#41: The Commission just drew the high-risk AI line for insurers
The Commission just drew the high-risk AI line for insurers
AI Act high-risk guidelines for insurers · Estonia publishes its supervisory work plan · Aviva inside ChatGPT · The thin-file borrower · MiCA review · IOSCO’s AI toolkit
A personal milestone before the analysis. This month I graduated from the Tallinn Business Incubator after nine months, and it is a good moment to mark where the practice now stands. There is a new brand and a rebuilt website at andreslehtmets.com, first development bank projects delivered for supervisors and regulators on SupTech and financial innovation with more in the pipeline, continued work with the Cambridge Centre for Alternative Finance (CCAF) on the new public-sector AI course, this newsletter relaunched on a cleaner platform, and recognition as a Top 25 Global InsurTech Voice. My first product, an EU Regulatory Tracker, is prototyped and close to launch. If that sounds useful for your team, reply and I will keep you posted.
A few things on the June calendar. On 17 and 18 June I am speaking at the UNCHAIN Festival in Oradea, Romania, and from 22 to 26 June I am lecturing at the EERIA Insurance Summer School in Ohrid, North Macedonia. If you are at either, come and say hello.
The Commission just told insurers how high-risk AI will be classified
On 19 May 2026 the European Commission published draft guidelines on the classification of high-risk AI systems under the EU Artificial Intelligence Act (AI Act), and opened a consultation that runs until 23 June. The guidelines walk through each high-risk use case in Annex III: biometrics, critical infrastructure, education, employment, access to essential public and private services, law enforcement, migration, justice and democratic processes.
What the draft addresses on insurance:
- The definition of risk assessment and pricing for life and health insurance.
- The treatment of life, health, long-term care, personal pensions, credit life, motor, home and insurance-based investment products (IBIPs).
- The treatment of private versus public-law insurers.
- The grandfathering of AI systems already in service.
- The interplay with Solvency II internal models.
The guidelines also cover credit scoring on the banking side, where AI used to evaluate the creditworthiness of natural persons or to set a credit score is classified as high-risk. That matters for financial services broadly, not just for insurers.
The headline deadline for stand-alone high-risk systems is now 2 December 2027, but the classification question, namely whether a given pricing or underwriting model is in scope at all, is the one that decides how much work sits between here and there. The guidelines are not binding, only the Court of Justice can give the authoritative reading, but they are the clearest signal yet of how the Commission reads the perimeter. If you run AI anywhere near life or health pricing, this is worth a careful read, and the consultation window is the moment to flag where the text does not fit how the business actually works.
Source: Draft Commission guidelines on the classification of high-risk AI systems.
Estonia is publishing its supervisory work plan
Estonia’s financial supervisor, Finantsinspektsioon (FI), has decided to publish its supervisory work plan as part of a new supervisory strategy. The plan of regular inspections now sits on the FI website, broken down by sector across banking and credit, investment, insurance and payments. The supervisor frames it as transparency and as prevention: pre-announcing inspections lets firms spot and remedy deficiencies before the inspectors arrive. Unannounced inspections stay in the toolkit.
I personally like this approach. In a way it normalises what already happens in markets, especially smaller ones. Market participants talk to each other. Auditors generally have a good read on supervisory priorities, and audit plans often align with where supervisors are focused. Bigger firms tend to track the European Supervisory Authority (ESA) work plans anyway, at least I do that for my clients, and those priorities filter through to national markets soon enough.
It also levels the playing field. Firms with strong audit relationships and Brussels-tracking compliance teams already had most of this information. Smaller and mid-market firms did not. Publication closes that gap.
The obvious counter is whether pre-announcement creates a teach-to-the-test effect, with firms focusing narrowly on listed topics and neglecting broader controls. Worth watching. But the predictability gain looks larger, especially with ad hoc work and the risk-based approach still in the toolkit.
Source: Finantsinspektsiooni kontrollid (Finantsinspektsioon).
Aviva put life insurance inside ChatGPT. The AI is the boring part.
In early June 2026 Aviva began offering initial life insurance quotes inside ChatGPT, as part of its wider collaboration with OpenAI. Customers enter their details in the chat to generate a quote, then are directed to Aviva’s own website, with their information pre-populated, to complete the application and purchase. It builds on the home insurance quoting Aviva introduced through the same platform earlier in the spring. Everyone is calling it an AI move. I think the AI is the boring part.
What actually changed is where you buy. Not a comparison site, not a broker, not Aviva’s website. You get the quote in the same chat window you already use for everything else, and then finish on their site. The distribution surface moved, and it moved to a place no insurance rulebook was written for.
And that is where it gets interesting for my world. If a chatbot is walking you through a life product, is that information or is it advice? The rules we have were written for websites and call centres. They do not have a clean answer for a conversation.
Source: Aviva expands ChatGPT app to life insurance applications.
The thin-file borrower is a European problem, not just an emerging-market one
I was creditworthy in Estonia. I moved to Frankfurt and was not. I moved back and still was not. Years of clean repayment history and a steady salary, and none of it crossed the border. Not leaving, not coming home. Each time I landed on a lender’s desk looking like a blank page.
We call this the underserved borrower problem and file it under emerging markets. Women entrepreneurs, low-income borrowers, anyone without a formal paper trail. All true. But it is a European problem too. Here the thin-file borrower usually is not invisible. They are just in the wrong country. That is millions of people: students, posted workers, founders, everyone the single market actually moved.
The fix is the same one fintechs use in emerging markets. Stop trusting a legacy file that ends at customs. Use the data that does travel: payments, open banking, real economic activity. A new International Finance Corporation (IFC) report on alternative data and AI for financial inclusion makes the case in detail, and while it is framed around emerging markets, the mechanism is identical for a mobile European workforce. This is the whole point of the EU’s Financial Data Access Regulation (FIDA), and why I keep coming back to it. Some of the firms closest to solving this are e-Estonia rooted, by the way.
Source: IFC: Cracking the Credit Code, Alternative Data and AI for Financial Inclusion.
On 3 June 2026 the European Commission adopted the European Technological Sovereignty Package, a set of measures to cut the bloc’s reliance on non-EU providers, which currently supply over 80 per cent of key digital products and infrastructure. It bundles the Chips Act 2.0, a Cloud and AI Development Act, an Open Source Strategy and a roadmap for AI in energy. Tech sovereignty, the ability to act independently in the digital world, is now an explicit goal, and financial services sit squarely inside the dependency it is trying to fix. European Commission.
On 25 May 2026 the International Organization of Securities Commissions (IOSCO) published the final report of its Supervisory Toolkit for AI Use in Capital Markets. It is aimed at securities regulators, but the relevance goes well beyond financial markets. It covers the full AI lifecycle from traditional machine learning through GenAI to emerging agentic AI, and it is built in three layers: risk areas to consider, concrete supervisory tools and indicators for monitoring adoption, with a standalone extract designed for on-site inspections. IOSCO.
On 20 May 2026 the European Commission opened a targeted consultation on the review of the Markets in Crypto-Assets Regulation (MiCA), 86 questions across four thematic blocks, open until 31 August. My own quick reaction is: not yet. MiCA has barely had time to work. Let it run, let the evidence build, then decide. But the timing is good, because the firms that spent recent months securing MiCA licences now have the first real lessons to feed in. Three threads worth a look even beyond crypto-native firms: the DeFi perimeter, conglomerate supervision for groups holding a MiCA entity, and stablecoins as a payment and settlement rail, a section I would flag for insurers in particular. European Commission.
A new World Bank note on the gig economy and digital fast payments will read to most people as a payments story. It is an insurance and open finance story. Fast, interoperable, low-cost rails get gig workers paid, but they do not protect them: income volatility, no employer coverage and limited access to credit all remain. Two adjacent layers complete the picture. Embedded cover through platforms is the most realistic way to plug the protection gap at scale, and fast payments make micro-policy premiums and instant claims viable. Open finance turns platform payment data, the most accurate income signal a gig worker has, into a passport to insurance, credit and pensions. World Bank.
Financial fraud is not just a security problem, it is a trust problem. Every scam that lands chips away at confidence in digital finance, and in emerging markets it risks undoing years of progress on inclusion. A new CGAP working paper pulls together more than 50 real-world solutions across the full fraud lifecycle: education, prevention, detection and disruption, and response and recovery. What I appreciated was the honesty: no silver bullets, just a clear look at what works and what it takes to deploy these tools responsibly. The themes are topical well beyond emerging markets, including at Estonian and EU level right now. CGAP.
A UK Centre for Finance, Innovation and Technology (CFIT) roadmap sets out a credible path to fix one of the economy’s most persistent inefficiencies: a homebuying system where transactions take 22 weeks on average and around 30 per cent fall through. It is the first Smart Data coalition of its kind beyond financial services, applying consent-driven, interoperable data sharing to property. What it leaves out is insurance. Home cover and mortgage life protection sit right in the critical path and are still slow and manual. Open data could let insurers price and bind cover in minutes. FIDA is the EU’s chance to plug insurance, mortgages and payments into the same picture. CFIT roadmap.
Insurance is a growth industry. The Allianz Global Insurance Report 2026 puts it at +5.3 per cent a year over the next decade, after global premiums grew +7.1 per cent to 6.9 trillion euros in 2025. But that was not the line that stopped me. The report names geopolitical fragmentation not as a side risk but as a force reshaping the industry, after decades resting on one assumption, that the world keeps integrating. That assumption is now reversing. Food for thought for regulators, policymakers and businesses alike. Allianz.
Venture-capital-backed companies per million inhabitants in Estonia, the highest in the EU, according to the European Commission’s European Startup and Scaleup Scoreboard. Estonia, Sweden, Finland, the Netherlands and Denmark form the leading group, scoring 40 to 60 percentage points above the EU average. A small country can lead on early-stage dynamism. Can it lead on scaling too? European Commission.
Weekly briefing on financial innovation and regulation. Join 5,000+ fintech, insurance and regulatory professionals.
SubscribeAdvisory for regulators, boards and fintech leaders navigating digital finance policy and regulation. See how I can help.
Selectively considering sponsorship for this newsletter. Reach 5,000+ decision-makers in financial innovation and regulation. Enquire.
