AI at insurers: DNB sees growing use, but governance lags behind

Article
NL Law
Expertise
Financial Regulation Privacy and Data Protection Insurance Technology, Media and Telecommunications Tech

On 21 January 2026, the Dutch Central Bank (De Nederlandsche Bank, DNB) published the results of its investigation into the use of Artificial Intelligence (AI) by insurers. This publication is relevant because it provides insight into the current state of AI adoption in the insurance sector and the extent to which insurers are managing the associated risks. The publication also provides useful insights for other financial companies that want to benchmark their AI governance against DNB's expectations.

Close-up of a woman's hands with her right hand placed on her laptop keyboard and her left hand pointing at her laptop screen

Growing AI adoption, but with clear dividing lines

The study shows that the Dutch insurance sector is increasingly using AI. However, the degree of adoption varies greatly depending on the size of the insurer. All large insurers (Impact Class 3) consider AI investments to be essential to their short-term revenue model and have structural capacity available for research, pilots and implementation. Among medium-sized insurers (Impact Class 2), 40% indicate that investments in AI are important for their future revenue model and half of them have structural capacity available, while among smaller insurers (Impact Class 1) there is a striking gap: 55% consider AI investments important, but only 39% have actually freed up capacity.

These differences translate into practice. At the beginning of 2025, nearly 80% of large and medium-sized insurers had one or more AI applications in production, compared to only 21% of smaller insurers. AI is primarily used to increase the efficiency of internal processes and improve the customer experience. Approximately 21% of the applications are purchased from third parties; the majority are developed in-house.

Governance: principles in place, embedding insufficient

DNB, notes that more than 70% of insurers take into account the six principles published by EIOPA (data governance, fairness, human oversight, proportionality, robustness and transparency) in their AI governance. This is a positive sign. At the same time, follow-up studies show that the actual embedding of these principles is still under development.

Specifically, DNB identifies two shortcomings: 

  1. The record-keeping of choices made, steps taken and parties involved in the development of AI applications is not always complete.
  2. Insurers often lack adequate safeguards to monitor whether AI applications continue to meet the set objectives and performance requirements after they have been put into use.

DNB has formulated clear expectations in this regard: prior to the implementation of AI applications that could lead to prudential risks, insurers must ensure that decisions are properly documented so that they can be traced. After implementation, DNB expects insurers to continue to monitor whether applications meet the minimum requirements at appropriate intervals.

AI Regulation: restricted use of high-risk applications

The AI Regulation (Regulation (EU 2024/1689) introduces additional requirements, particularly for high-risk applications. In the insurance sector, AI applications for risk assessment and premium determination in life and health insurance have been classified as high risk. From 2 August 2026, additional requirements will apply in the areas of documentation, data use, transparency, human oversight, risk management and registration.

DNB notes that the use of such high-risk applications in the Dutch insurance sector is still very limited, as is the running of pilots for this purpose. 

DNB notes that the impact of a proposal by the European Commission to shift the implementation timelines is still unknown.

Key takeaways from DNB's publication

  1. Large insurers are leading the way, while smaller ones are lagging behind for now – There is a substantial gap in AI adoption between large and small insurers. Smaller insurers that consider AI to be strategically important but lack sufficient capacity run the risk of falling behind and being insufficiently prepared for future regulations.
  2. Governance principles are known, but implementation is lacking – Most insurers are familiar with the EIOPA principles, but their practical integration into processes and documentation is insufficient. This is a clear signal that insurers need to formalise and operationalise their AI governance.
  3. Documentation and traceability are priorities for DNB – The regulator expects choices made during AI development to be recorded in a traceable manner. Insurers would be wise to equip their development processes with adequate audit trails.
  4. Continuous monitoring after implementation is required – It is not sufficient to validate AI applications on a one-off basis. DNB expects continuous monitoring of performance and compliance with set objectives.
  5. High-risk applications require timely preparation – Although current use is limited, the deadlines set out in the AI Regulation are approaching. Insurers considering using AI for risk assessment or premium determination for life and health insurance policies should start preparations now.
  6. DNB will continue to actively supervise – The supervisory authority has announced that it will also gather information in 2026 via the sector-wide survey and, depending on the results, conduct more in-depth research in the second half of the year.

Outlook

DNB expects insurers to raise their AI governance to a higher level. DNB announces that it will further scrutinize this in 2026. 

It is recommended that insurers that use AI (or are considering using it) invest in robust governance, thorough documentation and structural monitoring. 

 

Author(s)