IRSG advises EIOPA on AI governance and risk management
The European Insurance and Occupational Pensions Authority (EIOPA) has published the advice of the Insurance and Reinsurance Stakeholder Group (IRSG) on artificial intelligence (AI) governance and risk management in response to EIOPA’s Opinion. The advice emphasises that, although most AI systems used in the insurance sector are not classified as high-risk under EU Regulation (EU) 2024/1689 (the AI Act), advanced applications in core functions such as underwriting, pricing, and claims management may present risks that warrant targeted oversight. A risk‐based and proportionate approach is recommended given that the regulatory instruments—the Solvency II Directive (Directive 2009/138/EC), the Insurance Distribution Directive (Directive (EU) 2016/97), Regulation (EU) 2016/679 (the General Data Protection Regulation or GDPR), Regulation (EU) 2022/2554 (the Digital Operational Resilience Act or DORA), and the AI Act—collectively establish a supervisory framework. The advice also draws a distinction between insurers that develop AI systems and those that deploy third‐party solutions and calls for tailored measures in the areas of data governance, documentation, transparency, explainability, human oversight, and cybersecurity to correspond with the actual risk and impact involved.