Regulating Digital Insurance Platforms in the EU: Legal Frameworks and Future Directions

1. Introduction

The digital transformation of the European insurance sector has progressed unevenly across various markets, reflecting differing levels of adoption and innovation. Although digital distribution channels play a secondary role in the insurance distribution mix, particularly for life insurance products, their significance increases as customers rely on online tools to gather information and make comparisons (EIOPA, 2024, pp. 11-12). This shift underscores the transformative potential of digitalisation for customer engagement and future business opportunities, especially as young, educated, and high-income customers prefer purchasing insurance through digital channels (EIOPA, 2024, p.13).

The academic literature identifies three key areas of transformation in the insurance sector driven by digitalisation: (i) customer interaction, facilitated by social media, chatbots, and robo-advisors; (ii) process automation, which enhances efficiency in sales and claims settlement; and (iii) product innovation, enabling the development of offerings such as telematics and cyber insurance (Eling and Lehmann, 2018, pp. 366–370). Furthermore, research highlights that while the rise of the platform economy—an extension of broader digitalisation—will not eliminate the need for insurance intermediation, it will fundamentally reshape how those needs are addressed in the future (Stricker, Wagner, and Zeier Röschman, 2023, p. 19).

The adoption of artificial intelligence (AI) and other digital tools within the insurance sector is accelerating rapidly. Insurers anticipate significant growth in the use of chatbots, mobile applications, and online forms, with Generative AI expected to play a crucial role in customer service (EIOPA, 2024, p. 16). AI is increasingly integrated into digital platforms, fostering a symbiotic relationship in which these platforms create an environment for AI to function effectively. Meanwhile, AI enhances the capabilities, efficiency, and overall value of these platforms (Alt, 2021, pp. 233-237). This interplay emphasises the role of digital platforms as dynamic infrastructures facilitating interactions and transactions, not only within customer relationships but also across the insurance value chain (Nicoletti, 2021, p. 225 – 230; Braun and Jia, 2025).

To fully understand the regulatory landscape for digital insurance platforms, it is essential to view them within the wider context of digital platforms. The EU has adopted a horizontal, cross-sector strategy to regulate digital transformation, encompassing digital platforms. EIOPA has expressed concerns regarding the challenges posed by this dual-layered framework, which generates regulatory complexity, especially in relation to the AI Act. In its communication with EU co-legislators, EIOPA emphasised that the AI Act should complement, rather than replace, sector-specific insurance legislation, thereby ensuring alignment with the industry’s unique needs (EIOPA, 2022a, p. 2).

EIOPA’s concerns are similarly reflected in the Draghi report on EU competitiveness, submitted in September 2024, when considered from a broader perspective. Although it does not explicitly focus on insurance, the report critiques the EU’s cautious regulatory approach, noting the existence of over 100 digital regulations and 270 regulatory authorities, which may impede technological development (Draghi Report, Part A, p.30). It emphasises the need for a balanced regulatory framework to promote innovation in digital platforms, warning against the potential inhibiting effects of applying the General Data Protection Regulation (GDPR) to AI (Draghi Report, Part B, p. 79). Furthermore, the report highlights the necessity of investing in advanced technologies, such as AI, to enhance competitiveness and capitalise on future innovations (Draghi Report, Part B, p. 249).

The relationship between the newly established regulatory framework for digital platforms and existing sector-specific regulations remains insufficiently explored in academic literature. The introduction of this general framework, marked by ambition and complexity, has primarily occupied scholarly discourse, often at the expense of examining its intersections with pre-existing sectoral rules. However, this dual-layered regulatory approach has already raised significant concerns.

This study investigates the interplay between the platform regulatory framework and sector-specific insurance rules, highlighting how the insurance sector—a key industry in the EU—relies increasingly on digital platforms while navigating complex regulatory requirements. Accordingly, Section 2 reviews both general and insurance-specific regulatory sources that shape digital insurance platforms. Section 3 examines the legal status of these platforms in distributing insurance products, focusing mainly on cases where they benefit from exemptions under sectoral regulations. Section 4 analyses the applications of business conduct rules derived from digital platform regulations and insurance-specific standards. It focuses on robo-advice, comparison websites, and influencers assessing how the dual regulatory framework tackles emerging challenges in digital insurance distribution. Finally, Section 5 presents the study’s conclusions.

2. Navigating the EU Regulatory Landscape for Digital and Insurance Platforms

The first objective of this study is to examine the EU regulatory framework for digital transformation and its impact on digital platforms, particularly in the insurance sector. Given that digital insurance platforms operate at the intersection of these frameworks, a comprehensive overview of the most significant regulatory acts is essential. This requires identifying relevant EU laws shaped by general digital platform regulations and sector-specific insurance standards.

The following analysis has a limitation that must be highlighted at the outset. Indeed, the breadth of this regulatory framework prevents a detailed exploration from being included in this essay. While acknowledging the significance of regulations such as anti-money laundering and ESG, the essay does not delve into these provisions and provides only a brief overview of cybersecurity.

2.1. Pioneering EU Regulations for Digital Platforms

The European Union has introduced initial regulations that, while aimed at achieving specific protective objectives, also impact digital platforms. Key initiatives such as the 2010 Digital Agenda for Europe and the 2015 Digital Single Market Strategy have shaped many of these regulatory developments. However, one of these regulations was introduced independently of these initiatives. Notably, they include:

The Directive 2000/31/EC of the European Parliament and of the Council, dated 8 June 2000 (commonly known as the e-Commerce Directive), is one of the earliest pieces of legislation. It establishes a legal framework for online services within the Internal Market. It addresses key issues such as transparency and information requirements for service providers, commercial communications, electronic contracts, and liability limitations for intermediary service providers.

The Regulation (EU) 2016/679 on General Data Protection (GDPR), effective 25 May 2018, governs data protection and privacy for individuals within the EU and the European Economic Area (EEA). It also addresses transferring personal data outside these regions. The GDPR grants individuals greater control over their personal information while imposing stringent requirements on organisations managing such data. For insurance platforms handling sensitive personal and health data, the GDPR mandates robust data protection measures, explicit user consent mechanisms, and strict protocols for cross-border data transfers.

Regulation (EU) 2019/1150, commonly referred to as the Platform to Business Regulation (P2B), was adopted on 20 June 2019. It fosters a fair, transparent, and predictable business environment for smaller businesses and traders utilising online platforms. The regulation requires platforms and search engines to provide clear information regarding terms and conditions, ranking criteria, and any preferential treatment of their products or services. This regulation is pertinent for insurance platforms, as insurance products fall under the definition of ancillary goods and services (see Recital 29), which can be offered to customers prior to the completion of a transaction initiated through the online intermediation services, in addition to and complementary to the primary good or service offered by the business user via these services (Article 2, n.10).

2.2. Key Legislative Milestones in the EU Digital Strategy

On 19 February 2020, the European Commission issued the Communication on Shaping Europe’s Digital Future, which sets out a comprehensive framework for driving the EU’s digital transformation. This framework is aligned with the broader Digital Compass, which outlines the Commission’s vision for Europe’s digital future by 2030.

One of the central objectives is to create a robust regulatory framework that ensures digital platforms operate fairly and transparently. The EU also aims to support the development of digital platforms that can drive innovation, particularly in emerging technologies such as AI, blockchain, and cloud computing. These platforms are designed to facilitate more efficient interactions between businesses, customers, and public authorities. Furthermore, the EU’s digital strategy emphasises the importance of ensuring that digital platforms are safe, secure, and interoperable across borders, contributing to a more integrated and resilient digital economy.

Several key legislative instruments arising from this strategy are influencing the operational landscape for digital platforms:

The Data Governance Act (DGA), in effect since September 2023, establishes a framework for common European data spaces and promotes data sharing across various sectors, including finance, health, and the environment. By fostering trust in data intermediaries and enhancing data-sharing mechanisms, the DGA is essential for insurance platforms that utilise data for AI-driven risk assessment and underwriting models.

The Data Act, which is set to take effect in September 2025, establishes rules governing access to and use of data generated within the EU. It aims to ensure fairness in the digital economy, stimulate competitive data markets, foster innovation, and enhance data accessibility. The Act will have a significant impact on insurance platforms, particularly those utilising IoT-generated data, such as telematics in car insurance.

The Digital Services Act (DSA), effective from 17 February 2024, introduces comprehensive regulations for online intermediaries and platforms, including marketplaces and content-sharing services. Under the DSA, insurance platforms acting as intermediaries, such as comparison websites or marketplaces, must comply with transparency requirements, prevent illegal activities, and adhere to user safety standards.

The Digital Markets Act (DMA) (Regulation (EU) 2022/1925), which is fully applicable from 7 March 2024, targets large digital platforms classified as “gatekeepers.” The DMA seeks to foster fair competition by limiting the dominant platforms’ abuse of market power. Insurance platforms that meet the criteria for the “gatekeeper” designation must carefully evaluate their practices to ensure compliance with this regulation.

2.3. Integrating Insurance into the EU Digital Regulatory Framework.

The insurance sector is influenced by a range of EU regulations, some of which directly address its unique operational needs:

The EU Regulation on Packaged Retail and Insurance-Based Investment Products (PRIIPs) requires platforms offering insurance-based investment products to provide customers with clear, standardised Key Information Documents (KIDs). These documents aim to ensure transparency and support informed decision-making, avoiding inaccurate and misleading disclosure that can lead to investor losses (Article 11(2).

The Artificial Intelligence Act (Regulation EU 2024/1689) introduces risk-based regulations for AI systems, concentrating on high-risk applications such as customer profiling for life and health insurance underwriting and pricing. A supporting directive, proposed on 28 September 2022, modifies non-contractual civil liability rules concerning AI, while Directive (EU) 2024/2853, related to defective products, broadens liability coverage. It categorises software as a product and acknowledges data destruction or corruption as damage, aligning with the AI Act to ensure platforms are accountable for AI systems in the insurance sector.

The Digital Operational Resilience Act (DORA), which comes into effect on 17 January 2025, aims to strengthen the digital resilience of financial entities, including insurers and large insurance intermediaries (Article 2(1)(o) and (3)(e)). It requires robust ICT risk management, regular testing, incident reporting, and compliance with EU regulatory oversight. Additionally, third-party providers managing outsourced operations will face increased scrutiny, thereby enhancing cybersecurity and ensuring service continuity.

Directive (EU) 2023/2673, scheduled to take effect on 19 June 2026, revises customer protection rules for digital platforms providing financial services, including insurance. It also complements the broader framework set forth by Directive 2005/29/EC of 11 May 2005, which regulates unfair commercial practices before, during, and after a business-to-customer transaction, regardless of the industry. Moreover, Directive (EU) 2023/2673 repeals Directive 2002/65/EC, which previously governed the distance marketing of customer financial services, incorporating its provisions into a comprehensive framework. Directive (EU) 2023/2673 requires clear pre-contractual information and simple cancellation processes while prohibiting manipulative “dark patterns.” Customers can now withdraw from distance financial services contracts, enhancing fairness and transparency.

The Directive 2005/29/EC on unfair commercial practices significantly influences digital insurance platforms by prohibiting misleading or aggressive sales tactics. These platforms must provide customers with clear, accurate, and comprehensive terms, conditions, and pricing information while avoiding practices that could deceive or pressure customers into making decisions they might not otherwise make. This includes ensuring transparency regarding cancellation rights and preventing marketing and advertising from misleading or misrepresenting the insurance product.

The Payment Services Directive 2 (PSD2) governs platforms that manage insurance premium payments, mandating secure customer authentication (SCA) and payment transparency. Proposed updates from 28 June 2023 include revisions to PSD2 and the Financial Data Access (FIDA) framework, which expands financial data accessibility beyond payment accounts, thus facilitating data-driven business models within the financial sector.

2.4. EU Insurance-Specific Legislation: Legal Frameworks for Digital Platforms.

In addition to broader EU regulations, Directive 2016/97 on insurance distribution (IDD) and Directive 2009/138/EC on the taking up and pursuit of the business of insurance and reinsurance (Solvency II) are the pillars of EU insurance regulation. They aim to ensure compliance with industry standards, customer protection principles, and prudential requirements.

The IDD, which pertains to digital platforms distributing insurance products, is noteworthy for its focus on customer needs. It requires that insurance products be designed and distributed in line with the interests and needs of their target market, with an ongoing obligation to assess their suitability. Furthermore, insurance distributors must always act in accordance with the best interest of their customers, including when adopting cross-selling practices.

Solvency II sets out governance, capital, and reporting requirements for insurance companies. Digital platforms owned or managed by insurers must adhere to these regulatory standards, which limit insurers’ platform activities to those directly associated with the insurance cycle.

Indeed, both directives impose stringent licensing requirements on insurance-related activities and distribution. Solvency II requires that insurance undertakings confine their operations to insurance business and related activities, explicitly prohibiting engagement in other commercial ventures (Article 18(1)(a)). Similarly, while the IDD allows exemptions for ancillary insurance intermediaries, unlicensed individuals are strictly barred from distributing insurance (Articles 1, 3, 16, and 33). The IDD also enforces cross-border licensing rules, prohibiting distributors authorised in one Member State from operating in another without the relevant licence (Articles 4 and 6). Likewise, Solvency II restricts insurers from underwriting risks in a Member State where they are not authorised to conduct business (Articles 15, 145, and 147).

2.5. Equivalence vs. Conformity: Navigating European Interests.

The legislative landscape governing digital platforms in the EU reveals a fundamental divergence from the approach taken in insurance regulation. While EU laws on digital transformation emphasize strict adherence to European standards, insurance regulation—particularly under Solvency II—incorporates the concept of equivalence, allowing the EU to assess whether third-country regulatory frameworks align with its own, primarily in prudential regulation and supervision. When granted, equivalence benefits both EU and non-EU (re)insurers, depending on the specific recognition area (Articles 172, 227, and 260 of Solvency II).

By contrast, the DSA and AI Act prioritize conformity, requiring third-country providers to comply with EU standards without an equivalence assessment. The DSA mandates that non-EU platforms offering services within the EU adhere to EU regulations, ensuring consumer protection and market integrity. Similarly, the AI Act imposes specific obligations on non-EU AI providers, requiring them to appoint an EU-based legal representative and guarantee compliance with European standards. Unlike Solvency II, these regulations do not recognize foreign frameworks as equivalent but instead demand direct conformity.

The distinction between equivalence and conformity highlights two contrasting regulatory philosophies. Equivalence represents a proactive stance by the EU, promoting international engagement and regulatory alignment. The European Commission has emphasized that this approach enhances the international competitiveness of the EU financial market (Communication COM (2019) 349 final), aligning perfectly with the broader EU perspective (Van Hulle, 2019, p. 646; Busch, 2024, p. 6).

Notably, the EU has adopted an equivalence-based approach in the insurance sector, which plays a crucial role in facilitating the global operations of European (re)insurers by recognizing compatible regulatory frameworks from third countries (Van Hulle, 2019, pp. 607–648; Van den Hurk, 2024, p. 201 and p. 227).

In contrast, conformity represents a defensive regulatory posture, prioritizing the protection of European businesses and consumers from external technological dominance. This approach is particularly relevant in the context of global tech giants based outside the EU, where conformity mechanisms aim to safeguard European markets from the potential risks associated with external regulatory influence.

The absence of leading technological firms in Europe might have discouraged EU lawmakers from adopting an equivalence-based approach to digital technologies and platforms. In any case, the insurance sector inadvertently finds itself at the intersection of these two approaches.

The analysed regulatory framework could gradually shift towards an equivalence model by taking inspiration from and considering regulation advancements from significant Third-country jurisdictions, as an equivalence framework can be established for FinTech companies (Nemeczek, 2024, pp. 156–164).

This evolution could also be achieved through a two-step approach, which aligns with progressive integration of digital technologies in the insurance sector. The initial step would focus on establishing equivalence for technologies that enhance the internal organisation of (re)insurers. The subsequent could then extend equivalence to customer-facing technologies, ensuring a balanced regulatory evolution that fosters innovation and efficiency while maintaining customer protection and market stability. This gradual approach is consistent with the objectives outlined by the European Commission in establishing an equivalence assessment, which include supporting the establishment and functioning of the internal market, ensuring market integrity, enhancing investor protection, and, more broadly, promoting financial stability (Communication, COM (2019) 349 final).

Meanwhile, exploring the costs associated with a conformity-based approach is essential. Empirical analysis could reveal how such an approach impacts innovation, market competition, cross-border investments, and potential barriers to the scalability of European digital solutions. Gaining a clearer understanding of these costs is crucial for policymakers. It will help them determine whether a conformity-based regulatory framework is the best choice or if a more equivalence-oriented framework would better support the growth and competitiveness of the EU insurance sector in the digital age.

2.6. Balancing Cross-Cutting and Sector-Specific Rules in Digital Insurance.

The differing approaches taken by general regulations and insurance-specific rules toward third-country operators reflect a broader legislative policy. Where general and sectoral rules intersect, establishing a clear criterion to bridge these regulatory frameworks becomes essential.

The EU regulatory framework for digital insurance platforms is inherently complex, comprising a multifaceted set of rules that underscore the challenges of governing cross-sector phenomena such as digital platforms. This regulatory mapping reveals a fragmented landscape, highlighting the need for a more coordinated and coherent approach to interpretation and implementation.

As emphasized in the Draghi Report (Part B, p. 77), such regulatory complexity can increase the costs of accessing and operating digital platforms, potentially undermining efficiency and innovation, which digitalization seeks to enhance in the insurance sector.

Moreover, this dual-layer complexity—stemming from both digital and insurance regulations—imposes additional financial and administrative burdens. Notably, smaller insurers face disproportionately higher regulatory costs relative to their yearly premium income compared to their larger counterparts (Eling and Pankoke, 2016, p. 545), further exacerbating market entry barriers and limiting competition and innovation within the industry.

EIOPA has raised concerns about how dual-layer regulation impacts AI tools (EIOPA, 2022a); however, these concerns can be extended beyond AI to encompass the broader regulatory framework for digital platforms (EIOPA, 2022b, p. 43). Industries cannot expect all regulations to be consolidated into a single, tailor-made act; navigating regulatory complexities is an inherent part of business. However, if EU lawmakers extend horizontal regulations to the insurance sector, they must not overlook the sector-specific rules essential to this industry.

The horizontal regulation of digital transformation must consider the existing sector-specific rules that address interests deserving of similar protection The reserve of insurance businesses and insurance intermediation is functional to ensure the adequate protection of policyholders and beneficiaries of insurance benefits, which is the primary purpose of EU insurance regulation and supervision (Recital 16 Solvency II). Also, a cost/benefit analysis of insurance regulation revealed the the p

The EU principle of proportionality serves as a crucial guide in this intricate regulatory landscape. This principle ensures that any action taken by EU institutions, including regulatory measures, does not exceed what is necessary to achieve a legitimate objective (Chalmers, Davies, Monti, 2019, p. 386 f.). It stipulates that measures must be appropriate, necessary, and balanced, signifying that they do not go beyond what is required to attain their goals. In the context of EU insurance regulation, this principle plays a vital role in tailoring regulatory requirements to the size, complexity, and risk profile of insurance undertakings and intermediaries, ensuring adequate supervision without imposing undue burdens (Van Hulle, 2019, p.171-186; Ostrowska, 2021, p. 6-10).

As a result, the principle must ensure that broad regulations align with sector-specific rules, thereby avoiding unnecessary burdens. Regulations tailored to the insurance sector ought to serve as the primary reference point, facilitating the integration of wider rules while adjusting them to the industry’s unique characteristics. EIOPA has underscored the importance of this approach, cautioning against excessive regulatory burdens that could adversely affect the insurance industry and its customers (EIOPA, 2022 and 2025).

Consequently, as previously outlined, this study centres on insurance regulation as its primary theme, situating it within the broader context of digital platform regulations. Historically aimed at ensuring financial stability, customer protection, and market integrity (McGee, 1998, p. 3-5; Ayadi and O’Brien, 2006, p. 35-37; Sharma and Cadoni, 2010; Marano, 2021a, p. 35-43), insurance regulation increasingly intersects with the regulatory frameworks for digital platforms that emphasise competition, data protection, transparency, and accountability within the digital economy.

The following sections clarify how insurance regulation interacts with digital platform rules, revealing synergies and conflicts.

3. The Legal Status of Digital Insurance Platforms: Distribution and Regulatory Boundaries.

This section examines the legal status of digital platforms, a fundamental aspect of understanding their regulatory implications within the insurance sector. The overall regulatory framework regarding digital transformation emphasises the protective purposes of these provisions rather than imposing limitations on the activities of those to whom they apply. Consequently, it often overlooks the activities that industry-sector regulations reserve for entities within the scope of this overarching regulatory framework.

The DSA provides the only formal definition of an “online platform” within the EU framework. It defines an online platform as a hosting service that stores and disseminates information to the public at the request of a service recipient (Article 3). The DSA applies broadly to all digital intermediaries, including e-commerce platforms and social media, without imposing sector limitations.

This broad and adaptable definition intersects with sector-specific regulations. EIOPA has introduced a working definition of platforms as “an interconnected set of services that allows users to fulfil a variety of needs in one integrated experience.” (EIOPA, 2024, p. 55). This definition aligns with a regulatory framework that includes IDD and Solvency II. These regulations impose strict limitations on entities engaged in insurance and distribution activities to ensure that only authorised entities meeting specific criteria can operate within the insurance sector.

EIOPA’s definition encompasses digital distribution channels such as insurance company websites, comparison sites, online platforms, and mobile applications. These platforms create a diverse and dynamic environment for distributing insurance products. EIOPA acknowledged an essential distinction between platforms acting as intermediaries and those purely providing tools to facilitate relationships between insurers and their (prospective) customers (EIOPA, 2024, p. 47).

EIOPA’s approach aligns with the IDD, which defines insurance distribution as activities limited to insurance undertakings, insurance intermediaries, and ancillary intermediaries. In line with its predecessor, the Insurance Mediation Directive (IMD), the IDD establishes a comprehensive regulatory framework that categorises insurance distribution as a regulated activity, including when conducted via a website or other media (Article 2(1). The broad definition adopted by the IDD allows for the inclusion of digital platforms within the expression “other media” (Marano, 2019, p. 295-296). This interpretation is supported by EIOPA, which acknowledges the growing role of digital platforms and artificial intelligence in insurance distribution and highlights the need for further regulatory clarity in this area (EIOPA, 2022b, p.5).

The IDD imposes compliance obligations on all entities engaged in such activities, referred to as “insurance distributors” (Article 2(8)). Consequently, these platforms are regarded as insurance distributors and must comply with IDD requirements. These obligations coexist with general digital platform regulations, resulting in a dual compliance framework.

These insights underscore the necessity to delineate the boundaries of insurance distribution under the IDD. A comprehensive assessment is vital for differentiating platforms that qualify as insurance distributors—thereby subject to sector-specific regulations—from those that facilitate interactions between insurers and customers without engaging in distribution. The latter may fall outside the insurance regulatory framework and be governed exclusively by the general digital platform standard. The following paragraphs will explore this distinction.

3.1. Ownership and Liability of Insurance Platforms

Under the IDD, entities that distribute insurance products through digital platforms are generally classified as insurance distributors (Article 2(1)(1)(3)). If the platform owner is different from the entity carrying out the insurance distribution activities, only the latter is recognised as an insurance distributor and is subject to the IDD requirements.

This distinction indicates that general digital platform regulations apply to owners who do not directly manage or execute the business conducted through their platforms. The liability exemptions for hosting services under Article 5 of the DSA and Article 14 of the E-Commerce Directive also extend to these owners. As a result, platform owners are obliged to fulfil specific responsibilities.

They must clarify their terms of service as mandated by Article 12 of the DSA and Article 3(1) of the Platform-to-Business Regulation. Additionally, they are required to disclose how platform-generated data is utilised under the provisions of Article 9 of the Platform-to-Business Regulation. Hosting service providers must implement systems for individuals or entities to report illegal content, as Article 14 of the DSA stipulated. Furthermore, if platform owners control the processing of user data, they are classified as data controllers under Article 4(7) of the GDPR. Consequently, they must inform users about their data processing practices clearly, concisely, and transparently, as specified in Article 12(1) of the DSA and the GDPR.

The regulatory framework explicitly assigns platform owners the responsibilities outlined, thus relieving insurance undertakings or distributors using these platforms from liability for any non-compliance by those owners. However, insurers/insurance intermediaries must remain vigilant regarding the reputational risks associated with partnering with platform owners who fail to adhere to applicable regulations. Conducting thorough due diligence is essential when selecting compliant and trustworthy partners to protect the reputation of insurers and intermediaries and maintain customer trust.

Furthermore, insurance undertakings and large insurance intermediaries—those not classified as micro, small, or medium-sized enterprises as defined by EU Recommendation 2003/361—must implement ICT risk management practices when using third-party digital platforms to offer their products (Article 27 of DORA). This is essential for ensuring the security and resilience of these platforms. It includes conducting due diligence on providers, establishing contracts that address operational continuity requirements, and continuously monitoring provider performance. The insurer or large intermediary is also responsible for reporting significant ICT incidents to the national competent authority and ensuring that the provider facilitates such reporting (Clausmeier, 2023, p. 84-86, Buttigieg and Zimmermann, 2024, p. 14-16). Consequently, it must ensure that the agreement with the third-party provider includes provisions allowing it to comply with this duty. Moreover, periodic testing of the platform’s operational resilience and integrating DORA into the insurer or large intermediary’s governance framework are crucial for ensuring regulatory compliance and protecting customers (Kourmpetis, 2023, p. 217-219).

If platform owners allow cross-selling practices—offering non-insurance products or services alongside insurance—Article 6(1)(d) of the DMA explicitly prohibits gatekeeper platforms from engaging in self-preferencing. This provision requires platform owners to avoid favouring their products or services over similar offerings from third parties, whether in rankings or other contexts.

Clearly defining the roles and responsibilities of platform owners and insurance distributors enhances the understanding of regulatory arbitrage risks in the digital distribution of insurance products. The following paragraphs analyse specific scenarios in insurance distribution where regulatory arbitrage may arise.

3.2. Group Policyholders and Their Regulatory Status

Group insurance policies are contracts that cover a defined group of individuals under a single policy. While these contracts are typically issued to an employer, association, or similar entity for the benefit of its members, they are utilised in various contexts. In certain EU Member States, providers of products or services through digital platforms have traditionally acted as the policyholder—the entity that enters the insurance contract with the insurer—distinct from the individuals covered under the group policy. These providers could assume this role to avoid classification as ancillary insurance intermediaries, sidestepping the IDD’s regulatory requirements. Despite evading intermediary status, they were frequently compensated for their involvement in the insurance arrangement, often linked to their primary business activities, such as offering other products or services.

The Court of Justice of the European Union (CJEU) has issued rulings on several occasions to clarify the regulatory boundaries of insurance distribution and to prevent the circumvention of relevant rules.

Initially, the CJEU clarified the scope of insurance mediation under the IMD, stating that this concept encompasses preparatory activities that lead to the conclusion of an insurance contract, even if the intermediary does not intend to finalise the contract (CJEU, C-542/16, 31 May 2018, para. 45).

The Court subsequently ruled that an insurance undertaking acting as a policyholder under a group unit-linked contract is engaged in insurance mediation activities if it receives remuneration for its role (CJEU, C-143/20 and C-213/20, 24 February 2022, paras. 87-88).

Recently, the CJEU clarified the dual roles of policyholders and intermediaries. It ruled that the status of an insurance intermediary or distributor is compatible with that of a policyholder. Specifically, the terms “insurance intermediary” and “insurance distributor” under the IDD refer to a legal entity that, for remuneration, offers its customers voluntary membership in a group insurance policy to which it has previously subscribed, granting them membership that entitles them to insurance benefits (CJEU, C-633/20, 29 September 2022, para. 46 ff.).

These rulings highlight the significance of complying with the provisions of the IDD. They clarify that entities facilitating access to group insurance policies, even when acting as policyholders, may fall under the remit of insurance intermediary regulations if they receive remuneration for their role. Consequently, entities distributing insurance products under a group policy they have signed as policyholders are included within the IDD’s scope. This fosters a level playing field and robust customer protection within the insurance sector, even when group policy distribution occurs via digital platforms.

Nonetheless, some national authorities continue to interpret the scope of the latest CJEU ruling in a restrictive manner. They emphasise that the ruling applies specifically to group insurance policies where the policyholder receives remuneration—broadly defined to include any form of economic benefit—the membership of the group insurance contract is voluntary, and insured persons are contractually granted the right to claim insurance benefits directly from the insurer (BaFin, 2023).

However, the ruling does not extend to cases involving group contracts, which are agreements between a group policyholder and an insurer for the benefit of third parties. Under such arrangements, third parties can obtain coverage under the more favorable terms specified in the group contract. In these cases, the group policyholder negotiates the substantive terms of the insurance for a defined group of insured persons, who then individually choose whether to take out coverage under the agreed terms (AFM, 2024).

These distinctions reflect divergent doctrinal interpretations among Member States regarding the concept of group insurance, which encompasses a wide variety of cases (Lima Rego, 2025). However, these distinctions primarily focus on contractual aspects and fail to adequately consider the broader regulatory framework established by the IDD. Notably, the IDD (i) seeks to extend its protections to all situations where activities falling within the definition of insurance distribution are carried out and (ii) has already delineated the specific cases in which it does not apply, regardless of whether distribution occurs through a group contract.

Instead, the exemptions provided under the IDD raise concerns when analyzed in the context of insurance distribution via digital platforms, as discussed in the following paragraph.

3.3. Exempted Ancillary Insurance Intermediaries in Digital Insurance Platforms

The IDD’s provisions risk undermining the effectiveness of the above Court’s rulings regarding the accountability of group insurance policyholders under the IDD risks, particularly in distributing these policies through digital platforms. Such platforms introduce complexities that may create regulatory gaps or ambiguities, enabling policyholders to circumvent the accountability mechanisms established by the CJEUt’s interpretations.

The IDD introduced the category of ancillary insurance intermediaries, which are defined as entities whose principal business is not insurance distribution but who engage in distributing insurance products as a complementary activity to their primary business (for example, travel agencies offering travel insurance or car rental companies providing collision damage waivers). These intermediaries may qualify for exemption from the IDD’s requirements if they satisfy certain conditions outlined in Article 1(3):

The insurance products must be ancillary to the primary goods or services provided by the intermediary.

The insurance must solely cover risks associated with the primary goods or services (for example, travel cancellation or vehicle damage).

The total premium for the insurance product must stay below the thresholds established by the directive, ensuring that insurance distribution remains a minor aspect of the intermediary’s overall activity.

Even when exempt, ancillary insurance intermediaries must still adhere to basic customer protection standards, such as providing clear and transparent information about the insurance products (Article 1(3)(a)(b)(c)) and avoiding conflicts of interest that could harm customers, thereby ensuring fair treatment in the distribution process. This exemption reflects the IDD’s aim to balance adequate customer protection with the need to avoid disproportionate regulatory burdens on businesses where insurance distribution plays only a minor, supplementary role (Marano, 2021b, p. 7).

The growing influence of digital insurance platforms has raised significant concerns about their potential to exploit exemptions under the IDD. Digital transformation enables these platforms, often operating as ancillary insurance intermediaries, to achieve a scale of distribution that would likely be unfeasible through traditional face-to-face channels (Marano, 2021b, p. 8). By offering insurance products as a supplementary service to their primary business and meeting the exemption criteria, these platforms can circumvent the full regulatory scope of the IDD.

This regulatory gap is particularly concerning because digital platforms’ scale and reach enhance their ability to distribute insurance widely, potentially undermining customer protection and oversight mechanisms. An ongoing concern is that such platforms may deliberately structure their operations to fit within exemption thresholds, avoiding full compliance while exerting significant market influence (Marano, 2021). These developments underscore the urgent need for stricter regulatory scrutiny to prevent the misuse of exemptions and ensure that consumer protection remains robust in the evolving digital insurance landscape.

Digital platforms also significantly reduce, if not eliminate, geographical barriers to reaching potential customers. Their standardised distribution mechanisms allow insurance companies from one Member State to connect seamlessly with customers in other Member States. While this facilitates the integration of a single insurance market within the EU, it also poses considerable challenges for supervisory authorities.

A key concern is whether these authorities can effectively assess if insurance companies have sufficient resources to implement and manage all phases of the Product Oversight and Governance (POG) process—ranging from defining the target market and ensuring value for money to conducting ongoing monitoring—when operating across borders through digital platforms managed by exempted ancillary intermediaries. Furthermore, it is challenging to ascertain whether these companies can take meaningful remedial action against distributors when the latter form a significant or exclusive part of their distribution network.

Until the exemption rules are revised, EIOPA’s initiative requiring insurance manufacturers to include products distributed via digital platforms operated by ancillary intermediaries within their distribution monitoring under the POG framework is commendable (EIOPA, 2020, p. 15). This approach strengthens oversight by ensuring that digital distribution channels, even when operated by ancillary intermediaries, are subject to product oversight and governance (POG) requirements.

However, the effectiveness of this initiative will depend on whether national supervisory authorities extend such guidance to exempted ancillary intermediaries, ensuring a level playing field and reducing the risk of regulatory arbitrage. The considerations outlined above suggest that this measure serves more as a temporary solution than as a definitive one. Although national provisions can alleviate some of these challenges within the minimum harmonisation framework of the IDD, the lack of a timely and coordinated EU regulatory response risks undermining consistent customer protection across Member States.

3.4. Regulatory Role of Insurance Referral Agents or Tipsters

Another perspective that has not yet been discussed relates to activities outside the scope of the IDD application.

The IDD excludes from its scope activities that involve providing data and information related to potential clients to insurance intermediaries or undertakings, as well as information about insurance products and intermediaries to potential clients. These exclusions apply when the entity supplying such data or information (the “insurance referral agent” or “tipster”) does not engage in activities aimed at concluding an insurance contract.

EIOPA pointed out that digital platforms can restrict their role in facilitating relationships between insurers and prospective customers. Therefore, they are exempt from the IDD’s obligations and, more fundamentally, from being classified as intermediaries. For example, digital platforms enabling clients to contact an insurance distributor by displaying the distributor’s name and providing a link to their website are not considered engaged in insurance distribution under the IDD. Consequently, such platforms are only subject to the general rules applicable to digital platforms and do not carry the additional regulatory responsibilities associated with insurance distribution.

Furthermore, the IDD emphasises that the forms of remuneration specified in the directive are only relevant when the activity qualifies as insurance distribution. If the referral activity does not lead to activities finalised to the distribution of an insurance contract, the remuneration becomes irrelevant to its classification.

Regardless of compensation, referral activities must be organised to ensure that the tipster does not engage in any actions to conclude the insurance contract following the initial facilitation of contact. Insurers and intermediaries benefiting from the referral activity are liable if the platform is not designed to prevent the tipster from participating in distribution activities. Simultaneously, supervisors should oversee how the supervised entities, namely insurers and intermediaries, ensure that the boundaries between referral activity and distribution are not blurred.

3.5. Peer-to-Peer “Pure” Model in Insurance: Regulatory Boundaries and Implications.

Digital transformation can give rise to disruptive business models, one of which is peer-to-peer (P2P) insurance. This model operates as a risk-sharing network, where a group of individuals with mutual interests or similar risk profiles collectively pools their “premiums” to insure against a common risk (EIOPA, 2019, p. 26). In the market, three distinct P2P business models can be identified, with platforms functioning as either insurers, brokers, or technical service providers (EIOPA, 2019, p. 26).

The last model, often referred to as the P2P “pure” model, represents a form of protection in which individuals or small groups pool resources to provide coverage for one another. In this model, participants contribute to a common fund that is used to cover members’ claims. It is considered “pure” because it operates without traditional intermediaries such as insurers or brokers. Instead, it relies on mutual trust and collective responsibility among participants, who are grouped by the platform’s managing entity, which facilitates the pooling process and attracts new members.

This concept has garnered attention in the EU due to its potential to disrupt the traditional insurance market by offering more flexible, user-driven solutions (Denuit and Robert, 2021; Levantesi and Piscopo, 2021; Denuit, Dhaene, and Robert, 2022,). However, it raises significant questions regarding regulation and its compatibility with existing legal frameworks (EIOPA, 2019, p, 27;Lima Rego, and Campos Carvalho, 2020, p. 41-45).

These encompass issues related to the classification of P2P schemes under EU law, as they may blur the distinctions between mutual aid and formal insurance contracts. Solvency requirements pose another challenge, as traditional insurers must meet stringent capital buffers that P2P models may lack, potentially placing participants at risk in the event of claims. Customer protection is also a concern, given the absence of a regulated entity overseeing the fund pools, unlike traditional insurance. Finally, cross-border challenges arise due to differing perspectives in various EU countries on whether P2P insurance should be regulated as conventional insurance, which could impede scaling across multiple jurisdictions.

These concerns indicate that licensing and prudential regulation must evolve to ensure that P2P models comply with customer protection and financial stability standards. EIOPA has recognised the existence of this model and seeks to understand how it operates and its potential impact on - deviations from- traditional insurance. As a result, it has opted to delay regulatory intervention until the model gains broader market adoption (EIOPA, 2019, p. 31).

The evolution of the EU regulatory framework for digital transformation suggests that certain regulations could serve as appropriate benchmarks for governing this “pure” model, provided it is considered outside the scope of insurance regulation. The references include Regulation (EU) 2020/1503 on European crowdfunding service providers for business and the DSA. Although none of these frameworks were explicitly designed for insurance, they provide essential regulatory principles that can be adapted to P2P “pure” model.

The Crowdfunding Regulation provides a legal framework for platforms that facilitate crowdfunding and shares similarities with P2P insurance models. Both depend on digital platforms to pool resources, with crowdfunding aimed at raising capital and P2P insurance focused on pooling funds to cover risks. Regulation (EU) 2020/1503 emphasises transparency, investor protection, platform governance, and cross-border operations, and it could extend to P2P insurance platforms. For instance, P2P insurance platforms may need to disclose their operations, risk management strategies, and governance structures, akin to the requirement for crowdfunding platforms to be transparent about the projects they host to be funded.

The DSA’s emphasis on ensuring the safety and accountability of digital platforms is particularly relevant to P2P insurance models. Just as platforms are required to manage harmful content, P2P insurance platforms may also be responsible for managing risks such as fraud or misleading information. The DSA’s emphasis on platform accountability, customer rights, and risk management serves as a benchmark for potential requirements for P2P insurance providers to ensure secure and transparent operations. Also, the DSA contains provisions for transparency regarding the operational processes of platforms and the resolution of disputes, which could directly impact how P2P insurance platforms communicate their processes to participants, ensuring that they understand how funds are managed, how claims are processed, and what protections are in place.

In summary, although the EU has yet to establish a specific regulatory framework for P2P insurance, the principles outlined in the Crowdfunding Regulation, and the Digital Services Act, provide valuable guidance. These frameworks emphasise transparency, customer protection, platform responsibility, and cross-border operations. All these aspects are essential for regulating innovative models like P2P insurance.

However, the recalled regulations emphasise the necessity of authorised and monitored platforms to ensure compliance with standards that protect customers and foster trust. By embracing similar principles, P2P insurance platforms may require regulatory oversight to guarantee they can fulfil their obligations and provide safeguards for participants in disputes or platform failures.

Insurance authorities ought to have the authority to oversee these platforms. From a substantive perspective, the responsibilities of the platform manager towards its service users closely resemble those owed to the insured. Although the platform manager is not directly liable for paying benefits in the event of a claim, it must ensure that the claim is processed if it meets the coverage conditions. This necessitates proper organisation of the pooled funds to maintain ongoing financial viability, which includes calculating the “premium” charged to participants and effectively managing the assessment of claims and overall customer relations.

These considerations become even more pertinent if the potential regulation of these platforms allows them to use the term “insurance” or its equivalent, such as “guarantee” or “protection”, as the insurance supervisory authorities are better equipped to determine whether the activity – alongside the associated obligations - remains confined to P2P or if this model is being misused to evade responsibilities as an insurer or insurance intermediary. Furthermore, the lack of pure P2P model operators in Member States could compel European legislators to assign EIOPA exclusive supervisory authority. This would guarantee a uniform interpretation of the regulatory framework while simultaneously preventing the model from evolving into insurance distribution, which continues to be overseen by national authorities.

4. Compliance Challenges in Digital Insurance Platforms: Business Conduct Rules

This section examines the regulatory and legal implications of digital insurance platforms, focusing on the conduct rules under EU law—specifically, those that govern the relationship between distributors and customers on the platform—to ensure a comprehensive understanding of the regulatory framework aligned with protective objectives.

The IDD establishes rules of conduct to ensure that insurance intermediaries and undertakings act in the best interests of their customers (Article 17 of the ID). These rules also apply to digital insurance platforms involved in distribution, requiring that they prioritise customer needs over commercial interests. The IDD further introduces specific regulations regarding information disclosure, including pre-contractual information and product suitability assessments. Digital platforms must ensure these requirements are fulfilled, even when employing automated tools or AI-driven algorithms to interact with customers.

While primarily focused on prudential regulation, Solvency II indirectly affects business conduct by imposing governance and risk management requirements on insurers. Articles 41 to 49 highlight the significance of internal controls, including digital platforms for product distribution and policy administration. These rules are linked to those regarding product oversight and governance (POG), which mandate insurers (: manufacturers) to ensure that products are targeted towards the appropriate market, as stipulated by the POG provisions in Article 25 of the IDD and the implementing Commission Delegated Regulation (EU) 2017/2358 of 21 September 2017 (Marano, 2021c, p. 61). Moreover, platforms must provide suitability or appropriateness assessments for specific insurance products, particularly those classified as insurance-based investment products (IBIPs).

However, applying this regulatory framework to digital platforms can be challenging. Three areas will be explored: (i) distribution through platforms deemed exempt ancillary intermediaries, (ii) sales accompanied by advice, and (iii) the role of comparison websites and insurance influencers. The following three paragraphs will discuss these issues in the order presented.

4.1. Distribution by Exempted Ancillary Intermediaries

Concerns have been raised regarding exempt ancillary intermediaries (see para. 3.1.3), as the boundaries between insurance distribution and referral activities can become blurred (see para. 3.1.4). Justifying the exemption for digital platforms poses a challenge due to their vast scale and role as distribution tools. The distinction between insurance distribution and referral activity can also become ambiguous, especially when platforms provide interactive tools or recommendations, which may subject them to insurance distribution regulations.

EIOPA has sought to address this regulatory gap to prevent regulatory arbitrage by establishing supervisory expectations regarding product oversight and governance. These expectations include ensuring that distribution activities are adequately monitored across specific channels (e.g., ancillary intermediaries or distance selling) to verify that products align with the needs of their target markets (EIOPA, 2020, p. 15). Notably, these expectations should extend to exempted intermediaries, as the duty falls on insurers-manufacturers that are subject to the IDD. However, the indirect application of IDD rules remains constrained by insurers’ limited ability to enforce compliance on entities that are neither obligated nor supervised. This challenge is further compounded when digital platforms serve as key distribution channels for insurers, weakening their bargaining position and making it difficult to impose or effectively oversee regulatory requirements.

The potential shortcomings of insurance regulation are not effectively addressed by other rules applicable to digital platforms, as these frameworks primarily focus on the flow of information to customers rather than from customers.

The IDD establishes a fundamental mechanism for consumer protection by requiring distributors to assess customers’ demands and needs, thus ensuring that insurance products meet their specific requirements (Article 20). This process commences with customers providing relevant information regarding their financial situation, personal circumstances, and insurance needs, which can be gathered through direct interactions, questionnaires, or online forms.

In contrast, the DSA, DMA, and GDPR emphasise transparency and fairness in digital markets. However, they do not require distributors to collect information from customers. The DSA enforces transparency in product rankings and algorithmic decisions but regulates only the flow of information to customers, not from them. Similarly, the DMA addresses anti-competitive practices among gatekeeper platforms. Yet, it applies to a limited number of entities and does not impose any obligation to evaluate customer demands and needs. The GDPR guarantees clear data processing disclosures but does not regulate the information that distributors must gather. Consequently, these regulatory frameworks fail to ensure that digital insurance platforms actively seek and assess customer needs, a gap that the IDD primarily addresses.

In conclusion, regulatory gaps persist in digital insurance distribution provided by exempt ancillary intermediaries. EIOPA’s efforts to impose oversight remain limited as insurers struggle to enforce IDD requirements on unsupervised platforms. While the DSA, DMA, and GDPR address transparency and competition, ensuring that platforms evaluate customers’ demands and needs is outside their scope.

4.2. Regulating Sales with (Robo)Advice in Digital Platforms

Advice provided through digital platforms is another critical area requiring scrutiny. While these platforms can enhance accessibility and customer experience, the quality of advice must align with IDD standards. Automated advice tools, such as robo-advisors, must ensure that their algorithms do not prioritise products based on commercial interests at the expense of customer needs (EIOPA’s Consultative Expert Group on Digital Ethics in insurance, 2021).

IDD requires insurance intermediaries or undertakings to disclose to customers in good time before the conclusion of an insurance contract whether they provide advice about the insurance product sold (Article 18). The advice for all insurance products can be “basic” or based on a fair and personal analysis.

Where “basic” advice is offered, the insurance distributor must provide the customer with a personalised recommendation, outlining why a specific product would best satisfy the customer’s demands and needs (Article 20).

When an insurance intermediary informs the customer that it provides its advice based on a fair and personal analysis, it must base that advice on an evaluation of a sufficiently large number of insurance contracts available in the market to enable it to make a personalised recommendation, using professional criteria, regarding which insurance contract would be suitable to meet the customer’s needs (Article 20).

The reference to a “personal/personalised” recommendation does not imply that the distributor must provide it in person.

In general terms, the level of human oversight in AI should be proportionate to the risks, scale, and complexity of its use case, considering existing governance measures. When firms deploy automated models with minimal oversight, they should enhance explainability, data management, and system robustness, particularly for high-impact applications. Conversely, limited explainability can be offset by stronger human oversight and data management throughout the AI model lifecycle (EIOPA’s Consultative Expert Group on Digital Ethics in insurance, 2021, p. 49).

Instead, the reference to personal/personalised requires the advice to be focused on the specific demands and needs of the customer to whom it is directed and follow the “likelihood to need” approach instead of “likelihood to buy” (EIOPA’s Consultative Expert Group on Digital Ethics in insurance, 2021, p. 28). Therefore, a robo-advisor can advise without necessarily being supported by humans.

The literal content of the IDD supports this statement. The IDD focuses on analysing customers’ demands and needs. Recital 44 expressly states that, to avoid mis-selling cases, a demands-and-needs test should always accompany the sale of insurance products based on information obtained from the customer. Thus, the distributor must provide the customer with an output (the proposed product) derived from the analysis of the customer’s inputs as investigated by the distributor. Indeed, Recital 44 further states that any insurance product proposed to the customer should always be consistent with the customer’s demands and needs and presented in a comprehensible form to enable that customer to make an informed decision.

The sale with advice must offer added value compared to a sale without advice. Both depend on the flow of information from the customer. However, Recital 45 of the IDD explicitly links the duty to specify customers’ demands and needs to the “personalised” recommendation, which clarifies why a particular product is most suitable for the customer’s insurance requirements. Consequently, the added value of the advice lies in explaining why the product “best meets” the customer’s needs and demands. Meanwhile, a sale without advice is merely consistent with the customer’s demands and needs (Article 20(1)).

This conclusion aligns with the principle of technological neutrality, which advocates that laws, regulations, and policies should neither favour nor discriminate against particular technologies. This principle fosters innovation by allowing market participants to develop and adopt new technologies without encountering regulatory obstacles favouring established companies or outdated methods. It ensures that businesses compete based on efficiency, security, and customer benefits rather than advantages based on specific regulatory preferences.

The European Commission has consistently emphasised this principle to prevent legislation from stifling innovation while maintaining customer protection and market integrity. Consequently, multiple regulatory frameworks embody technological neutrality, including the DSA, GDPR, and DORA. The AI Act is a notable example of this neutral approach, focusing on risk-based assessments rather than banning specific AI applications outright.

However, it is essential to acknowledge that technology may not always be neutral. Regulators must balance neutrality and implementing targeted interventions, especially when specific technologies pose unique risks.

Article 14 of the AI Act highlights the necessity of human oversight in high-risk AI applications. It stipulates that these applications cannot operate without appropriate human control and accountability. This requirement ensures that human operators clearly understand how the AI system works, including its capabilities, limitations, and potential risks, enabling informed decision-making. Operators should be able to interrupt, disable, or override the system if it produces incorrect, harmful, or unlawful outputs (Staszczyk, 2024, p. 54-55). As a result, AI systems must integrate robust monitoring tools that allow for real-time human intervention when necessary (Mahler, 2024, 15; Enqvist, 2023, p. 520-528).

It is important to note that the AI Act does not mandate that every piece of advice given by AI be verified and approved by a human prior to delivery. AI tools are not required to undergo real-time human verification for each output, nor is a human operator expected to decide every outcome. Instead, human oversight ensures the system operates within legal and ethical boundaries. Rather than replicating or replacing the AI’s functionality, these oversight mechanisms are designed to validate compliance with legal standards and mitigate risks, ensuring that AI-generated outputs meet regulatory and ethical requirements.

The AI Act underscores the importance of transparency and consumer awareness. It requires individuals to be informed when they receive advice from an AI system rather than a human. Article 50 mandates that providers of AI systems engaging directly with individuals must disclose this interaction unless it is already evident to a knowledgeable, attentive, and prudent person based on the context. This obligation is particularly pertinent to the two categories of advice regulated by the IDD for insurance-based investment products: ongoing advice and independent advice.

All advice on insurance-based investment products must comply with Article 30(5)(2) of the IDD, which requires distributors to issue a clear pre-contractual statement explaining how their recommendation aligns with the customer’s preferences, objectives and other relevant characteristics.

EIOPA has explored ways to streamline advice in the context of digitalisation, aiming to provide a well-designed, low-cost solution for customers with straightforward needs and small investments, avoiding time-consuming fact-finding. Streamlined advice could integrate automated and traditional models (e.g., semi-automated or robo-advice alongside face-to-face or telephone-based services) while leveraging AI and open insurance systems to enhance personalisation and portability of suitability assessments. However, as digital selling methods (e.g., AI and algorithms) heighten risks related to pre-contractual information and the demands-and-needs process, introducing “streamlined advice” poses challenges. In AI-driven models, ensuring transparency requires disclosing the algorithm’s reasoning, selection criteria, and potential conflicts of interest to enhance consumer protection (EIOPA, 2022c, p 83-84).

Under Article 29 of the IDD, distributors advising on insurance-based investment products must inform customers whether they will conduct regular suitability assessments to ensure that recommended investments remain appropriate over time. Given the high costs associated with human advice, AI-driven tools—particularly robo-advisors—seek to lower barriers to accessing portfolio management services. These assessments consider changes in the customer’s financial situation, investment objectives, and market conditions, enabling clients to maintain long-term relationships with AI-based advisory models. This ongoing relationship underscores the need for a regulatory framework that ensures transparency and explainability in AI-driven decision-making. While entities managing robo-advice are not required to disclose their algorithm’s code to customers, they must provide clear explanations of the parameters used in decision-making, including their relative weights. This disclosure should clarify how the algorithm evaluates a customer’s personal needs, forming the foundation for the advice provided.

Alongside or as an alternative to offering ongoing advice, the IDD imposes strict conditions on independent advice. When an intermediary claims to provide independent advice, they must evaluate a sufficiently broad range of products from diverse providers to ensure the client’s needs are adequately met (Article 29(3)(3)). They cannot limit their assessment to products from entities with which they have close affiliations. Unlike impartial advice, which suggests objectivity, independent advice requires a genuine market-wide comparison. Algorithmic models must be programmed to meet this requirement, supervisory authorities must verify compliance, and customers should receive a statement demonstrating the effectiveness of the products’ selection.

Finally, in all cases of robo-advice, the provisions of Article 5(1)(c) of the AI Act—which prohibits unacceptable AI-enabled social scoring practices—must be carefully considered. A potentially relevant case concerning robo-advice is referenced in the Guidelines on Prohibited Artificial Intelligence Practices established under the AI Act, which the Commission adopted on 4 February 2025. In its guidance, the Commission explicitly cited the example of an insurance company that collects spending and other financial data from a bank, even when such information is unrelated to assessing candidates’ eligibility for life insurance. The AI system then analyzes this data to determine premium pricing or recommend whether to refuse coverage altogether, potentially leading to discriminatory or unfair outcomes.

Although this prohibition is expressly set out in the AI Act, the IDD already establishes the overarching principle that insurance distributors must act honestly, fairly, and professionally in the best interest of their customers. Consequently, a robo-advice system designed primarily to maximise the insurer/distributor’s profitability at the expense of customers’ interests would be inconsistent with this fundamental principle.

4.3. The Role of Comparison Websites, Fin-Influencers and Virtual Influencers

Comparison websites have long been an effective digital tool in the insurance sector (Marano, 2016). EIOPA has discussed the role of comparison websites in promoting fair competition (EIOPA, 2014). The authority issued a set of “good practices” that, while not legally binding, should be considered as complementary guidance alongside the relevant EU and national legislation or regulations (EIOPA, 2014). These good practices align with the Insurance Mediation Directive (IMD) framework. The subsequent IDD explicitly includes comparison websites if they meet the criteria to be classified as insurance distributors. However, it does not provide specific guidelines for these comparison websites. Nevertheless, the “good practices” issued under the IMD framework remain valuable for addressing the issues arising from the increasing use of AI tools by comparison websites.

The suggested “good practices” for presenting information and the criteria applied to determine the rankings underscore the significance of transparency in how algorithms prioritise or rank products and disclose any financial incentives or partnerships that may influence these rankings, thereby preventing conflicts of interest that could mislead customers.

Websites should not rely solely on price for comparisons. Instead, they should enable users to select and prioritise various product features, such as guarantees, exclusions, or limitation clauses, to ensure a balanced comparison tailored to individual preferences. If a comparison website does not provide all available quotes, it should clearly explain the criteria used to select the displayed products. This transparency helps users understand the basis of the comparison and fosters trust in the impartiality of the information provided. Additionally, comparison websites should disclose any commercial, contractual, or ownership relationships with insurance providers, including whether insurance companies pay for their display or inclusion on the site. This level of transparency allows users to assess the potential influence of these relationships on the comparison results (EIOPA, 2014).

These provisions align with those of the DSA and DMA, although they cover different areas. The DSA broadens the scope further, regulating all digital platforms connecting customers with goods, services, or content. Platforms must disclose key parameters behind ranking algorithms, particularly for large platforms that face additional obligations, such as conducting regular risk assessments. Similarly, the DMA emphasises the importance of fairness and transparency in ranking systems but applies these principles to gatekeepers across all digital markets, such as search engines or app stores. Gatekeepers must avoid self-preferencing, where their products or services are unfairly prioritised over competitors.

All three frameworks converge on the necessity of transparency, which fosters customer trust in digital services. Whether the service is a niche insurance comparison tool (EIOPA) or a global e-commerce platform (DMA/DSA), customers must comprehend how rankings are generated and whether commercial relationships impact them. They also seek to ensure fairness by preventing rankings from misleading or disadvantaging users. This alignment establishes a consistent expectation of transparency and fairness across digital services.

The AI Act does not explicitly address AI systems employed by comparison websites. The recalled Commission’s Guidelines on Prohibited Artificial Intelligence Practices established under the AI Act. emphasise that the prohibitions set out in Article 5(1)(a) and (b) of the AI Act complement Article 25(1) of the DSA, which prohibits the use of dark patterns in user interfaces. This provision aims to ensure that online platform providers do not mislead or manipulate users into actions that do not align with their genuine intentions. Dark patterns, when likely to cause significant harm, should be regarded as an example of manipulative or deceptive techniques within the meaning of Article 5(1)(a) of the AI Act.

Furthermore, AI systems used in life and health insurance for risk assessment and pricing are classified as high-risk. Consequently, insurance comparison websites that utilise AI to analyse and present insurance products must determine whether their AI systems fall into this high-risk category. This assessment is also necessary if the AI system on an insurance comparison website influences customer decisions or personalises recommendations. Due to its potential impact on customer rights and financial choices, such a system may be deemed high-risk.

The website must adhere to the regulations of the AI Act concerning high-risk AI systems in these contexts. These obligations include implementing a risk management framework, establishing data governance protocols, ensuring transparency, maintaining accurate records, providing essential information to users, and facilitating human oversight (Articles 9, 10, 12 13, 14, 29).

Digital transformation is continuously driving the evolution of distribution models, reshaping how insurance and financial products are offered and accessed. Comparison websites explicitly provide side-by-side evaluations of multiple insurance products, making it essential to ensure transparency in how they select and present the options that best align with customer needs. However, product selection and recommendation are not confined to these platforms alone. An alternative and increasingly influential model has emerged through financial influencers, or “fin-influencers,” who have, for some time now, played a growing role in shaping customer choices in the insurance and financial sectors (Hayes and Ben-Shmuel, 2024; Hamamci and Aren, 2024) and influence financial market performance of firms (Keasey, Lambrinoudakis, Masciahang, 2024).

Insurance comparison websites and fin-influencers may influence customer choices within the insurance market and be interconnected. Insurance influencers might guide their followers to comparison websites through affiliate marketing, referral links, or sponsorship agreements. Furthermore, they can produce content that explains insurance concepts and recommends tools (including comparison platforms) to assist customers in finding the best offers. However, it is essential to recognise that influencers can shape customer perceptions of insurance products, potentially biasing behaviour before visiting a comparison site. If fin-influencers misrepresent products or exaggerate certain providers based on partnerships, they could compromise the objectivity that comparison websites assert, leading to potentially distorted customer decisions.

Recognising the growing role of these influencers, the European Commission’s Retail Investment Strategy (RIS), proposed in May 2023, aims to enhance retail investor protection and ensure fair treatment. The strategy emphasises the need for marketing communications to be fair, clear, and not misleading. It includes content disseminated by these influencers. The RIS also seeks to modernise disclosure rules, develop benchmarks for evaluating financial products, and address potential conflicts of interest. To this purpose, the proposal requires the investment firm to provide the fin-influencers’ identity and contact information to competent authorities. These measures empower customers to make informed investment decisions aligned with their needs and preferences.

The future regulation of influencers in the insurance industry should align with current insurance distribution regulations. It has been previously observed that straightforward referral activities fall outside the scope of insurance distribution. Therefore, if influencers do not overstep the (narrow) boundary into distribution, they will only need to comply with new rules concerning communication and transparency in their messages aimed at customers.

Technological advancements have led to the emergence of virtual influencers—fully computer-generated digital characters designed to engage with the public via social media, chatbots, and various digital platforms. These characters develop unique identities and personalities through the use of AI, advanced graphics, and motion capture technology, which allows a human actor’s movements to be digitally transferred to the character, enhancing realism (Tranholm Mouritzen, Penttinen and Pedersen, 2023). Despite lacking a physical presence, virtual influencers can effectively communicate with followers, influence customer behaviour, and drive trends across various industries, including insurance and financial services (Mertens and Goetghebuer, 2024, p. 7-10). In this context, the recalled provision of the AI Act, which mandates that individuals interacting with chatbots be informed that they are engaging with artificial intelligence, is commendable.

However, the use of virtual influencers to promote insurance and financial products raises significant regulatory challenges that cannot be fully addressed under the EU Unfair Commercial Practices Directive (Mertens & Goetghebuer, 2024, pp. 19–34). One key challenge concerns the effectiveness of penalties for non-compliance with the rules expected to be introduced under the Retail Investment Strategy (RIS). Since these digital entities do not possess legal personality or personal liability, enforcing sanctions against them can be nearly impossible, especially if the legal entities behind these influencers are situated outside the EU or lack the financial resources to withstand penalties.

To address this issue, the RIS proposal to disclose the identities of fin-influencers should also encompass the identities of the companies or individuals responsible for creating or utilising the virtual fin-influencers. This information could aid in shifting regulatory responsibility to the entities that benefit from their promotional activities — such as insurance companies and intermediaries — ensuring that they remain accountable for any misleading or non-compliant practices associated with virtual fin-influencers. This approach would align with existing customer protection principles in the “real” world, reinforcing transparency, fairness, and accountability in digital promotions and instilling confidence in the integrity of the proposed solution.

5. Conclusions

The regulatory landscape for digital insurance platforms in the EU is rapidly evolving due to technological advancements and the necessity for strong customer protection and market stability. While significant progress has been made in regulating digital platforms, challenges remain in aligning horizontal digital regulations with sector-specific insurance rules. This misalignment creates legal ambiguities and compliance uncertainties.

The current landscape, shaped by a complex interplay of laws, reveals ongoing ambiguity regarding the legal status and compliance obligations of digital insurance platforms. Moreover, insurance regulation should reconsider the exemptions currently in place, considering the size and scale of digital platforms. As digital business models, such as peer-to-peer insurance and AI-driven platforms, continue to reshape the sector, regulators must balance cross-sector rules and tailored insurance regulations to ensure fairness, transparency, and customer protection.

Compliance with business conduct is becoming increasingly important, particularly in areas like distribution practices, robo-advice, and the role of influencers. A forward-looking regulatory approach should prioritize proportionality and technological neutrality, integrating horizontal regulations without imposing unnecessary constraints on insurance-specific rules. This perspective aligns with the emphasis of the Draghi report on fostering a competitive and innovation-friendly regulatory framework within the EU.

On 29 January 2025, the European Commission presented the Competitiveness Compass, building on the Draghi report’s analysis to revitalize Europe’s economic dynamism and foster growth. The Compass outlines three key pillars, supported by five horizontal enablers, including regulatory and administrative simplification. Ideally, this enabler should serve as a guiding principle in addressing most of the challenges identified in this study.