26 May 2026 AI in Islamic finance

Sharia + AI: use boundaries in Islamic finance

Context: why this matters now

Large-scale Islamic banks in the Gulf — the tier of Al Rajhi Bank, Dukhan Bank, ADIB, Boubyan Bank, and peers¹ — are adopting AI quickly in the 2026 decade: credit scoring, fraud detection, digital banking assistants, document generation, predictive analytics. But every new product enters a funnel that does not exist in conventional banks: sharia board review.

This is not a “ceremonial” review. The board may reject. It may demand fundamental redesign. It may impose explainability conditions on a model that does not explain easily. Anyone building AI for an Islamic bank without understanding these boundaries loses months — or wraps up a product the bank cannot launch.

A note: I am not a sharia scholar. This post is operational notes drawn from readings and conversations with practicing sharia advisors. The final decision in each case belongs to a sharia board accredited at the financial institution. Read this as a map of what to ask, not as a fatwa.

Sharia board approval for AI products

Every large Islamic bank has an internal sharia board (typically 3-7 scholars) that meets periodically (monthly or quarterly) and reviews new products, contracts, and policies. An AI product practically follows a path:

Product presentation to the board — technical document + expected use + training data + risk framework
Board questions — clarification of how the model makes its decision, how it handles errors, how the customer is respected
Submission of a monitoring framework — who monitors model performance, how drift is detected
Written sign-off — with conditions (e.g., “approved for individual consumer credit scoring, not approved for interest-linked products”)

Typical approval timeline: 3-9 months, depending on product complexity and the board’s familiarity with the technology. Technical teams that assume rapid approval often fail.

AAOIFI standards on technology adoption

The Accounting and Auditing Organization for Islamic Financial Institutions (AAOIFI) issues governing sharia standards. In particular:

Sharia Standard 38 (Online Financial Dealings)² — sets a framework for electronically executed contracts, authorization, and verification
Governance Standard 8 (Central Shari’ah Board)³ — defines the role, scope, and composition of national-level Central Shari’ah Boards established by regulators (e.g., Bank Negara Malaysia’s SAC, SAMA’s Shariah committee). Institution-level Shariah Supervisory Boards inside individual banks — the bodies that actually review and approve new products, including AI-enabled offerings — are governed primarily by GSIFI 1 and GSIFI 2

Banks deploying AI in the absence of an AAOIFI standard specific to AI typically follow general AAOIFI principles plus their own sharia board’s interpretations. Read solutions for banking for depth.

Gharar: low explainability in language models

Gharar (unacceptable ambiguity in a contract or decision) is a foundational sharia concept. A seller who does not know what he is selling — gharar. Insurance without clarity on what is covered — potential gharar.

A large language model making a credit decision without the ability to explain its drivers raises a legitimate gharar question: does the customer (and the bank) understand the basis of a rejection? Can the sharia board verify the decision is free of prohibited bias (such as discrimination by gender, race, sect, or by features that fail the Islamic fairness test)?

Trends we are seeing in 2026:

Consequential decisions (credit scoring, gating, verification) — boards demand clear explainability (SHAP, LIME, human-readable rules). Black-box models are rarely approved without an explanation layer.
Auxiliary decisions (customer routing, document classification, initial fraud detection) — boards are more flexible, especially if a human decision comes after.
Generative decisions (banking assistant answering questions) — require strong guardrails, content filters, disclaimers, and human intervention on fiqh topics.

Riba: feature engineering constraints in credit scoring

Riba (interest) is prohibited. An Islamic bank does not lend at interest — it uses murabaha (cost-plus purchase), ijara (leasing), musharaka (profit-sharing), and mudaraba (capital-source partnership) structures.

This imposes constraints on the credit-scoring model:

Features linked to prior interest activity — history of interest paid, conventional credit card interest usage, riba-bearing personal loan balance — may be available in the data, but using them as a predictive feature may be problematic in fiqh (the model relies on prohibited activity to make a permissible decision)
New product structures — each murabaha product is bespoke with different terms. The model needs to understand the difference between car purchase, real estate, and commodity, because the bank’s profitability differs
Default prediction with sharia-compliant rescheduling options — default in a murabaha contract opens limited sharia options (no interest may be charged on late payment). An expected-loss model has to reflect this

Follow AML solutions for banks for operating frameworks.

Sharia RegTech

A new layer of sharia compliance technology is growing:

Use case	Description	2026 adoption status
Sharia transaction screening	Detecting transactions with non-permissible counterparties (alcohol, gambling, weapons, pork companies)	Mature
Debt-ratio screening (equity sharia screening)	Applying AAOIFI ratio thresholds to investable companies	Mature
Sukuk monitoring	Tracking post-issuance sharia compliance of sukuk (asset-conversion risk, redemption events)	Mature
Murabaha and ijara contract generation	LLM drafting standard contract templates	Early
Historical fatwa analysis	Arabic NLP over historical fatwa corpora to support advisory	Early, sensitive
Adjudication surface for black-box decisions	Explanation layer on top of model decisions for sharia board review	Growing

These are real AI opportunities, because each requires data labeled with Arabic sharia context. A general model does not understand that “alcohol” may be an acceptable — and sometimes mandatory — medical ingredient in certain medical situations, or that “weapons” may be permissible defense commerce. Sharia-aware annotation is decisive.

Generative fatwa risk from LLMs

This is one of the most sensitive topics in 2026. An LLM answering a fiqh question — is this acceptable?

Position of Egypt’s Dar al-Ifta — issued a formal fatwa in December 2025 (Fatwa #22255) cautioning against reliance on AI applications for fatwa, followed by a January 2026 ruling specifically addressing AI tools for Quranic interpretation.⁴ A fatwa requires a qualified mujtahid, not a model.

For Islamic banks this means: a banking assistant answering account balance and transaction questions — acceptable. A banking assistant answering “is this product halal?” — requires a sharia board sign-off on the specific logic, or it must be routed to a human advisor.

Acceptable vs problematic use cases

Operational examples, presented as a starting point for discussion with a sharia board:

Use case	Initial assessment	Note
OCR on loan documents	Acceptable	No ruling decision, only text extraction
Transaction classification for accounting	Acceptable	Administrative operation, interpretable model
Fraud detection (alerts human for review)	Acceptable	Human takes the final decision
Product recommendation (with explanation)	Acceptable with conditions	Features must be transparent, no discrimination, board sign-off
Automated credit scoring with explanation	Acceptable with conditions	Explainability required, feature governance, sign-off
Black-box credit scoring	Problematic	Potential gharar, redesign with explanation layer
Model using riba interest history as a feature	Problematic	Requires explicit fatwa
Banking assistant answering product questions	Acceptable with conditions	Fiqh guardrails, disclaimer
LLM drafting a murabaha contract template	Acceptable with conditions	Human legal + sharia review mandatory
Assistant writing a response that includes a fiqh ruling	Problematic	Refer to a consultant, do not generate
LLM generating a fatwa	Not acceptable	No accreditation, risk to bank and customer
Automated sukuk trading intervention	Acceptable with conditions	Must screen sukuk compliance, risk limits
Trading prohibited assets	Not acceptable	Regardless of technology

Technical compliance: PDPL + sovereign + sharia together

Islamic banks in Saudi Arabia combine three layers of compliance:

PDPL — Personal Data Protection Law (in force September 2023; fully enforceable September 2024), with data residency requirements and cross-border transfer restrictions for restricted categories⁵
SAMA — Saudi Central Bank Cyber Security Framework and technology risk management requirements⁶
Sharia — bank’s sharia board + AAOIFI standards

An AI deployment that complies with PDPL and SAMA but fails on sharia = not launchable. And vice versa. All three are mandatory requirements, not preferences. Read PDPL compliance.

What Annota8 does

We do not issue sharia rulings. We support Islamic bank customers with a workforce layer that includes:

Annotators in Arabic MSA, Gulf, and Egyptian dialects with background in Islamic banking products
Sharia consultants on an advisory tier (paid hourly, on demand) for edge-case labeling (e.g., classifying a transaction as “sharia-compliant / non-compliant / needs review”)
Data governance framework supporting PDPL and SAMA requirements
Sovereign-tenant deployment (platform + data in the Saudi customer’s cloud account)
Complete audit trails for what needs to be reviewed by the sharia board

The fiqh decision remains with the bank’s sharia board. We build the infrastructure that makes their decision safe and well-informed. Browse workforce tiers for details.

What this means for the buyer

Start with the sharia board conversation before choosing an AI vendor, not after
Ask the board about specific explainability requirements before deployment
Avoid black-box models for consequential decisions (credit, rejection, pricing)
Build an adjudication surface that routes fiqh cases to humans, not LLMs
Place strong guardrails on any customer-facing generative assistant, especially around fiqh content
Demand AAOIFI-required documentation from the vendor before signing

Discuss your Islamic banking workload → 30-min session Read solutions for banking

References

Global Finance, “World’s Best Islamic Financial Institutions 2024” — https://gfmag.com/banking/worlds-best-islamic-financial-institutions-2024/ ; TABInsights, “Largest Islamic Banks” — https://tabinsights.com/ab100/largest-islamic-banks ↩
AAOIFI, “SS (38) Online Financial Dealings” (official Shari’ah Standard title) — https://aaoifi.com/ss-38-online-financial-dealings/?lang=en ↩
AAOIFI, “AAOIFI introduces its 100th standard as Governance Standard No. 8 — Central Shari’ah Board” (official announcement, scope = national-level CSBs established by regulators) — https://aaoifi.com/announcement/aaoifi-introduces-its-100th-standard-as-governance-standard-no-8-central-shariah-board-has-been-officially-issued/?lang=en ; AAOIFI, “GSIFI 8 Central Shari’ah Board” — https://aaoifi.com/gsifi-8-central-shariah-board/?lang=en ↩
Dar al-Ifta al-Misriyyah, “Using AI applications to obtain fatwas” (Fatwa #22255, 2 December 2025) — https://www.dar-alifta.org/en/fatwa/details/22255/using-ai-applications-to-obtain-fatwas ; iAfrica, “Egypt’s Dar al-Ifta bans use of AI tools like ChatGPT for interpreting the Quran” (January 2026) — https://iafrica.com/egypts-dar-al-ifta-bans-use-of-ai-tools-like-chatgpt-for-interpreting-the-quran/ ↩
Morgan Lewis, “Saudi Arabia Personal Data Protection Law Transition Period Ends September 14, 2024” — https://www.morganlewis.com/pubs/2024/09/saudi-arabia-personal-data-protection-law-transition-period-ends-september-14 ; Akin Gump, “Kingdom of Saudi Arabia Approves Amendments to Personal Data Protection Law” — https://www.akingump.com/en/insights/alerts/kingdom-of-saudi-arabia-approves-amendments-to-personal-data-protection-law-and-confirms-september-2023-effective-date ↩
SAMA, “Cyber Security Framework” (official PDF) — https://www.sama.gov.sa/en-US/RulesInstructions/CyberSecurity/Cyber%20Security%20Framework.pdf ; SAMA Rulebook, “Cyber Security Framework” — https://rulebook.sama.gov.sa/en/cyber-security-framework-3 ↩

Limitations & disclaimer

Limitations of this analysis. This post reflects Annota8's reading of publicly available evidence as of its last-modified date. Vendor positioning, regulatory frameworks, benchmark numbers, and program scope can change without notice. Where numeric ranges are cited, those numbers are reproducible from the source linked in the post's References section — Annota8 has not independently re-run the benchmarks unless explicitly stated in the post.

Privacy & legal posture. Annota8 is an early-stage AI data operations company in soft launch. We do not currently hold SOC 2, ISO 27001, PDPL certification, or any other third-party security or privacy certification. We design with PDPL principles in mind and can sign a DPA modelled on the EU SCC template. Specific compliance posture for your engagement is available on request from [email protected].

Nothing in this post is legal, tax, or investment advice. Regulatory citations should be verified with counsel in your jurisdiction. Vendor names mentioned in this post are referenced as industry-landscape context only — Annota8 is not asserting a comparative product claim, a customer relationship, or any other affiliation with any platform named, unless that affiliation is explicitly stated.

Reach the team:[email protected] · annota8.ai