The EU’s data and AI landscape for insurance: a work in progress

The insurance sector is approaching a data-driven evolution. Artificial Intelligence (AI) and advanced analytics have the potential to reshape business models, enhance customer experiences, and optimise risk management. From its inception, the industry has relied on record-keeping and statistical analysis to assess risk, price policies, and manage claims. The advent of digitalisation has exponentially expanded the volume, variety, and speed at which data is available.  Solvency II has already established a framework to supervise data use and IT risk management by insurers. The recent AI Act reinforces this existing practice, adding further requirements for high-risk AI applications.

EU regulations such as the GDPR and the Data Governance Act establish a foundational framework for data sharing, while FiDA specifically targets the financial sector, aiming to ease consumer access to and control over their data. The proposal aims to put consumers in the driver’s seat over what financial data to share, with whom and for what purpose. 

While the concept of data sharing is not new, FiDA is proposing to formalise and streamline this process. By establishing standardised protocols, FiDA could enable granular control and easy retrieval of consent by consumers of their data. This freedom to transfer data between different platforms and services will potentially break down data silos and empower consumers.  Meanwhile, leveraging richer datasets, insurers could develop more accurate risk assessments, which could lead to more tailored products and competitive pricing. Furthermore, the sector could gain deeper insights into consumer behaviour, preferences, and financial health through data-driven insights, thereby enhancing consumer experiences and streamlining operations. 

However, across the board challenges and risks remain. Data security and quality are paramount, as the aggregation of vast amounts of financial data could lead to breaches that undermine consumer trust.There is also a risk that products and services resulting from data shared and reused by third parties, such as insurance dashboards, may be incomplete and provide consumers with misleading information. 

Consumers are increasingly conscious of their data. Thus, safeguarding sensitive information, while demonstrating transparency and accountability, will be vital.  Not all data that insurers have can be disclosed and EIOPA is ready to help identify the insurance data that can be shared securely.  This clarity will ensure that FiDA fosters innovation without compromising consumer trust. 

Cyber risk is another critical issue, given the increased potential for attacks targeting sensitive financial information. Additionally, there is a risk of financial and digital exclusion, particularly for individuals without access to the necessary digital infrastructure or skills to participate fully. The increased data access granted to BigTechs under the proposal might stifle competition and raise privacy concerns, as these entities could potentially exploit their market dominance.

Finally, while the availability of more data allows for more precise risk assessments and individual pricing, it could contradict the principle of mutualisation, which is based on the pooling of risks. Mutualisation plays an important role in bolstering societal resilience as it spreads the risk of potential losses across a large group, making insurance more accessible and affordable, especially for those with higher risks or limited means. Mutualisation stabilises the insurance market while protecting individuals from the full impact of insured events. The more that data is used to differentiate, the less the risk is shared, and this could result in discriminatory pricing practices, disproportionately affecting vulnerable consumers. And although these challenges are not unique to FiDA, they could be accelerated if they are not tackled effectively.

It is important to embed the right consumer protection measures and supervision. While immediate priorities should be on the implementation of the AI Act and finalising FiDA, further consideration should be given to robust consumer protection measures and supervision to safeguard consumers’ best interests. To address potential risks, supervisory efforts could prioritise digital ethics and the prevention of dark patterns and biases. 

Therefore, while collectively the EU’s data and AI landscape provides a solid foundation for enabling data use and sharing in the insurance sector, the success of these initiatives will depend on their effective implementation and the prioritisation of key areas. Further considerations, including consumer protection, privacy, and security, will be essential to ensure that the operational conditions for data-driven innovation are in place. By addressing these priorities, the European insurance sector can harness the full potential of open finance and AI, driving innovation and delivering better outcomes for consumers and businesses alike. 

Thanks to Pascal Pfefferle and to Timothy Shakesby for their contribution to this article.