EIOPA Survey Highlights Rapid but Measured Generative AI Adoption

Key Takeaways

• Generative AI Adoption Is Widespread but Measured: Around 65 percent of European insurers are already using Generative AI, though most deployments remain at the proof-of-concept stage, reflecting cautious scaling rather than rapid automation.
• Efficiency Drives Early Use Cases: Insurers are primarily deploying Gen AI to improve internal efficiency and reduce costs, with most applications focused on back-office functions such as data extraction, underwriting support, and content generation.
• Risk Concerns Remain Central: Hallucinations were cited as the most significant risk, followed closely by cybersecurity threats, data protection issues, and regulatory compliance challenges, reinforcing the need for strong controls and oversight.
• Governance Frameworks Are Catching Up: Nearly half of surveyed insurers now have dedicated AI policies in place, a sharp increase from 2023, as firms adapt existing risk and governance structures to address AI-specific challenges.
• Third-Party Dependence Raises Oversight Stakes: Heavy reliance on external Gen AI providers is pushing insurers to lean on frameworks such as the Digital Operational Resilience Act and the AI Act to manage vendor risk and operational resilience.

Deep Dive

Generative AI is no longer a distant experiment for Europe’s insurers, but it’s also not something they’re rolling out recklessly. A new market-wide survey from European Insurance and Occupational Pensions Authority paints a picture of rapid uptake paired with notable restraint, as firms weigh efficiency gains against new operational, regulatory, and governance risks.

The survey, which gathered responses from 347 insurance undertakings across 25 EU and EEA countries, shows that around 65 percent of insurers are already using Generative AI in some form. Yet most of these implementations remain firmly in the proof-of-concept phase, suggesting that while interest is high, confidence is still being built.

For most insurers, the appeal of Generative AI starts with efficiency. Respondents overwhelmingly cited cost reduction and productivity gains as their primary motivations for adoption. Improving customer experience and strengthening decision-making also featured prominently, underscoring the growing perception of Gen AI as more than just a back-office automation tool.

Still, insurers are keeping their ambitions measured. Nearly two-thirds of reported use cases focus on internal processes, including extracting data from invoices and medical reports, drafting emails and contracts, supporting underwriting, and assisting with coding tasks. These are areas where productivity benefits are tangible and risks are easier to contain.

Customer-facing applications, such as chatbots and voice assistants, account for a smaller share of activity and are mostly still being tested rather than deployed at scale. According to EIOPA, this reflects a conscious choice to prioritize control and oversight while the technology matures.

Hallucinations and Cyber Risk Are Top of Mind

That caution is driven in large part by risk. Insurers identified inaccurate outputs, commonly referred to as “hallucinations”, as the single most significant concern associated with Generative AI. Cybersecurity threats, data protection risks, and challenges around regulatory compliance were also frequently cited.

Data privacy and security, compliance obligations such as GDPR, and shortages of skilled staff continue to slow broader adoption. These challenges are compounded by the sector’s reliance on third-party providers. Most insurers reported purchasing off-the-shelf AI solutions or building on pre-trained external models, making vendor risk management a central issue rather than a side concern.

In this context, respondents pointed to sector-specific rules, the Digital Operational Resilience Act, and the AI Act as key frameworks for managing operational and third-party risks tied to Generative AI.

Governance Is Starting to Catch Up

One of the clearest signals in the survey is that governance structures are beginning to evolve alongside adoption. Nearly half of surveyed insurers said they have now introduced dedicated AI policies, almost double the share reported in 2023.

EIOPA notes that Generative AI places particular pressure on traditional risk frameworks, especially at the model inference stage. Issues such as prompt design, output monitoring, and human validation of results are becoming central governance questions, not technical footnotes.

Petra Hielkema, Chair of EIOPA, said the measured pace of adoption is encouraging. “The fact that this scale-up is happening gradually, with strong human oversight, and alongside updates to risk management frameworks, is important in order to adopt AI responsibly,” she said, adding that the authority will continue monitoring developments with national supervisors.

A Slow Build, Not a Sprint

Overall, the survey suggests that Generative AI already has a firm foothold in Europe’s insurance sector, with significant expansion likely in the years ahead. Insurers are building AI roadmaps and governance frameworks designed to unlock productivity gains without losing control of risk, compliance, or accountability.

For now, the direction of travel is to start with internal efficiency, keep humans in the loop, and strengthen governance before moving toward more autonomous systems. EIOPA expects that balance to shift over time, but not without continued supervisory attention as the technology becomes more deeply embedded in insurers’ operations.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.