{"id":6060,"date":"2025-08-25T00:00:00","date_gmt":"2025-08-24T22:00:00","guid":{"rendered":"http:\/\/becobra.be\/eopa-opinion-on-artificial-intelligence-ai-governance-and-risk-management\/"},"modified":"2026-03-27T15:22:01","modified_gmt":"2026-03-27T14:22:01","slug":"eopa-opinion-on-artificial-intelligence-ai-governance-and-risk-management","status":"publish","type":"post","link":"https:\/\/becobra.be\/en\/eopa-opinion-on-artificial-intelligence-ai-governance-and-risk-management\/","title":{"rendered":"EOPA &#8211; Opinion on Artificial Intelligence (AI) Governance and Risk Management"},"content":{"rendered":"\n<p>On 6 August 2025, the European Insurance and Occupational Pensions Authority (EIOPA) published its Opinion on Artificial Intelligence (AI) Governance and Risk Management, accompanied by an Impact Assessment (both attached). The Impact Assessment explains EIOPA\u2019s reasoning for issuing the Opinion, but does not create additional obligations for undertakings.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1. <strong>The AI Act \u2013 quick reminder<\/strong><\/h2>\n\n\n\n<p>The AI Act (EU 2024\/1689) applies to all sectors, including insurance. It classifies AI systems into:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Prohibited<\/li>\n\n\n\n<li>High-risk<\/li>\n\n\n\n<li>Limited risk<\/li>\n\n\n\n<li>Minimal risk<\/li>\n<\/ul>\n\n\n\n<p>AI systems are broadly defined as machine-based systems that infer from data to generate outputs (predictions, recommendations, decisions, content) that can influence physical or virtual environments.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">2. <strong>Why this Opinion?<\/strong><\/h2>\n\n\n\n<p>EIOPA\u2019s Opinions aim to ensure consistent supervisory practices across the EU. This one clarifies how existing IDD, Solvency II and DORA requirements apply to AI systems in insurance that are not classified as prohibited or high-risk under the AI Act.<\/p>\n\n\n\n<p>The Opinion covers insurance undertakings (both insurers and intermediaries) insofar as they use AI systems in the insurance value chain. The focus is mainly on insurers, but intermediaries are explicitly included.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">3. <strong>Start with a risk assessment<\/strong><\/h2>\n\n\n\n<p>EIOPA stresses that undertakings \u2013 including intermediaries \u2013 must first perform a risk assessment of every AI system they use. This should consider:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>the type and sensitivity of data,<\/li>\n\n\n\n<li>the scale of processing and number of customers impacted,<\/li>\n\n\n\n<li>whether vulnerable groups may be affected,<\/li>\n\n\n\n<li>the importance of the AI use for financial inclusion.<\/li>\n<\/ul>\n\n\n\n<p>Based on this assessment, proportionate governance and risk management measures should be put in place.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">4. <strong>Governance expectations<\/strong><\/h2>\n\n\n\n<p>The Opinion sets out supervisory expectations across six key areas:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Fairness &amp; ethics \u2013 customer-centric, avoid bias<\/li>\n\n\n\n<li>Data governance \u2013 complete, accurate, appropriate data<\/li>\n\n\n\n<li>Documentation &amp; record-keeping \u2013 ensure reproducibility and traceability<\/li>\n\n\n\n<li>Transparency &amp; explainability \u2013 clear, non-technical explanations for customers; intermediaries should be informed when insurers use AI<\/li>\n\n\n\n<li>Human oversight \u2013 clear roles, escalation procedures, staff training<\/li>\n\n\n\n<li>Accuracy, robustness &amp; cybersecurity \u2013 monitor performance, guard against errors and attacks<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">5. Next steps<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>EIOPA: will review supervisory convergence in two years, and may issue more detailed guidance on specific AI use cases.<\/li>\n\n\n\n<li>BIPAR: has asked DLA Piper to prepare template policy wording for members on how to set up an AI use policy, reflecting EIOPA\u2019s expectations. This will be shared with you once available.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Takeaway for intermediaries<\/strong><\/h2>\n\n\n\n<p>Even if you don\u2019t develop AI yourself, using AI-powered tools makes you responsible for governance, documentation, oversight and transparency. The proportionality principle applies \u2014 but the starting point is always a risk assessment of each AI system you deploy.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>On 6 August 2025, the European Insurance and Occupational Pensions Authority (EIOPA) published its Opinion on Artificial Intelligence (AI) Governance and Risk Management, accompanied by an Impact Assessment (both attached). The Impact Assessment explains EIOPA\u2019s reasoning for issuing the Opinion, but does not create additional obligations for undertakings. 1. The AI Act \u2013 quick reminder [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":7481,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[42,44,50],"tags":[83,91],"rol":[81],"class_list":["post-6060","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-european-dossiers","category-legal-affairs-and-compliance","category-systems-and-operations","tag-private","tag-slotje","rol-standaard-lid"],"acf":[],"_links":{"self":[{"href":"https:\/\/becobra.be\/en\/wp-json\/wp\/v2\/posts\/6060","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/becobra.be\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/becobra.be\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/becobra.be\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/becobra.be\/en\/wp-json\/wp\/v2\/comments?post=6060"}],"version-history":[{"count":4,"href":"https:\/\/becobra.be\/en\/wp-json\/wp\/v2\/posts\/6060\/revisions"}],"predecessor-version":[{"id":7477,"href":"https:\/\/becobra.be\/en\/wp-json\/wp\/v2\/posts\/6060\/revisions\/7477"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/becobra.be\/en\/wp-json\/wp\/v2\/media\/7481"}],"wp:attachment":[{"href":"https:\/\/becobra.be\/en\/wp-json\/wp\/v2\/media?parent=6060"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/becobra.be\/en\/wp-json\/wp\/v2\/categories?post=6060"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/becobra.be\/en\/wp-json\/wp\/v2\/tags?post=6060"},{"taxonomy":"rol","embeddable":true,"href":"https:\/\/becobra.be\/en\/wp-json\/wp\/v2\/rol?post=6060"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}