Artificial intelligence is already deeply embedded in UK insurance, but it is not governed by a single, standalone “AI law”. Instead, insurers operate within a patchwork of existing regimes, including FCA Principles requiring skill, care and diligence in model testing to avoid unfair pricing, Consumer Duty demanding clear explanations of AI-driven premiums alongside fair value outcomes, and UK GDPR Article 22 prohibiting solely automated high-impact decisions without human review safeguards.
In practice, this means AI can legitimately support areas such as fraud detection, claims triage and personalised pricing, provided models are explainable and subject to human oversight. Industry guidance consistently draws clear red lines. Insurers cannot rely on fully autonomous AI for high-stakes decisions, deploy biased third-party data that leads to outcomes such as “ethnicity penalties”, or use opaque black-box models with no audit trail or bias testing. Real-world deployments, such as Aviva’s gains in claims efficiency, show what is possible when these constraints are respected.
This lighter, decentralised regulatory approach is deliberate. UK regulators expect insurers to apply existing rules on fairness, governance and accountability to AI, rather than waiting for a bespoke regime to emerge. In other words, AI is not unregulated. It is regulated indirectly, but rigorously.
These themes were front and centre at a recent Lloyd’s market seminar on the emerging AI regulatory landscape, where two questions dominated discussion.
- Who is accountable when AI goes wrong?
- How do you oversee systems you do not fully understand?
On accountability, the regulatory position is clear. Responsibility sits with firms and their senior managers, not with algorithms or external vendors. Under the Senior Managers and Certification Regime, AI-enabled activities must be owned by named individuals, even where models are built, trained or hosted by third parties. Put bluntly, insurers can outsource technology, but they cannot outsource blame.
Oversight is the harder challenge. As insurers, MGAs and TPAs increasingly plug in third-party rating engines, fraud models and triage tools, many operational teams have only a limited understanding of how those systems work. This creates a governance gap. Are models being validated? Is there a clear audit trail showing when and how AI influenced decisions? Can firms evidence how bias has been tested, monitored and mitigated?
Legal guidance is now increasingly explicit on these points. Insurers are expected to demonstrate ‘explainability’, strong data governance and meaningful human intervention in high-impact automated decisions. These expectations are reinforced by UK GDPR safeguards and the Data (Use and Access) Act 2025.
The risks of under-regulation in a risk-based industry are twofold. First, unchecked personalisation can embed “ethnicity penalties” or “poverty premiums” into pricing, undermining trust and potentially breaching both equality and conduct standards. Second, regulatory uncertainty can deter responsible firms from innovating, while less scrupulous players push ahead. This leaves the UK market at a disadvantage compared with jurisdictions operating under clearer frameworks, such as the EU AI Act.
How do you think the UK should regulate AI?
Sources used:
-
Pinsent Masons (2025): https://www.pinsentmasons.com/out-law/guides/the-regulation-of-ai-in-uk-insurance-an-introductory-guide
-
Davies Group (2025): https://davies-group.com/insurance-solutions/2025/06/04/ai-insurance-regulatory-landscape/
-
Appinventiv (2026): https://appinventiv.com/blog/how-to-build-ai-powered-insurance-software-uk/
-
McKinsey (2025): https://www.mckinsey.com/industries/financial-services/our-insights/the-future-of-ai-in-the-insurance-industry
-
Hogan Lovells (2026): https://www.hoganlovells.com/en/publications/new-developments-for-ai-in-uk-financial-services
-
Linklaters (2026): https://financialregulation.linklaters.com/post/102m2ie/fca-set-deadline-for-giving-uk-firms-more-ai-guidance
-
Dun & Bradstreet (2026): https://www.reinsurancene.ws/uk-insurers-set-2026-priorities-around-ai-investment-and-external-risk-controls-dun-bradstreet/
-
RPC (2026): https://www.rpclegal.com/thinking/insurance-reviews/annual-insurance-review-2026/technology/
-
Debevoise (2025): https://www.debevoise.com/insights/publications/2025/05/europes-regulatory-approach-to-ai-in-the-insurance
-
Aviva Connect (2026): https://connect.avivab2b.co.uk/broker/articles/news/2026/artificial-intelligence—a-view-from-the-fca-and-some-ground-ru/
