Insurers and brokers will have to carefully manage their artificial intelligence (AI) usage to ensure that they do not move from the AI deployer category to the category of AI providers – which carries greater regulatory burdens, according to Stephen D’Ardis of counsel at Arthur Cox.
D’Ardis (pictured) was speaking on EU IPMI upcoming regulations in Europe and how they will affect the IPMI market. That includes the AI Act and the European Health Data Space Regulation, which will impact the use of AI in insurance and governance requirements.
The EU’s Artificial Intelligence (AI) Act, will categorise the use of AI for life and health insurance pricing and risk assessment as high risk.
The act entered into force in August phases from August 2024 and for high risk AI systems it will enter into force in August 2027.
D’Ardis said the five categories of AI systems are:
- Prohibited – unacceptable risk
- High risk – risk to safety/fundamental rights
- General purpose – wide range of tasks
- Limited risk – chatbots
- Minimal risk – spam filters
D’Ardis said: “The key point is that the use of AI systems for risk assessment of pricing them in relation to natural persons for life and health insurance is considered high risk under the AI Act.”
There are two main categories under the act – deployers and providers – and the level of regulations applied to each differs.
He added: “Insurers and brokers are much more likely to be deployers under the AI Act. But it’s worth being aware that if a deployer makes substantial modifications to a high-risk AI system, it could become a provider and therefore be subject to additional obligations.”
He said: “For the AI Act, I think you need to understand where and how AI systems are being used in your organisation – and you should keep an inventory.”
He noted that can be difficult, but added “nevertheless – the more you can measure it the more you can manage it.
European Health Data Space
Another issue is how data is handled under the European Health Data Space (EHDS) Regulation.
D’Ardis said the EHDS guides individual control over health data and could significantly impact insurers’ access to medical information. That could affect the use of wearable devices such as Fit Bits or Garmins.
While primary use of health data (like healthcare provision) is allowed, secondary use—such as using data to assess risk or determine premiums—faces tight restrictions.
As a result, health insurers may struggle to use wearable or app-based data unless it comes directly from consumers with consent, raising concerns over future insurability and pricing models
D’Ardis said the EHDS: “would seem to limit the use of health data and wellness apps in a way that the insurance industry is using at the moment, particularly where too much data about individual behaviour is being gathered by insurers.”
But he added: “the intention at the European level is not clear, and this is something that one often sees in European legislation.”