The Reserve Bank of India's FREE-AI framework, released August 2025, rewards exactly this kind of comparative reading. Not because comparison flatters it, but because the differences between FREE-AI and the world's other major AI governance architectures illuminate the specific nature of what India has attempted, and why that attempt matters beyond India's borders.

The context is global and it is large. Projected global investment in AI across financial services is expected to reach $97 billion by 2027. Generative AI in finance is forecast at $12 billion by 2033, growing at 28 to 34 percent annually. Against this, India processed 222.6 billion digital payment transactions in FY25, with UPI alone accounting for 185.8 billion of those, on infrastructure built in a decade, serving populations whose financial inclusion journey is still, in material respects, in its first chapter.

Governing in a World of Frameworks

Before the FREE-AI framework is examined on its own terms, the landscape in which it was written deserves a careful accounting. Across major jurisdictions, three broad approaches to AI governance have emerged, each reflecting the regulatory tradition, institutional capacity, and political economy of its context.

The European Union's AI Act (Regulation 2024/1689), entered into force August 2024, represents the most architecturally elaborate of these approaches. Its four-tier risk classification (prohibited, high-risk, limited risk, minimal risk) is built on detailed Annex lists specifying which AI applications attract which obligations. For financial services, the Act's Annex III explicitly classifies credit scoring and creditworthiness evaluation as high-risk (point 5(b)), alongside AI used for life and health insurance pricing (point 5(c)). The compliance obligations this triggers are substantial: conformity assessment, a Fundamental Rights Impact Assessment per Article 27, transparency requirements under Article 13, human oversight mandates under Article 14, and registration in the EU database under Article 49. Penalties extend to €35 million or seven percent of global annual turnover for prohibited practices, with three percent applicable to most high-risk obligations.

The United Kingdom operates with five non-binding cross-sectoral principles, safety, transparency, fairness, accountability, and contestability, applied by existing sectoral regulators. No standalone AI legislation exists. Singapore's approach, similarly principles-based, offers the Model AI Governance Framework, the open-source AI Verify testing toolkit, and MAS's FEAT principles for financial services. In January 2026, Singapore released the first Agentic AI governance framework globally, with a five-tier autonomy taxonomy, addressing AI agent governance that no other jurisdiction had yet formally codified.

Against this landscape, India's FREE-AI framework was constituted in December 2024 and released August 2025, explicitly conscious of all three approaches. Its Chapter 3 surveys the EU Act, US guidance, UK principles, and Singapore frameworks, not to replicate any, but to identify where India's context demands its own solutions. The committee opened its global policy review with a Swami Vivekananda quotation that its members clearly meant as governance philosophy: "Learn everything that is good from others, but bring it in, and in your own way absorb it; do not become others."

That choice of opening is worth dwelling on. It signals that the committee's engagement with international frameworks was deliberate but selective, an act of studied discernment rather than adoption. What followed in the framework's design reflects exactly that disposition: areas where EU-derived concepts were adapted, areas where India's context demanded different instruments. There are also areas, examined honestly later in this analysis, where the international frontier has moved to territory FREE-AI has not yet mapped.

The Architecture: Seven Sutras, Two Sub-Frameworks, Six Pillars

FREE-AI's foundational architecture refuses the binary that has structured most AI governance debates: the choice between enabling innovation and mitigating risk. The framework treats these as complementary forces to be pursued in tandem, and organises its entire structure around that dual mandate.

At its core are the Seven Sutras, a principles layer that operates not as a compliance checklist but as design constraints for any AI system governed by the framework. The word sutra, from Sanskrit meaning thread or formula, signals that these principles are intended to run through the entire AI lifecycle, not sit atop it.

A comparison with the EU AI Act's underlying principles is instructive here. The Act's framework, conceived primarily around risk classification and conformity assessment, reflects a product-safety regulatory tradition, the same tradition that produced CE marking and GDPR. Its highest-level values (safety, fundamental rights, democracy, rule of law, environmental sustainability) appear in recitals but are not codified as operational design constraints in the way FREE-AI's sutras are. The EU framework's strength is its legal precision and enforceability. The comparative observation that emerges quietly from the difference is that FREE-AI's principles architecture was designed to become institutional culture, not just legal obligation.

The six delivery pillars operate through the dual sub-framework structure that gives FREE-AI its most distinctive architectural feature: a formal separation between the Innovation Enablement Framework (Infrastructure, Policy, Capacity) and the Risk Mitigation Framework (Governance, Protection, Assurance). The EU Act has no equivalent to the innovation enablement sub-framework. Its architecture is entirely oriented toward risk management. This is not a criticism of the EU approach, which was designed for a market that already has AI infrastructure. It is an observation about the different starting points.

The Inclusion Dimension: A Design Question the EU Framework Did Not Need to Ask

The EU AI Act's classification of credit scoring AI as high-risk under Annex III point 5(b) reflects a mature regulatory instinct: AI systems making consequential decisions about individual access to financial resources warrant heightened scrutiny. The associated Article 27 Fundamental Rights Impact Assessment requirement, mandating that deployers of credit scoring AI formally assess risks to affected populations before deployment, is a rigorous consumer protection instrument. Its logic is sound, its intent is protective, and its scope covers institutions serving populations with established financial histories and meaningful recourse mechanisms.

FREE-AI begins from a different premise. The credit scoring population it primarily governs is not the established borrower seeking a mortgage. It is the more than 560 million Indians who hold Jan Dhan accounts, opened since 2014 under the world's largest financial inclusion programme, many without documented credit histories, operating through voice interfaces in vernacular languages, on low-bandwidth connections, in agricultural economies where income is seasonal and paper-light. For this population, the governance question is not only how to protect against harmful AI. It is also how to ensure that governance architecture does not itself become a barrier to AI reaching them at all.

FREE-AI's answer is Recommendation 7, the affirmative action framework. Regulators are called upon to lower compliance expectations for AI-driven lending targeting underserved and unserved populations, particularly for small-ticket loans under ₹1 lakh, on the explicit condition that basic fairness and accountability safeguards remain in place. The provision builds on three planks: fostering innovation without fear of disproportionate supervisory action; safeguarding vulnerable users through embedded fairness protections; and preventing provider misuse through guardrails against predatory lending under the guise of AI-driven inclusion.

No equivalent provision exists in the EU AI Act. This is not a gap in the EU framework so much as a reflection of the different problem being solved. But it is precisely the provision that makes FREE-AI relevant to central banks and financial regulators across South Asia, Southeast Asia, Sub-Saharan Africa, and the Gulf who are navigating AI governance for populations with similar characteristics to India's, where the inclusion imperative and the protection imperative must be held simultaneously, not traded against each other.

The Infrastructure pillar's Recommendation 4, calling for indigenous AI models for the financial sector, offered as public goods, addresses the same reality from a different angle. The committee's reasoning is explicit and technically grounded: general-purpose large language models, predominantly trained on English-language data from developed market contexts, do not align with the requirements of the Indian financial sector and do not reflect its diversity. Voice and language models across all Indian languages can enable financial service access for populations who cannot navigate text-based or English-language interfaces. The EU framework, drawing on a market where AI capability exists in abundance, has no equivalent provision, and has no reason to.

Innovation and Safety: Different Levers, Convergent Values

The EU AI Act's approach to the innovation-governance balance is structured around proportionality within a penalty framework. High-risk systems face mandatory obligations but benefit from regulatory sandboxes under Article 57. Under Article 57(12), in Article 57(12), participants acting in good faith within sandbox plans are protected from administrative fines for infringements during the testing period. SME provisions under Article 62 further reduce the burden on smaller entities. The conformity assessment pathway for most high-risk systems, including credit scoring, relies on self-assessment rather than third-party certification, a proportionality mechanism that acknowledges the cost burden third-party assessment would impose.

FREE-AI approaches the same tension through a different instrument altogether: Recommendation 8's graded liability framework. The committee's reasoning from first principles is worth quoting: AI systems are inherently probabilistic and non-deterministic, making the traditional binary liability framework, where every failure triggers full regulatory action, structurally inappropriate for AI in financial services. The RBI's answer is a tolerant supervisory stance conditional on good-faith safety practice. Where an institution has followed appropriate safety mechanisms, incident reporting, audits, red teaming, transparent disclosure, the first instance of an AI failure does not automatically trigger full supervisory action. The institution is given reasonable opportunity to conduct root cause analysis and remediate. Only repeated violations, gross negligence, or failure to remediate removes the tolerance.

The two approaches: EU sandbox protection from fines and FREE-AI's tolerant supervisory stance,reflect the same underlying recognition that governance designed to punish every AI error will ultimately produce risk-averse institutions that do not deploy the AI most needed by the populations they serve. The EU Act's sandbox covers the pre-deployment experimentation phase. FREE-AI's tolerant stance covers the post-deployment learning phase. Together they sketch the outline of what a complete innovation-safety framework might look like, and neither jurisdiction has yet fully occupied that entire space alone.

The EU Act's human oversight requirements under Article 14, specifically requiring personnel to be able to fully understand system capabilities and limitations, correctly interpret outputs, and override, disregard, or reverse AI decisions, represent a detailed operationalisation of the principle FREE-AI encodes in its second sutra: People First. The convergence across frameworks that designed independently is itself meaningful. It suggests that human-in-the-loop requirements for consequential AI decisions are reaching consensus across jurisdictions. The question remaining is how the requirement is operationalised and monitored in practice. FREE-AI's Recommendation 16 on autonomous AI governance addresses the same space with explicit reference to MCP and A2A protocols, a more technically current framing than Article 14's implementation guidance, which was written before the agentic AI landscape fully emerged.

The Growth Hypothesis: Governance as Economic Architecture

FREE-AI is sometimes read primarily as a risk management instrument, a framework designed to prevent harm from AI already being deployed. That reading is incomplete. FREE-AI is simultaneously a governance framework and an economic policy instrument. The line between the two is less clear than it might appear.

India is currently the world's fourth-largest economy. The RBI revised its real GDP growth forecast for FY2025–26 to 7.3 percent, and Goldman Sachs projects 6.9 percent growth in 2026 and 6.8 percent in 2027, with India on a trajectory the government projects toward a $7.3 trillion GDP by 2030. Those headline figures carry within them an assumption that is rarely made explicit: they depend, in material part, on whether India's AI deployment trajectory is enabled or constrained by its governance choices.

The NITI Aayog's September 2025 report, AI for Viksit Bharat, provides the most authoritative sectoral quantification of that dependency. Rapid AI adoption across industries could add $500–600 billion to India's GDP by 2035, above its current growth trajectory, driven by productivity and efficiency gains across the workforce. For financial services specifically, the sector FREE-AI directly governs, AI-led improvements in compliance, fraud detection, risk management, and credit decisioning could generate an additional $50–55 billion, with financial services and manufacturing emerging as the sectors where AI could account for up to 20–25 percent of sectoral GDP by 2035. Goldman Sachs puts the generative AI contribution alone at a larger order: generative AI is expected to add $1.2–$1.5 trillion to India's GDP by 2030, with over 80 percent of Indian enterprises actively exploring autonomous agent development.

The hypothesis that emerges from placing these figures alongside the governance comparison in this analysis is straightforward to state and worth taking seriously: the degree to which India realises its AI growth dividend is, in part, a function of whether its governance framework enables or constrains deployment velocity, particularly at the end of the market that matters most for inclusion, which is also the end least able to absorb fixed compliance overhead.

The EU AI Act's documented compliance cost of approximately €29,277 per AI unit annually, with certification costs between €16,800 and €23,000 per unit, is not an abstraction, it represents a structural overhead that, at India's scale of AI deployment, would compound across the fintech ecosystem with direct implications for the speed and cost at which the $50–55 billion financial services AI dividend materialises. A ten-person fintech building voice-first credit products for agricultural workers cannot absorb €30,000 per AI system annually. Under a prescriptive cost structure, that institution does not comply differently. It does not deploy at all. The NITI Aayog projection assumes deployment; the compliance cost structure determines whether deployment is economically rational for the institutions most capable of driving inclusion.

FREE-AI's tiered compliance architecture (its sandbox-first design, the tolerant supervisory stance, the affirmative action provisions for inclusion-focused AI, and the open-source AI Compliance Toolkit) is, read through an economic lens, mechanisms for ensuring that the $50–55 billion financial services AI dividend projected by NITI Aayog is realised across the breadth of India's financial system rather than concentrated in the handful of institutions large enough to run formal compliance programmes. That is a growth policy choice embedded in regulatory design, whether or not it is framed as such.

The long-run hypothesis extends further. If India's approach, proportionality-first, sandbox-enabled, principles-anchored, produces a demonstrably higher AI deployment rate in financial services with comparable consumer protection outcomes to more prescriptive frameworks, it generates evidence for a governance model that other fast-growing economies facing similar trade-offs will find compelling. The NITI Aayog report notes that India is positioned to capture 10–15 percent of the global AI value opportunity. That positioning is not purely technical. It is also regulatory. A governance framework perceived as innovation-enabling by the global fintech and AI investment community is itself a factor in whether India captures the high end of that 10–15 percent range or the low end.

The Interoperability Question: Governance as Architecture

The EU Act's risk classification architecture operates on a different interoperability logic than FREE-AI's principles-based structure. The Act's Annex lists are static, bounded, legally precise, and enforceable, but resistant to adaptation as technology evolves. A 2025 European Parliament study found that the Act "produces duplicative, inconsistent or unclear requirements" in interaction with existing digital legislation. The GPAI provisions in Chapter V, addressing general-purpose AI models, were added late in the legislative process and sit somewhat uneasily alongside a framework originally designed for narrower, use-case-specific AI systems.

FREE-AI's principles-based architecture is structurally more adaptive. Sutras encoded as institutional culture can be interpreted across technological generations without amendment. The risk classification within FREE-AI (low, medium, high) is applied through board-approved policies rather than statutory Annex lists, giving institutions the flexibility to reclassify as technology and risk landscapes evolve, while retaining the accountability requirement. The committee explicitly acknowledged that classifications "must be periodically reviewed and updated to ensure they remain relevant and responsive to the evolving situations."

Where FREE-AI has followed the EU framework deliberately and to good effect is in interoperability benchmarking. The committee surveyed OECD AI Principles, the EU AI Act's risk classification logic, the Bank of England's financial stability analysis, and ISO/IEC standards (23894, 42001, 23053), not to replicate these frameworks, but to ensure that FREE-AI's own architecture is sufficiently aligned to permit cross-jurisdictional recognition. An Indian financial institution operating under FREE-AI's governance framework and also subject to EU AI Act requirements through market presence can demonstrate substantive governance alignment across both, a practical interoperability that is the result of the committee's deliberate benchmarking.

The Capability Question: Governance That Builds, Not Just Constrains

The EU AI Act's governance architecture is primarily constraining: it specifies what institutions must not do, what they must assess before deployment, what they must document and report, and what penalties follow non-compliance. This is entirely appropriate for a regulatory framework operating in a mature market where AI capabilities exist and the principal concern is ensuring those capabilities are deployed responsibly.

FREE-AI's architecture contains all of those constraining elements, and adds an enabling layer the EU framework has no equivalent for. The Capacity pillar is the most structurally distinctive element of FREE-AI in this respect. It does not merely require board-level AI literacy (though Recommendation 10 does, with a two-to-three-year glide path distinguishing AI governance expertise from general IT skills). It calls for a dedicated AI Institute within the RBI itself, for capacity building among regulators and supervisors, so that the oversight apparatus develops AI governance capability at the same rate as the institutions it supervises. The EU framework assumes regulatory capability exists; FREE-AI invests in building it.

The funding commitment embedded in the framework makes this enabling intent concrete in a way that few governance documents have managed. An indicative corpus of ₹5,000 crore for shared data and compute infrastructure, explicitly positioned alongside alongside the IndiaAI Mission's ₹10,372 crore budget allocation from the 2024 Union Budget. It is a public investment thesis in sovereign governance capability. It reflects the committee's recognition that governance without infrastructure is aspiration without architecture.

The EU Act's documented compliance burden, estimated at approximately €29,277 annually per AI unit by European Parliament analysis, with certification costs between €16,800 and €23,000 per unit, raises a question that does not receive sufficient attention in European regulatory debates: at those cost levels, the compliance burden is carried primarily by large, well-resourced institutions. The European Parliament's own 2025 study acknowledged that the Act produces "duplicative, inconsistent or unclear requirements that deter uptake, delay time to market, and introduce compliance asymmetries across Member States." FREE-AI's proportionality provisions, its shared compute landing zones for smaller institutions, and its voluntary AI Compliance Toolkit (Recommendation 26) are all designed against the same failure mode: the risk that governance architecture becomes a competitive moat for incumbents rather than a floor of protection for everyone.

A directional comparison of compliance cost is worth attempting, even where published empirical research is not yet available. Under FREE-AI's tiered architecture, a small fintech operating low-risk AI within the AI Innovation Sandbox would face annual compliance costs in the order of ₹2 to 4 lakh (approximately $2,400 to $4,800), driven primarily by board-policy formalisation, lightweight audit, and voluntary AI Compliance Toolkit usage. A mid-tier institution operating medium-risk credit-decisioning AI would face costs in the range of ₹15 to 25 lakh per system annually (approximately $18,000 to $30,000), driven by red teaming, formal audit, and AI lifecycle management. A large institution operating high-risk autonomous credit AI at scale would face costs in the range of ₹40 to 80 lakh per system annually (approximately $48,000 to $96,000), driven by board-level oversight, structured red teaming, full-scope audit, and incident reporting infrastructure.

These figures are directional and not yet validated by published empirical research. FREE-AI's actual compliance cost will become clearer as Master Directions codify specific obligations. Comparison with the EU AI Act's estimated €29,277 (approximately ₹26 lakh) per AI unit annually suggests medium-risk Indian compliance costs will fall at roughly half to three-quarters of the EU equivalent, while small-fintech sandbox costs will sit roughly an order of magnitude below. The proportionality logic is structurally favourable. Whether it operates as designed is an empirical question for the next eighteen months.

The Autonomous AI Frontier: Where Both Frameworks Are Still Learning

FREE-AI's Recommendation 16 on autonomous AI systems is among the framework's most forward-looking provisions, and the one that speaks most directly to the governance challenges already emerging in agentic payments and AI-driven trade finance. The committee explicitly referenced MCP (Model Context Protocol) and A2A (Agent-to-Agent) communication frameworks in its analysis, the technical architecture underlying agentic AI systems capable of independently executing financial tasks including investment decisions, loan processing, and payment execution.

The EU AI Act addresses autonomous systems primarily through its high-risk classification and human oversight requirements, which predate the emergence of modern agentic AI. Singapore released the first dedicated Agentic AI governance framework globally in January 2026, with a five-tier autonomy taxonomy, acknowledging that existing frameworks were not designed for systems that can chain multiple actions, interact with other AI systems, and operate over extended time horizons without continuous human supervision.

FREE-AI's treatment of autonomous AI, while more current than the EU Act's implicit coverage, remains at the level of principle rather than detailed procedural prescription. Human oversight is mandated for medium and high-risk autonomous tasks; clear standard operating procedures are required; regulated entities remain fully liable for autonomous AI outcomes. What is not yet addressed is the governance of AI agent chains, the A2A interaction model, where accountability diffuses across multiple autonomous systems acting in sequence. This is a frontier where all existing governance frameworks, including FREE-AI, are operating at the edge of their current design.

GIFT City and the Cross-Sector Governance Frontier

A comparison of all existing AI governance frameworks on a single dimension reveals a shared blind spot: none addresses with specificity what happens when financial AI governance encounters the physical world at the intersection of trade, logistics, insurance, and sovereign infrastructure. The EU Act classifies credit scoring AI as high-risk; it does not address the AI system that assesses the creditworthiness of a trade finance facility by drawing simultaneously on logistics data, cargo insurance data, commodity price intelligence, and counterparty risk scoring across three jurisdictions.

This is not a hypothetical governance problem. Trade finance is a $9 trillion global market. AI penetration across document verification, fraud detection, counterparty risk assessment, and supply chain disruption prediction is accelerating across all major trade corridors. The governance architecture for AI at this physical-financial intersection does not yet exist in any jurisdiction.

India's strategic infrastructure investments, the India-Middle East-Europe Corridor, the International North-South Transport Corridor, position GIFT City at a junction that is both regulatory and physical. The IFSCA's cross-sector and cross-border mandate, the free zone model permitting regulatory experimentation at institutional scale, and India's positioning at the intersection of major Eurasian and Indo-Pacific trade corridors make GIFT City the most plausible location for the first serious attempt at AI governance spanning financial services, logistics, insurance, and sovereign trade documentation simultaneously. The EU Act's credit scoring classification provides a useful starting point for one dimension of that governance problem. The rest of the architecture remains to be written.

The Diffusion Question: Why Some Governance Frameworks Travel

Whether the EU's AI governance framework will produce the global regulatory convergence that GDPR did is, at this point, genuinely uncertain. Brookings concluded in recent analysis that the Brussels Effect "will be more limited than for GDPR," with many businesses developing separate EU-specific compliance processes rather than globalising EU standards. The compliance cost differential between EU-regulated entities and those operating outside EU jurisdiction creates structural incentives against voluntary adoption.

The diffusion logic for FREE-AI is different in character. India's digital public infrastructure (UPI, Aadhaar, Account Aggregator) spread to seven countries, with an RBI target of twenty by 2029 not through regulatory diplomacy but through structural fit. These systems addressed a problem that turned out to be common across many financial systems: how to build interoperable, low-cost, heterogeneous digital infrastructure at scale. The solutions were adoptable because the problems were shared.

FREE-AI addresses a problem that is similarly common across the financial systems of South Asia, Southeast Asia, Sub-Saharan Africa, and the Gulf: how to govern AI deployed at rapidly inclusive scale, on mobile-first infrastructure, for populations whose trust in the financial system is still being earned, without letting governance become the thing that excludes the people it was meant to protect. The EU framework, designed for a different set of conditions, cannot fully address that problem, not because of any limitation in its drafting, but because it was written for a different reality.

The sophistication of FREE-AI's design reflects the accumulated institutional knowledge of the Indian administrative machinery, the same apparatus that delivered Jan Dhan, Aadhaar, UPI, Account Aggregator, ONDC, and the CBDC pilot in a decade. That institutional memory is, ultimately, the most transferable element of the framework. The central banks and financial regulators across South Asia, Southeast Asia, Sub-Saharan Africa, and the Gulf that are currently navigating their own AI governance decisions are not watching India out of diplomatic courtesy. They are watching because the problem FREE-AI was written to solve is their problem too.

Operational Realities: What Has Not Yet Happened

Five preconditions separate FREE-AI's design strengths from its operational success. The framework's intellectual architecture is established. Whether it functions as designed depends on conditions that, eight months after release, remain open.

Codification timing. FREE-AI is currently an advisory framework. Its provisions become binding only when codified into RBI Master Directions. Past timelines for similarly significant RBI frameworks suggest twelve to twenty-four months of consultation and drafting before binding effect. The article's comparison with the EU AI Act, which entered into force August 2024 with direct legal effect across twenty-seven member states, sits within that asymmetry. The intellectual comparison is fair. The legal comparison is not yet apples-to-apples.

Deployment evidence. Eight months into the framework's life, public data on actual implementation is thin. AI Innovation Sandbox participation rates are not published. No supervisory case has yet tested the tolerant stance under Recommendation 8 in a public forum. Affirmative action provisions under Recommendation 7 do not yet show measurable take-up among inclusion-focused fintechs. The framework is, on the evidence currently available, more visible in policy discussion than in deployed practice. This is normal for a framework in its first year. It means claims about FREE-AI's effectiveness must be calibrated to design intent rather than demonstrated outcomes.

Indigenous model capability. Recommendation 4's call for indigenous AI models in all Indian languages as public good is architecturally compelling and technically aspirational. Current state-of-the-art performance for finance-domain Hindi reasoning is around seventy-five percent on standard benchmarks. For rural Bengali, Marathi, Tamil, and Telugu credit decisioning at deployment quality, the capability does not yet exist at scale. Closing the gap requires sustained model development effort, vernacular financial corpora, and field-tested deployment beyond pilots. The framework correctly anticipates the need. The capability lags the policy by several years.

Affirmative action arbitrage. Recommendation 7's lowered compliance expectations for inclusion-focused AI create a regulatory virtue worth qualifying for. The provision is protective in intent and exploitable in design. Without explicit definitional guardrails on what counts as inclusion-focused, fintechs can structure their books to qualify for proportionality benefits while serving customers who would not have required the protection. Closure of this surface requires definitional precision the current framework does not yet supply.

Supervisory culture precondition. The tolerant supervisory stance assumes an inspection culture capable of distinguishing good-faith AI failure from negligence. Indian banking supervision has historically been rule-based and examiner-driven. Without parallel reform of supervisory training, incentive structures, and inspection methodology, Recommendation 8 risks dying on the inspection desk. This is not a flaw in the framework's design. It is the binding implementation constraint that will determine whether the framework operates as intended.

None of these realities undermines FREE-AI's structural achievement. They mark what the next eighteen months must demonstrate before the framework's design promise translates into operational reality.