EU AI Act: A Watershed Moment for AI Regulation

The EU AI Act was officially published by the European Commission in July 2024 after months of development. It is the first legislation aimed at regulating the development and use of AI across industries, with the goal of protecting the fundamental rights of citizens, writes Vlad Flamind, Lead Data Consultant, Zühlke

What is the impact on insurance use cases?

The AI Act has significant implications for the insurance industry, with use cases classified based on their risk level. Restriction and requirements are applied to insurers according to the assigned risk rating:

Minimal risk: This includes use cases where AI has a limited role in decision making, such as document classification or search engines. They come with no specific requirements.

Limited risk: includes customer chatbots or fraud detection AIs. For these, insurers need to ensure that interactions are documented and that decisions can be explained to users and regulators. Users also need to be informed that AI is being used.

High risk: This includes many of the core insurance use cases such as underwriting and pricing for life & health, claims processing, training, and recruitment. To comply, insurers must first adapt their risk and quality management processes. They need to ensure human supervision to address any malfunctions and document AI development and operations to prove compliance to the authorities. In parallel, they must implement specific scientific and technological measures to ensure AI robustness, security, and comprehensibility.

Unacceptable risk: This includes certain forms of social scoring and the use of sensitive biometric data. These use cases are entirely prohibited.

In addition to this straightforward classification, insurance executives must also grasp the nuances of the AI Act.

Complex use cases. The EU AI Act defines boundaries based on markets, (life and health vs. property), functions (fraud vs. underwriting) or data (biometrics vs. financial). When use cases span these criteria, the highest risk rating applies. For example, using voice recognition to combat fraud would be considered high risk, as biometric data (voice) falls into this category.
Large Language Models. These fall into the category of general-purpose AI systems with specific requirements. However, most insurers will rely on existing third-party models (e.g., OpenAI’s chatGPT), with the responsibility for compliance resting solely on the model developers. This will only impact insurers’ AI procurement and partner due diligence processes.
Link with other regulation. The EU AI Act requirements come on top of existing regulations such as Solvency II, DORA, CPC, IAF, or GDPR. However, there will often be overlaps, meaning some requirements may already be fulfilled under these existing frameworks.
Non-European insurers. The EU AI Act has extraterritorial reach, meaning that any AI sold in Europe or impacting EU citizens will be subject to its regulations, regardless of the insurer’s country of origin.

Keys for success

As the Act comes into force, insurance companies will need to implement systematic reviews of their AI portfolio, including current and future use cases. These reviews should highlight potential compliance gaps and lead to the implementation of corrective measure if necessary. To succeed in this endeavour, insurance executives can follow the following advice:

Build a multidisciplinary AI governance team, covering business, compliance, data, AI, and IT experts. Be sure to include legal experts in the team, as legislative grey areas still exist in certain sections of the AI Act. For example, AI-assisted underwriting is allowed, unless behavioural or socio-economic data is used in an “unjustified or disproportionate” manner, which leaves considerable room for legal interpretation.
Upskill your data science and engineering teams. Building compliant AI systems requires mastery of an emerging array of tools and techniques. Data scientists can now reveal the workings of models previously considered black box. Similarly, in cybersecurity, new threats such as inversion or evasion attacks require new measures to protect sensitive data and ensure model reliability.
Use standards as guides to compliance. The European Commission is set to publish a list of standards that will provide clear guidelines for compliance requirements. Companies adhering to these standards will be presumed compliant with the EU AI Act. ISO 42001 is considered the most likely candidate to cover AI governance requirements related to risk and quality management.

Value beyond compliance

The EU AI Act introduces a set of requirements and constraints for insurers, but it should not be perceived as merely a compliance exercise. In fact, the standards proposed by the Act can help insurers secure the sometimes-elusive ROI.

On one hand, they promote trust and market adoption through transparency; on other, they provide guidelines for enhancing reliability and performance with AI technology. In a nutshell, the AI Act can serve as a template for using AI responsibly and profitably in the insurance industry.

About the author: Vlad Flamind is a Lead Data Consultant for Zühlke – a global technology consultancy firm that specialises in helping businesses innovate and transform. He helps organisations build winning Data/AI Strategy, develop responsible AIs and implement effective data management and governance.

Share this article:

APPLY TO SPONSOR

Gain access to the most senior audience of insurance executives, entrepreneurs, and investors. We offer a wide range of opportunities for you to engage with our attendees from networking to thought leadership.

Sponsorship packages provide a wide range of opportunities developed for almost any budget and are designed to help achieve your branding, networking, and/or thought leadership goals.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

EU AI Act: A Watershed Moment for AI Regulation

EU AI Act: A Watershed Moment for AI Regulation

Follow us:

What is the impact on insurance use cases?

Keys for success

Value beyond compliance

APPLY TO SPONSOR

Don’t Stop Here

CONTINUE READING

GreenieRE and UCS Launch Renewable Energy Surety Program to Accelerate Clean Infrastructure Development

Lockton Names Naji Abboud as Senior Executive Officer for DIFC Branch

Allianz X Leads Strategic Investment in Coterie Insurance, Expands Reinsurance Partnership

Accelerant Partners with AF Specialty to Expand Capacity on Risk Exchange

Broadstone Appoints Cormac Bradley as Senior Actuarial Director to Bolster Non-Life Insurance Expertise

ZestyAI Introduces Mitigation-Aware Scoring for Severe Convective Storm Risk

JOIN OUR 3 CONFERENCES GLOBALLY

SIGN UP FOR WEEKLY INSIGHTS

Play Solitaire

Insurtech Insights Europe 2026