The European Insurance and Occupational Pensions Authority (EIOPA) launched a consultation today on its Opinion on Artificial Intelligence governance and risk management, which provides supervisors and insurance undertakings guidance on how to interpret and implement insurance sector provisions in light of the use of AI systems in insurance.
EIOPA’s opinion provides further clarity on the main principles and requirements foreseen in insurance sectoral legislation that should be considered in relation to the use of AI systems. It applies to those AI systems that are not considered as prohibited AI practices or high-risk under the AI Act. Although insurance legislation applies to all AI systems used in insurance, to avoid regulatory complexities and overlaps the scope of this Opinion does not cover prohibited AI practices or high-risk AI systems under the AI Act. It is based on the principle of proportionality and follows a principle-based approach, ensuring that it is sufficiently flexible to adapt to market and technological developments over time.
The Opinion is in line with the underlying principles and requirements of the AI Act and other international initiatives in this area such as those by the Organisation for Economic Co-operation and Development (OECD), the G20, or the International Association of Insurance Supervisors (IAIS), thereby supporting a harmonized approach.
The Opinion sets high-level supervisory expectations towards the governance and risk-management principles that insurance undertakings should apply to ensure a responsible use of AI systems adapted to specific use cases. These principles, among others, include:
- applying a risk-based and proportional approach throughout the AI systems lifecycle,
- acting based on fairness and ethical principles, in the best interest of consumers,
- clearly defining the roles and responsibilities of relevant staff,
- being able to meaningfully explain the outcomes of AI systems,
- implementing sound data governance policies, and
- maintaining adequate and orderly documentation and records.
Consultation process
Stakeholders are invited to provide comments on the Consultation Paper and the Impact Assessment of EIOPA’s Opinion on AI governance and risk management by responding to the questions via the online survey. The deadline for the submission of comments 12 May 2025.
Learn more and respond to the consultation
Background
The Regulation (EU) 2024/1689 (the AI Act) was published in the Official Journal of the European Union in July 2024. The AI Act applies to all sectors of the economy and aims at ensuring a high level of protection for fundamental rights, health, and safety.
The AI Act classifies AI systems into four categories according to their risk level: prohibited, high risk, limited and minimal risk. While the AI Act defines a comprehensive set of governance and risk management measures that high-risk systems need to comply with, alongside the requirements already in place under sectoral legislation,
AI systems classified as having limited and minimal risk under the AI Act continue to operate without additional measures under the AI Act, except for a set of transparency rules, the need to promote AI literacy among staff, and the development of voluntary codes of conduct. The use of such AI systems by insurance undertakings and intermediaries are subject however to governance and risk management rules set out in sectoral legislation.