本文目前仅提供英文版本。
AI in EU Insurance: EIOPA Guidelines, Solvency II Implications, and the EU AI Act for Insurers
EIOPA's Consultative Expert Group on Digital Ethics published a report on AI Governance Principles in June 2021, and EIOPA itself published a formal Opinion on AI Governance and Risk Management in August 2025. Combined with Solvency II model risk obligations and the EU AI Act, EU insurers face a layered AI governance framework. Here is the complete picture.
Key Takeaways
EIOPA's framework for AI in insurance comprises two key documents: (1) the June 2021 report from EIOPA's Consultative Expert Group on Digital Ethics setting out six AI governance principles for the European insurance sector (non-binding, illustrative), and (2) EIOPA's August 2025 Opinion on AI Governance and Risk Management (EIOPA-BoS-25-360), addressed to national supervisors. Together they cover data governance, record-keeping, fairness, cyber security, explainability and human oversight.
Solvency II's ORSA (Own Risk and Solvency Assessment) framework requires insurers to assess risks from AI models in their risk management systems. AI model risk is now explicitly within scope of Solvency II risk governance expectations.
The EU AI Act classifies insurance AI used in life and health underwriting (affecting access to insurance and premium calculation) as high-risk AI under Annex III — triggering conformity assessment, technical documentation, human oversight, and transparency requirements from August 2027.
GDPR Article 22 applies to automated insurance decisions. Automated underwriting decisions that significantly affect an individual's access to insurance or premium must allow for human review and provide an explanation of the factors considered.
EIOPA has flagged proxy discrimination — where AI pricing models use variables (postcode, occupation, education) that correlate with protected characteristics — as a key supervisory concern. Insurers must audit AI models for proxy discrimination.
The Insurance Distribution Directive (IDD) requires that insurance recommendations be appropriate for the customer — AI-driven product recommendations must meet suitability requirements, and the AI's role must be disclosed.
"仅供参考。本文不构成法律、监管、财务或专业建议。如需具体指导,请咨询合格专家。"
EIOPA AI governance guidelines
The European Insurance and Occupational Pensions Authority (EIOPA) first addressed AI governance through a June 2021 report from its Consultative Expert Group on Digital Ethics, which set out six AI governance principles. EIOPA subsequently published a formal Opinion on AI Governance and Risk Management (EIOPA-BoS-25-360) on 6 August 2025, addressed to national supervisors. The Opinion follows a risk-based and proportionate approach and does not introduce new legal requirements — it provides guidance on how existing insurance-sector legislation (Solvency II, IDD) applies to AI systems.
The EIOPA guidelines cover six key areas: data and data governance (quality, representativeness, bias assessment in training data); model transparency (explainability of AI decisions to policyholders and supervisors); AI governance and risk management (board accountability, AI risk as a category of operational risk); human oversight (genuine oversight of AI decisions, particularly for consequential underwriting and claims decisions); non-discrimination (monitoring for proxy discrimination and demographic bias); and audit (independent review of AI systems).
National supervisors across EU member states are expected to apply the EIOPA guidelines as supervisory expectations — meaning insurers should treat them as regulatory requirements in practice, even though they are formally supervisory guidance rather than binding law.
Solvency II and AI model risk
Solvency II's system of governance requirements, including the ORSA, create obligations for insurers to identify and manage all material risks including those arising from their business models. AI model risk — the risk that AI models produce incorrect outputs, are used outside their validated scope, or fail in ways that affect the insurer's financial position or conduct — is now explicitly expected to be within scope of Solvency II risk governance.
Practically, this means: AI models used in pricing, underwriting, and reserving should be captured in the insurer's model inventory; material AI model failures should be reported in the ORSA; and the risk function should have visibility of AI model risk alongside traditional actuarial model risk. For life insurers using AI in mortality, morbidity, or persistency modelling, the intersection with actuarial professional obligations is particularly significant.
EU AI Act: insurance as high-risk AI
The EU AI Act's Annex III lists AI systems used in life and health insurance underwriting and pricing — specifically, AI that evaluates the credit standing of natural persons or establishes their credit score (which includes insurance risk scoring), and AI used to evaluate persons for access to essential services — as high-risk AI. This classification triggers the full suite of EU AI Act high-risk AI obligations from August 2027: conformity assessment, technical documentation, data governance requirements, human oversight design, accuracy and robustness requirements, and registration in the EU AI database.
For EU insurers with AI-driven underwriting, this is a significant compliance requirement. The technical documentation alone requires detailed explanation of the AI system's design, the training data used, testing conducted, limitations, and ongoing monitoring procedures. Conformity assessment may require involvement of a notified body depending on the system's risk classification.
Proxy discrimination: EIOPA's priority concern
EIOPA has specifically flagged proxy discrimination as a priority supervisory concern in insurance AI. Proxy discrimination occurs when an AI model uses variables that are technically neutral — postcode, occupation, education level, social media activity — but which are highly correlated with protected characteristics such as race, ethnicity, religion, or disability status, producing discriminatory outcomes without directly using protected characteristics as inputs.
Insurance has particular exposure to proxy discrimination because many traditional underwriting variables correlate with demographic characteristics. AI models, which can identify correlations in data that humans might not notice, can amplify these effects. EIOPA expects insurers to conduct bias audits that go beyond testing for direct discrimination to assess proxy discrimination — what indirect effects do model variables have on demographic groups?