Author: James W. Moore
On June 18, 2026, China and India each moved to bind AI-driven claims and underwriting decisions under formal regulatory scrutiny, without any indication of coordination between them. Eleven days later, the European Union, the jurisdiction that built the world’s reference framework for AI regulation, finalized a sixteen-month delay to its own binding insurance obligations. Singapore continued building what looks like the most mature governance model of any of them. The UK’s own Parliament told its regulator its current approach isn’t good enough. And in the US, AI governance in insurance is still a state-by-state patchwork with no binding federal floor.
Few analyses have connected these six developments as one story. They belong together because they show something a single-country story cannot: there is no global consensus forming on how AI in insurance should be governed. Instead, there are at least three distinct governance philosophies running in parallel right now, and carriers and reinsurers operating across borders need to know which one applies where they write business.
The pattern isn’t random. Insurance concentrates AI decisions that directly determine price, eligibility, and claim outcomes, three points where an algorithm’s mistake becomes someone’s financial loss almost immediately. That is why claims, underwriting, and pricing keep showing up as the first target across every jurisdiction below, ahead of AI use in marketing, HR, or back-office operations.
Key takeaways
- China’s National Financial Regulatory Administration and India’s IRDAI both launched formal AI governance initiatives on the same day, June 18, 2026, both naming claims and underwriting among the first areas of scrutiny.
- Six jurisdictions, three governance philosophies: hardening (Singapore, China), recalibrating (the EU), and still undecided (India, the UK, the US).
- The EU AI Act’s binding high-risk obligations for insurance, originally due August 2, 2026, were deferred to December 2, 2027 under a Digital Omnibus agreement finalized in the past two weeks.
- Singapore’s Monetary Authority has the most developed framework of the six, built over eight years and about to shift from guidance to supervisory expectation.
- The UK has deliberately chosen not to write AI-specific insurance rules, a position its own Treasury Committee has publicly criticized.
- The US relies on a non-binding NAIC model bulletin adopted by roughly half of all states, with an examiner evaluation tool still in pilot.
Singapore: the model everyone else is still building toward
The Monetary Authority of Singapore has been at this longer than anyone. Its FEAT principles date to 2018. Project MindForge, its industry collaboration on generative AI risk, launched in 2023 and now includes insurers alongside banks and capital markets firms. In November 2025, MAS opened a consultation on binding AI Risk Management Guidelines covering all financial institutions, including insurers, with expectations around board oversight, AI use case inventories, and lifecycle controls. The consultation closed January 31, 2026. In March 2026, MAS published the AI Risk Management Toolkit, developed with a 24-firm industry consortium of banks, insurers, and capital markets firms, as a practical companion to the guidelines. That habit of building guidance alongside industry rather than issuing it from above is a large part of why MAS carries more credibility with the firms it regulates than most of its peers. Once the guidelines are finalized, expected sometime in 2026, a twelve-month transition period leads into full supervisory enforcement. Singapore’s approach is proportionate by design, scaling requirements to a firm’s size and risk exposure rather than applying one standard to everyone. It is the closest thing in this group to a working model other regulators can borrow from.
China: binding, specific, and fast
On June 18, 2026, China’s National Financial Regulatory Administration released Guidelines on the Safe Development and Application of Artificial Intelligence in the Banking and Insurance Industry, NFRA [2026] No. 8, its first dedicated AI governance framework for the two sectors. It does not leave much to interpretation. Underwriting and claims settlement are named explicitly as high-risk applications requiring approval from an institution’s risk management committee before deployment, with reporting obligations back to the NFRA. The guidelines also prohibit using sensitive personal data, such as names and identification numbers, to train or optimize generative AI models. Human oversight is mandated at key decision points so that, in the regulator’s words, critical decisions do not become black boxes. The guidelines also push large institutions toward building what NFRA describes as independent and controllable computing infrastructure, a requirement that reaches beyond AI governance into the broader conversation about sovereign compute. No other jurisdiction in this group has moved faster or landed a more specific, binding rule.
India: still forming, but moving with intent
The same day, June 18, 2026, India’s IRDAI convened a seven-member working group on artificial intelligence, chaired by IIIT Hyderabad director Sandeep Shukla and including risk and security officers from SBI Life, Star Health, and ICICI Lombard, with a three-month deadline to deliver recommendations. Its mandate is to map how far insurers have already gone in deploying AI, then build the sector’s first formal governance framework around what it finds. IRDAI named claims processing and fraud detection as the two functions warranting the closest attention first, operationally close to the underwriting and claims settlement. China named the same day, though not an identical list. Whether the timing between the two announcements was coordinated is unclear. What is clear is that two of the world’s largest insurance markets by policy count decided, on the same day, that AI in claims-adjacent decisions needed a formal governance answer.
The EU: the standard-setter just pulled back
This is the twist that makes the other five stories matter more. The EU AI Act’s Annex III explicitly classifies AI used for risk assessment and pricing in life and health insurance as high-risk. Whether property and casualty use qualifies too is one of the more actively disputed interpretations of Annex III among legal commentators, turning on whether P&C coverage counts as an essential service under the Act’s language. Those obligations, covering technical documentation, conformity assessment, and mandatory human oversight, were due to take effect August 2, 2026. Under the Digital Omnibus, a package of amendments the European Commission proposed in November 2025 after acknowledging the compliance infrastructure would not be ready in time, the deadline has been pushed back sixteen months to December 2, 2027. The European Parliament formally endorsed the deal on June 16, 2026. The Council of the EU gave final sign-off on June 29, 2026. The Act’s general transparency obligations still land in August as originally scheduled. The headline high-risk obligations for insurers do not. The regulator that set the global benchmark for AI just told its own insurance sector it has another year and a half.
The UK: choosing not to regulate, and being told it’s wrong
The FCA has stated plainly that it has no current plans to introduce AI-specific insurance rules, saying it intends instead to rely on “existing frameworks, which mitigate many of the risks associated with AI.” In practice, that means the Consumer Duty and the Senior Managers and Certification Regime, already-established rules that the FCA is applying to AI use cases rather than replacing. That is a defensible regulatory philosophy. It is also one the UK’s own Parliament has pushed back on directly. The Treasury Committee’s report, published January 22, 2026, following an inquiry into AI in financial services, criticized the FCA, PRA, Bank of England, and HM Treasury for what it called a wait-and-see approach, warning it risks both consumer harm and financial instability. The Committee gave the FCA a deadline: comprehensive, practical guidance on how existing rules apply to AI, due by the end of 2026. The UK is not absent from this conversation. It is the one jurisdiction here that chose its current posture deliberately and is now under formal pressure from its own legislature to change it.
The US: familiar ground, still unsettled
For a US carrier audience, the NAIC Model Bulletin on the Use of Artificial Intelligence Systems by Insurers needs little introduction. Adopted in December 2023, it is principles-based, non-binding at the federal level, and takes effect only where individual state insurance departments formally adopt it. Roughly half of US jurisdictions have done so as of mid-2026. That patchwork isn’t an AI-specific failure; it’s how US insurance regulation has always worked. States, not Washington, have held authority over insurance since the McCarran-Ferguson Act of 1945, and AI governance is inheriting that same structure rather than breaking from it. The bulletin covers the full insurance lifecycle from product design through claims and fraud detection and requires a documented AI Systems Program with board-level accountability. What it does not yet have is a mature enforcement mechanism. The NAIC’s AI Systems Evaluation Tool, meant to give market conduct examiners a standardized way to review insurer AI governance, is in a pilot across twelve states through September 2026, with possible formal adoption at the Fall National Meeting. Compared to what is now binding in China, or hardening in Singapore, the US framework remains a statement of expectations without a fully built enforcement apparatus behind it.
Three philosophies, not one trend
Line these up, and a pattern emerges that is easy to miss when looking at any single country. Singapore and China both represent a hardening posture, guidance evolving into a binding rule, though they arrive at it through different philosophies. China’s is state-directed: a regulator issuing a binding rule and naming the applications it covers. Singapore’s is closer to risk-based supervisory governance, built with the firms it will eventually examine, and proportionate to each firm’s size and exposure. Both are moving in the same direction at different speeds and by different routes. The EU represents a recalibrating posture, a jurisdiction that built the most ambitious framework in the world and then concluded, under its own regulatory infrastructure’s weight, that it needed more time, a delay rather than a change of direction. India, the UK, and the US represent an undecided posture, each acknowledging AI governance is unfinished business, each choosing a different path to get there: a working group with a deadline, a legislature applying public pressure to a reluctant regulator, and a patchwork of state bulletins waiting on an examiner tool that is not yet built.
There is no single global direction here. There are three, running at the same time, in the same industry.
Why this matters beyond geography
For a US carrier with any exposure to these markets, whether through reinsurance treaties, multinational program business, or a relationship with a foundation model provider, cloud platform, or AI vendor operating under more than one of these regimes, the practical question is no longer whether AI governance applies outside the US. It is which framework applies where, and whether your vendor contracts and data-sharing agreements were written with any of this in mind. NAIC’s own Big Data and AI Working Group lists monitoring international AI regulatory activity as an explicit 2026 charge, which means what China and India just did is not background noise to US regulators either. It is a data point they are actively watching, and one that could eventually inform what the NAIC’s own framework becomes.
Action items
- If your organization writes business, reinsures risk, or maintains vendor relationships touching China, India, Singapore, the EU, or the UK, confirm which AI governance framework applies to each relationship and whether current contracts account for it.
- Track the EU AI Act’s Digital Omnibus timeline directly rather than relying on the original August 2026 deadline still circulating in older compliance material.
- Watch the NAIC’s AI Systems Evaluation Tool pilot results, expected ahead of the Fall National Meeting, as an early signal of where US enforcement is headed next.
- If you operate in Singapore, begin preparing for supervisory-level AI risk management now. The transition period, once MAS finalizes its guidelines, will move quickly.
Related IIAI Articles
- The Governance Problem AI Didn’t Create (But Might Actually Fix)
- The Reluctant Auditor: What AI Sees That We’d Rather It Didn’t
Sources
- Irdai sets up working group to guide AI adoption in insurance sector, Business Standard
- India’s insurance regulator steps in to govern AI adoption, Insurance Business Asia
- Can China’s banks turn AI governance from a board mandate into a competitive advantage?, The Asian Banker
- New NFRA guidelines promote safe AI adoption in finance, China Daily
- MAS Partners Industry to Develop AI Risk Management Toolkit for the Financial Sector
- MAS Guidelines for Artificial Intelligence Risk Management
- Artificial Intelligence: Council and Parliament agree to simplify and streamline rules, Council of the EU
- EU AI Act Omnibus Agreement, Gibson Dunn
- High-Risk AI, Orrick AI Law Center
- AI and the FCA: our approach
- Artificial intelligence in financial services, UK Parliament Treasury Committee
- Insurance Topics: Artificial Intelligence, NAIC
- Big Data and Artificial Intelligence (H) Working Group, NAIC
- AI Regulation in Insurance 2026, actuary.info
James W. Moore is the founder of InsuranceIndustry.ai.
AI Disclaimer: This content was created with assistance from artificial intelligence technology. While content is based on factual information from the source material, readers should verify all details directly with the respective sources before making business decisions.
