However, new developments in the field of AI make these technologies increasingly powerful, and those developments are coupled with the explosion in other forms of AI, such as generative AI, that are more novel for insurance businesses.
Consequently, a key challenge for the industry is working out how to adapt and upgrade existing practices and processes to take account of advancements in existing technology, while also embracing certain 'net new' innovations.
Regulation tomorrow
The EU AI Act is one of the world's first comprehensive horizontal laws that is designed specifically to focus on the regulation of AI systems, and the first to command widespread global attention.
It is an EU law, but importantly also one that has extraterritorial effect. UK businesses selling into the EU or even businesses using AI systems where the outputs of those systems then have an impact on individuals in the EU are potentially caught by the law.
The EU AI Act applies to all parts and sectors of the economy. Crucially, however, it is also a risk-based law that does not try to regulate all AI systems and which distinguishes between different tiers of risk in relation to the systems it does regulate.
The most important category of AI system under the act are those referred to as high-risk AI systems, where the vast majority of obligations lie.
Most of these obligations will apply to the provider or developer of the AI system, but there are also obligations that apply to the system’s user or deployer.
The insurance industry is specifically flagged in the act as an area of concern for high-risk AI systems. The act explicitly identifies AI systems used in health and life insurance for pricing, underwriting and claims decisioning due to the potential significant impact on individuals’ livelihoods.
As the majority of the obligations will sit with the system’s provider, if you are a business building your own AI tools – even if those tools depend on existing models such as a large language model to develop an in-house AI system – you will be classified as a provider of that AI system under the act.
As a result, businesses will need to get to grips with the new law, first working out in which areas are they caught as a provider or deployer, before planning and building the required compliance framework to address their relevant obligations.
The regulation of AI had one brief mention in the King’s Speech last month, specifically in relation to the establishment of requirements around the most powerful AI models – meaning the EU AI Act is the most pressing law on AI and likely to be applicable to insurers in the coming years.