Skip to main content
|

Add a bookmark to get started

Bookmarks info
18 March 20253 minute read

EIOPA launches public consultation on AI governance and risk management in the insurance sector

Written by:Giacomo Lusardi

The European Insurance and Occupational Pensions Authority (EIOPA) has launched a public consultation on its opinion on AI governance and risk management in the insurance sector. The consultation is open until 12 May 2025 and gives stakeholders an opportunity to help shape regulatory expectations in this rapidly evolving area.

 

Context and legal basis

EIOPA’s opinion is based on its mandate under Regulation (EU) No 1094/2010, which aims to promote a harmonized supervisory culture across the EU. It’s also consistent with Directive (EU) 2016/97 (Insurance Distribution Directive), Directive 2009/138/EC (Solvency II Directive) and Regulation (EU) 2022/2554 (Digital Operational Resilience Act – DORA).

The opinion provides guidance on AI governance, complementing the AI Act (Regulation (EU) 2024/1689), which establishes a risk-based approach to AI regulation across industries.

 

Scope and objectives

AI is increasingly being integrated across the insurance value chain, offering benefits such as improved risk assessment, automated claims handling and fraud detection. But AI also poses risks, including bias, lack of accountability and governance challenges.

The AI Act classifies certain AI applications in insurance as high-risk, particularly those related to risk assessment and pricing in life and health insurance. These systems are subject to strict governance and risk management requirements. EIOPA’s opinion focuses on AI applications in insurance that aren’t classified as high-risk or prohibited by the AI Act. It aims to clarify how existing insurance legislation applies to them.

 

Key principles for AI governance and risk management

EIOPA’s opinion adopts a principle-based approach, ensuring consistency with existing sectoral regulations. It outlines eight key governance and risk management areas:

Risk-based approach and proportionality:

  • Insurers have to assess the risks associated with AI use cases and implement proportionate governance measures.
  • Criteria such as data sensitivity, level of automation and potential impact on consumers should be considered.

Risk Management System:

  • AI systems need to be integrated into an insurer’s broader governance framework.
  • Policies should address fairness, data governance, transparency and cybersecurity.

Fairness and ethics:

  • AI models should avoid bias and discrimination.
  • Consumer-centric AI practices should be embedded throughout the insurance value chain.
  • AI-driven decisions that affect customers should be explainable and contestable.

Data governance:

  • Data used in AI models must be accurate, complete and representative.
  • Bias mitigation techniques should be applied to training and operational data sets.

Transparency and Explainability:

  • Customers need to be informed when interacting with AI.
  • AI-driven decisions should be understandable and, where necessary, supplemented by human oversight.

Human oversight:

  • AI systems should be subject to human oversight and intervention where appropriate.
  • Accountability frameworks should define the roles of senior management, compliance teams and data protection officers.

Documentation and record keeping:

  • Insurers have to maintain clear records of AI models, including training data, methodologies, and decision-making rationales.
  • Proper documentation ensures transparency, facilitates audits, and supports regulatory compliance.

Accuracy, robustness, and cybersecurity:

  • AI models should be designed to maintain high levels of accuracy and reliability across their lifecycle.
  • Adequate cybersecurity measures must be in place to safeguard AI systems against data breaches, adversarial attacks, and manipulation.

 

Next steps and industry involvement

EIOPA invites stakeholders, including insurers, regulators and consumer organizations, to provide feedback via the EU Survey platform by 12 May 2025. Following the consultation, EIOPA will assess the contributions, refine its opinion and publish a final version incorporating stakeholder perspectives. EIOPA also plans to monitor AI adoption trends in the insurance sector and assess regulatory convergence across EU member states.

Print

Related capabilities

Insurance
Legal noticesPrivacy policyCookie policyModern slaveryFraud AlertSitemap

DLA Piper is a global law firm operating through various separate and distinct legal entities. For further information about these entities and DLA Piper's structure, please refer to the Legal Notices page of this website. All rights reserved. Attorney advertising.

© 2025 DLA Piper