European insurers face stricter guidance on AI governance after EIOPA issued its landmark opinion, with major implications for investment managers’ due diligence and compliance strategies, writes Dorothee Ciolino at Norton Rose Fulbright.
On 6 August 2025, the European Insurance and Occupational Pensions Authority (EIOPA) issued a comprehensive Opinion on Artificial Intelligence (AI) Governance and Risk Management (the Opinion), marking a pivotal step in aligning insurance sector practices with the evolving EU regulatory landscape. For investment managers, particularly those with exposure to insurance undertakings or insurtech ventures, this Opinion offers critical insights into the operational, compliance, and reputational dimensions of AI deployment.
At the heart of the Opinion lies a principle-based framework that complements the Regulation (EU) 2024/1689 of 13 June 2024 laying down harmonized rules on artificial intelligence (AI Act), focusing on AI systems not classified as high-risk or prohibited.
While the AI Act introduces sector-agnostic obligations, EIOPA’s guidance contextualizes these within existing insurance legislation - namely, the Directive 2009/138/EC of 25 November 2009 on the taking-up and pursuit of the business of Insurance and Reinsurance (Solvency II Directive), the Directive (EU) 2016/97 of 20 January 2016 on insurance distribution (IDD), and the Regulation (EU) 2022/2554 of 14 December 2022 on digital operational resilience for the financial sector (DORA).
EIOPA advocates a risk-based and proportionate approach to AI governance. Undertakings must assess the impact of AI systems across dimensions such as data sensitivity, customer exposure (including vulnerable groups), business continuity, and financial materiality. This nuanced methodology ensures that governance measures are tailored to the specific risk profile of each AI application, avoiding a one-size-fits-all compliance approach.
For investment managers, this translates into a need for enhanced due diligence when evaluating insurance portfolios or insurtech investments. AI systems used in underwriting, pricing, claims management, or fraud detection must be scrutinized not only for technical robustness but also for alignment with fairness, transparency, and ethical standards.
The Opinion underscores the importance of human oversight, requiring clear delineation of roles across compliance, actuarial, data protection, and senior management functions.
Data governance emerges as a cornerstone of responsible AI use. Undertakings are expected to ensure data completeness, accuracy, and appropriateness throughout the AI lifecycle. Bias mitigation, especially in proxy variables, is essential to uphold non-discrimination principles. Investment managers should assess whether target firms have implemented sound data governance policies and whether they maintain adequate documentation and audit trails.
EIOPA also emphasizes explainability and transparency, particularly in customer-facing applications. AI outputs must be interpretable, and customers should be informed when decisions materially affecting them are AI-driven. This has implications for reputational risk and customer trust - factors increasingly material to ESG - conscious investors.
Cybersecurity and model resilience are equally critical. AI systems must be safeguarded against adversarial attacks and data poisoning, with robust ICT infrastructures and fallback plans in place. Investment managers should evaluate whether firms have adopted comprehensive ICT risk management frameworks in line with DORA.
In conclusion, EIOPA’s Opinion provides a strategic blueprint for embedding AI governance into insurance operations. For investment managers, it offers a lens through which to assess regulatory maturity, operational resilience, and ethical integrity in AI-driven insurance models. As AI adoption accelerates, those who integrate these supervisory expectations into their investment analysis will be better positioned to manage risk and capture value in a transforming sector.
Dorothée Ciolino is counsel at Norton Rose Fulbright Luxembourg. The law firm is a member of the panel of experts of Investment Officer Luxembourg.