EU AI Act in Life and Health Insurance (Annex III, 5)

April 27, 2026· Category: EU AI Act · Reading time: 3 min · As of 2026-05-02

Practitioner note: This is not legal advice. For specific situations, consult a qualified attorney or compliance officer.

TL;DR

Annex III, 5(b) classifies AI for risk assessment and pricing in life and health insurance as high-risk
Special-category health data under Art. 9 GDPR — explicit consent + Art. 10 EU AI Act bias test
FRIA mandatory — the deadline is Aug 2, 2026 for this Annex III, 5 sub-area (not postponed)
Prohibited under Art. 5: subliminal influence; exploiting vulnerability of the ill
Dual oversight: notified body for conformity assessment + insurance regulator (BaFin in Germany)

1. Annex III, 5(b)

Covers "AI systems intended to be used for risk assessment and pricing in relation to natural persons in the case of life and health insurance." Pure underwriting decision-support tools using AI fall squarely in scope.

2. Special-category data under Art. 9 GDPR

Insurance health data is Art. 9 GDPR special-category data. Requires explicit consent (Art. 9(2)(a)) or another exception, plus the Art. 10 EU AI Act bias-test obligation. Document the legal basis and the bias-test methodology together.

3. FRIA mandatory

Annex III, 5 deployers must conduct a Fundamental Rights Impact Assessment under Art. 27 by Aug 2, 2026. Risk areas: discrimination based on pre-existing conditions, genetic disposition, age, or disability. Document mitigations including human review of adverse decisions.

4. Prohibitions under Art. 5

Subliminal influence is prohibited. Exploiting vulnerability based on illness is prohibited. Marketing or upselling AI that targets diagnosed patients with manipulative messaging is out of scope.

5. Conformity assessment (Art. 43)

A notified body is recommended given the high-risk classification and special-category data. Engage the insurance regulator (BaFin in Germany, FMA in Austria, FINMA in Switzerland) early — sector supervision adds requirements beyond the AI Act baseline.

Summary

Life and health insurance AI is the rare Annex III, 5 sub-area still on the original Aug 2, 2026 timeline. Insurers must run FRIA, document Art. 10 bias tests, exclude prohibited practices, and coordinate with both notified body and BaFin. Health-data sensitivity makes this one of the highest-stakes AI use cases in the SME world.

View EU AI Act Kit →

Frequently Asked Questions

What is not permitted?

Genetic data as a criterion (GenDG, German Genetic Diagnosis Act). Pre-existing condition-based automatic rejection without human review.

BaFin supervision?

Yes, dual supervision (BaFin insurance supervision + BNetzA AI Act).

Sources

Regulation (EU) 2024/1689 — EU AI Act (Annex III(5), Art. 5, Art. 10, Art. 27, Art. 43) (As of: 2026-05-02)
EU AI Act Art. 27 — FRIA (As of: 2026-05-02)
Regulation (EU) 2016/679 (GDPR) — Art. 9 special category data (As of: 2026-05-02)

Tools & self-assessments

EU AI Act Quick Test Classifies your AI system by risk level (Art. 6, Annex III). Fining Calculator Estimate the potential fine exposure for your organisation. EU AI Act Self-Assessment Classification plus obligations mapping for all AI systems in the organisation. AI Inventory Quick Check Systematic capture of your AI applications in 8 steps.