As the EU AI Act has taken shape through multiple rounds of legislative fine tuning, the insurance sector has increasingly found itself under the microscope.
Significant progress has been made with the landmark bill in recent months, with leading European Parliamentary Committees adopting the act on 11 May 2023 ahead of the European Parliament vote on 14 June 2023, where it was passed by majority vote.
Since then, two Trilogues have been held in which three EU Institutions have begun to negotiate their positions. This signals the beginning of the concretisation of the rules and associated requirements of the Act.
These requirements have undergone significant changes since the first version was introduced by the European Commission, with EU member states proposing several compromise texts. The regulation of insurtech – technology used to drive innovation and automate processes in the insurance industry – has been a particular area of focus.
In this blog post, we outline how the requirements for AI in insurance have evolved and what this means for insurance providers using AI in their business.
Key takeaways:
With its risk-based approach, the EU AI Act imposes obligations that are proportionate to the risk posed by the system, where a high-risk AI system must comply with the most stringent obligations. However, in the initial text proposed by the European Commission in April 2021, there is no mention of insurance practices, other than the fact that notified bodies should take out appropriate liability insurance for conformity assessments, meaning that the use of AI in insurance practices would not be subject to the requirements of high-risk systems and instead would likely only be subject to other requirements such as transparency.
It did not take long for the AI Act to zero in on insurtech. The Compromise Text of the Slovenian Presidency added insurance as a high-risk application of AI when published in November 2021, inserting it into Annex III – which lists high-risk applications of AI – under systems used to determine the access to and enjoyment of private and public services and benefits. Here, the Presidency added that AI systems used for insurance premium setting, underwritings, and claims assessments were to be considered high risk, regardless of the type of insurance they were being used in.
In January 2022, the European Parliament’s Committee on the Environment, Public Health and Food Safety published a draft opinion piece, which proposed that AI systems used in health, healthcare, long-term care, and health insurance that are not already covered by Regulation (EU) 2017/745 – which regulates medical devices – should be considered high-risk. This would include systems that have a direct or indirect effect on health or use sensitive data, as well as AI-driven administrative or management systems used in healthcare settings and by health insurance providers if they process sensitive health data.
Following this, the Committee on Legal Affairs published a draft opinion in March 2022, building on the Slovenian Presidency’s approach. Here, AI systems used to assess insurance premiums and claims or insurance risk would be considered high-risk. Also in March 2022, the Committee on Industry, Research and Energy took a similar approach, but targeted only AI systems used to determine insurance premiums.
However, the focus for insurance practices was narrowed in the April 2022 draft report by the Committee on the Internal Market and Consumer Protection and Committee on Civil Liberties, Justice and Home Affairs, with only AI systems used to make or assist decisions about eligibility for health and life insurance considered high-risk, with no mention of underwriting or premium setting. This position changed again in June 2022 with the publication of a subsequent draft report which proposed that AI systems used for the assessment of insurance risk, to determine insurance premiums, to set premiums, or conduct underwriting or claims assessment be considered high-risk, with the exception of AI systems used in relation to low-value property insurance. The proposal also recommended that AI systems used in health insurance processes be considered high-risk, widening the previously narrowed scope.
Having previously removed any provisions relating to insurance or insurtech, the Czech Presidency re-added insurance to the list of high-risk use cases in its fourth presidency text, published in October 2022. In this text, it was proposed that AI systems used in the risk assessment and pricing of health and life insurance products, except systems put into service by SMEs, would be considered high-risk. This position was held for the Czech Presidency’s Preparation for Coreper text, Draft General Approach, and Adopted General Approach, all released in November 2022.
After the extensive consultation period, the European Parliament voted on an amended text in June 2023, which refocused efforts to regulate insurance on AI systems used to make or influence decisions about eligibility for health and life insurance.
While the exact insurance practices and insurance types that are considered high-risk applications of AI are still up for debate and may evolve as Trilogues continue, it is clear that at least some insurance practices and forms of insurtech will be considered high-risk under the AI act and consequently will have to comply with the most stringent obligations.
Although obligations can vary by the type of entity, there are, in general, seven requirements for high-risk systems outlined in Articles 9 to 15:
The implementation of the final version of the EU AI Act is on the horizon – and that means the insurance sector, and insurtech companies in particular, will soon have to adapt to a dramatic new legislative paradigm. With a maximum fine of 40 million euros or 7% of global turnover outlined in the latest version of the Act, non-compliance is not an option for those using AI in their operations.
Holistic AI are governance, risk and compliance experts, and we are here to help you prepare early. Learn how.
DISCLAIMER: This blog article is for informational purposes only. This blog article is not intended to, and does not, provide legal advice or a legal opinion. It is not a do-it-yourself guide to resolving legal issues or handling litigation. This blog article is not a substitute for experienced legal counsel and does not provide legal advice regarding any situation or employer.
Schedule a call with one of our experts
DISCLAIMER: The information provided on this website does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only. Information on this website may not constitute the most up-to-date legal or other information. This website contains links to other third-party websites. Such links are only for the convenience of the reader, user or browser; Holistic AI does not recommend or endorse the contents of the third-party sites.
Readers of this website should contact their attorney to obtain advice with respect to any particular legal matter. No reader, user, or browser of this site should act or refrain from acting on the basis of information on this site without first seeking legal advice from counsel in the relevant jurisdiction. Only your individual attorney can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client relationship between the reader, user, or browser and website authors, contributors, contributing law firms, or committee members and their respective employers.
The views expressed at, or through, this site are those of the individual authors writing in their individual capacities only – not those of their respective employers, Holistic AI, or committee/task force as a whole. All liability with respect to actions taken or not taken based on the contents of this site are hereby expressly disclaimed. The content on this posting is provided "as is;" no representations are made that the content is error-free.
