Annex III §5(c)
EU AI Act compliance for insurtech
Insurance is the only Annex III line that is line-of-business specific. Life and health pricing, underwriting, and claims-handling are inside Annex III §5(c); motor and most P&C are not. That asymmetry creates real product decisions for multi-line insurtech platforms — and it is where most pre-engagement classifications get the answer wrong.
The actuarial AI surface in life and health is mature enough that AI Act exposure was visible from the first Council draft: pricing engines, mortality/morbidity scoring, automated underwriting, and triage in claims and emergency dispatch are all explicit. What is less obvious is the operational overlap with the insurance sectoral framework you already comply with — IDD on conduct, Solvency II on model risk for internal models, and the EIOPA AI use-case opinions from 2024 that telegraphed the supervisory direction. The AI Act technical file does not replace any of those; it sits on top.
Annex III §5(c) covers risk assessment and pricing in relation to natural persons in the case of life and health insurance. Read literally, this excludes property, motor, travel, and most non-life lines — and that reading is supported by the recital language that ties the high-risk classification to access to essential private services. We have seen insurtech platforms classify their motor pricing as Annex III out of caution; that conservatism is rarely required and forces unnecessary documentation overhead. Where the surface gets murkier is hybrid lines (e.g. health-and-disability bundled with income protection) and emergency dispatch, where the system makes life-affecting decisions even though the underlying coverage is not a §5(c) line. The Diagnostic resolves these edge cases against the recital text and member-state supervisor guidance.
Insurance procurement teams are starting to ask about model-risk artefacts that look familiar from Solvency II internal-model approval — validation report, independent review, change-management policy, performance monitoring — but with EU AI Act labels. The questions that are new: treating customers fairly evidence at the demographic-slice level, conformance with EIOPA guidance on use of AI in pricing, and how the system interacts with IDD Article 25 product-oversight obligations. None of these are unfamiliar; the work is mapping existing actuarial documentation into the Annex IV format.
The most common gap is provenance and lawful basis on the training set. Life and health pricing models typically train on book data — your own underwriting history — but the Article 10 data-governance bar is set higher than the typical book-data audit. The technical file needs explicit provenance, consent or other lawful basis under GDPR, and a documented bias-and-error analysis. The second gap is the continuous-learning boundary: many pricing engines retrain quarterly on claims experience, and that retraining is exactly what Annex IV §1(f) requires you to predeclare. A documented retrain pipeline with clear input-data scope and quality gates closes the gap.
Insurtech evidence lives in unfamiliar places. Model validation reports already exist for Solvency II — they need a wrapper that maps validation procedures to Annex IV §1(h). Underwriting-decision logs already exist in your policy-administration system — they need a redacted export format that proves Art. 12 automatic logging. Claims-triage decision histories already exist in your ops platform. Drift monitoring is the gap most insurtech teams have to add: production claim-frequency drift relative to the pricing assumption, with thresholds that trigger model review. We wire it into your existing actuarial-monitoring cadence so it does not become a separate workstream.
Diagnostic for insurance AI providers
We work alongside your actuarial and Solvency II model-risk teams. The Diagnostic confirms which lines are inside Annex III §5(c) and which are not, in three to five days, with a one-page gap snapshot for procurement. Fixed price, engineering-led.