AI Regulatory Intelligence โ€” by YRproject

factual analysis · traceable to primary sources

Compliance platform Work with us LinkedIn NLยทENยทDE
Explainer

AI in insurance: underwriting and pricing

Adopted 2026-06-22 ยท ≈ 2 min read ยท Dirk Baaijen

AI for risk assessment and pricing in life and health insurance is high-risk under Annex III of the AI Act. Other lines are not automatically covered, but the GDPR, solidarity rules and the prohibition of discrimination apply broadly.

Short answer: AI used for risk assessment (underwriting) and pricing in life and health insurance is high-risk under Annex III of the AI Act. For those products the full high-risk regime applies. AI in other insurance lines is not automatically covered by Annex III, but remains subject to the GDPR, solidarity and gender-equality law and the prohibition of discrimination.

Which insurance falls under Annex III

Annex III, point 5 of the AI Act specifically lists AI systems intended for risk assessment and pricing in relation to natural persons in life and health insurance. The legislator chose these two lines because a wrong assessment there directly affects health, livelihood and access to care.

That does not mean AI in, say, motor or contents insurance is unrestricted. The Annex III high-risk label does not apply automatically there, but the other requirements โ€” GDPR, transparency, non-discrimination โ€” remain fully in force.

The high-risk obligations in practice

For life and health AI the requirements from the high-risk obligations overview apply: a risk management system, validated and representative data, technical documentation, logging, human oversight and a conformity assessment. The deployer (the insurer) must also use the system in accordance with the instructions and ensure human oversight.

GDPR, special data and solidarity

Underwriting and pricing often rely on health data, which as a special category under the GDPR require an extra-strict legal basis. Fully automated underwriting decisions also engage GDPR Article 22. In addition, fine-grained, data-driven premium differentiation conflicts with the solidarity principle underlying insurance: the more personal the price, the less risk is shared. EU rules on gender equality in insurance premiums continue to apply, even where a model does not use sex explicitly but approximates it through proxies.

What to do

  • Determine the line: establish whether the system concerns life or health (then Annex III) or another line (then the GDPR route).
  • Secure the GDPR basis: arrange a valid basis for health data and respect Article 22 for automated underwriting.
  • Examine proxies: check whether variables indirectly approximate age, sex, origin or health.
  • Guard solidarity: make policy choices explicit about how far premium differentiation may go.
  • Document and connect to your AI governance framework.

AI makes underwriting faster and more precise, but in life and health that is exactly why the heaviest regime applies. Do not mistake line-specific carve-outs for a free pass.

Sources

  1. https://eur-lex.europa.eu/eli/reg/2024/1689/oj
    Regulation (EU) 2024/1689 (AI Act): Annex III classifies risk assessment and pricing in life and health insurance as high-risk.
  2. https://eur-lex.europa.eu/eli/reg/2016/679/oj
    Regulation (EU) 2016/679 (GDPR): legal bases, special categories of data and automated decision-making.

Share on LinkedIn

Read next

A

AI in onboarding and internal mobility: where is the line?

Talent marketplaces, skills matching and career paths with AI seem neutral, but they reach the high-risk line as soon as they steer promotion or progression decisions (Annex III, point 4). Then the AI Act, GDPR, transparency and equal opportunity apply internally too.

U

AI in housing allocation: access to essential services

AI that decides who gets access to housing strikes at the core of the high-risk regime. Annex III of the AI Act covers access to essential private and public services; on top of that, the GDPR prohibits discrimination and sets demands on automated decisions.

U

AI financial fraud detection: the Annex III carve-out

AI that detects financial fraud is expressly carved out of the high-risk classification for credit scoring in Annex III. The carve-out is narrow: it covers genuine fraud detection, not credit assessment under a fraud label. The GDPR and governance still apply.

Dirk Baaijen

About this knowledge base

Compiled and maintained by YRproject โ€” programme and project direction at the intersection of digital transformation, AI and regulation. Every factual claim is traceable to its primary source. YRproject is led by Dirk Baaijen About & method โ†’

A project or programme? Work with YRproject โ†’

The monthly briefing

AI regulation in five minutes: what changed, what is coming and what it means. No spam, unsubscribe anytime.

Your address is used for this only and stored on our own servers.