It's more that banks etc are special-cased in a lot of the law around this, which makes the Fed/ECB (more often national regulators aligned with these) really important in determining what they are and aren't allowed to do.

By definition lots of the use of AI in these companies is gonna require personal data/PII etc (particularly in KYC/compliance or general processing usecases) which means that there's a regulatory constraint.

I personally would've thought that said organisations and regulators would be massively opposed to this for privacy and risk reasons, which is why I think this won't happen.

Even the companies with less sensitive data are generally paranoid about service providers getting "their" (actually their customers) data.

> Are there any regulations covering what telemetry your service providers can keep?

In the EU, this should be proportionate and should avoid special categories of personal data (which FIs will have a lot of).