INSURANCE

Insurance AI inside the regulator's boundary.

Claims triage, underwriting copilots, FNOL chatbots, fraud detection — all governed under Solvency II, DORA and the EU AI Act high-risk regime. The model is auditable, the agent is contained, the policyholder data never leaves your perimeter.

Book a demo

Insurance is where AI's economics matter most. Claims handling alone is 60–70% of operating expense for most P&C carriers; underwriting cycle time is the key competitive variable in commercial lines. Generative AI compresses both — but the regulator response is sharper here than almost anywhere else.

The EU AI Act explicitly classifies AI used for life and health insurance pricing and risk assessment as high-risk under Annex III, point 5(b). DORA applies to all sector firms after the regulatory technical standards came into force. Solvency II's ORSA, IDD's product oversight and governance, the NAIC's Model AI Bulletin in the US — all converge on the same expectations: explainability, governance, monitoring, fairness.

Kosmoy is the operating layer that makes those expectations operational. Every AI agent that touches a claim, a quote or a policyholder lives in the AI Inventory with its risk class. The Gateway logs every model call as evidence. The Action Capsule contains the agents that take real-world actions — auto-pay a claim, issue a quote, dispatch an assessor.

What this industry runs into.

Claims cycle time vs leakage

Faster claims handling means happier policyholders and lower LAE. But fully automated claims auto-payment without governance is a recipe for fraud leakage and unfair-treatment complaints. The agent has to be fast and contained.

Underwriting under EU AI Act high-risk

Once an underwriting workflow uses ML or LLM-based assessment for life or health, it's high-risk by default. Carriers need a model lifecycle, data governance, monitoring and human oversight that withstand a formal audit.

Policyholder PII at every touchpoint

Health data, payment data, location data, medical reports, vehicle telemetry — insurance touches more sensitive data classes than almost any other sector. AI tooling has to operate without leaking any of it.

Fraud detection without false positives

Anti-fraud AI that produces unexplained denials creates regulatory exposure under IDD and unfair-treatment rules. Detection has to be paired with explainable evidence and human review.

Regulatory landscape.

The regulations that shape AI in insurance — and where each one bites on AI deployment.

EU AI ActRegulation (EU) 2024/1689· EU

Annex III, point 5(b) classifies AI for life and health insurance pricing/risk assessment as high-risk. Triggers risk management, data governance, transparency, human oversight, accuracy, post-market monitoring.

Solvency IIDirective 2009/138/EC· EU

ORSA covers AI as part of the risk landscape. Internal models that incorporate AI features need approval and ongoing validation. Operational risk includes AI model risk.

DORADigital Operational Resilience Act· EU

Applicable to insurers and reinsurers. ICT third-party register covers every external LLM and AI vendor. Threat-led penetration testing covers AI-exposed surfaces.

IDDInsurance Distribution Directive (EU) 2016/97· EU

Product oversight and governance covers AI-driven product configuration and target market identification. Customer communication rules apply to AI-drafted material.

NAIC Model AI BulletinNAIC Model Bulletin on Use of AI Systems by Insurers· US

Adopted by majority of US states. Requires AI governance program, risk management, third-party oversight, testing for unfair discrimination.

GDPRGeneral Data Protection Regulation· EU

Health data is special-category. Profiling under Art. 22 covers automated underwriting decisions. Cross-border transfers constrained.

Use cases that are actually shipping.

FNOL (First Notice of Loss) chatbot with severity classification

Policyholder reports an auto incident via chat or voice. The agent guides intake — what happened, when, where, injuries, vehicle, witnesses — extracts structured data, classifies severity, and routes: fast-track for low-severity property-only, dispatch an assessor for medium severity, escalate to a senior adjuster for complex bodily injury or catastrophic property. Every conversation is recorded with the model used, the guardrails fired and the customer feedback.

A motor insurer running 4,000 FNOLs/day cuts intake handling time by 35–50% and raises straight-through processing on simple property claims from 20% to 55%, with no rise in re-opens.

Powered byAI Gateway Guardrails Action Capsule Agent Registry

Underwriting assistant for brokers

Commercial broker queries: 'will you accept a property risk on a 12-storey logistics warehouse in Genoa with sprinkler retrofit completed in 2024?'. The agent reads the carrier's underwriting manual, recent loss data for the postcode, the broker's submission history with the carrier, and produces an indicative answer with the conditions that would apply. Submits an indication, not a binding quote — the human underwriter binds.

Broker response time on indicative quotes drops from days to minutes for standard risks. Underwriter time concentrates on the 20% of cases where judgement actually matters.

Powered byRAG-in-a-Box Agent Builder Guardrails

Claims fraud detection with explainability

The agent reads the FNOL narrative, the prior claim history, the vehicle/property record, the geographic/temporal pattern of similar claims, and surfaces a fraud risk score with the specific signals that contributed. SIU investigators see why the agent flagged a claim — narrative inconsistency with timestamps, association with known fraud rings, atypical claim shape. Investigators decide; the agent never auto-denies.

SIU teams catch ~25–40% more fraud rings on equivalent staffing because the agent surfaces patterns humans don't see at scale. Customer complaints on unfair denials drop because the agent doesn't deny — it surfaces.

Powered byAction Capsule Insights Dashboard Risk Classification

Policy document Q&A

Customer asks 'is theft of my e-bike covered if it was locked outside?'. The agent reads the policy schedule, the wording, any endorsements, and gives a citation-grounded answer with a quote of the relevant clause. If the answer is genuinely ambiguous, it says so and offers a hand-off to a human adjuster. Never invents coverage.

Call-centre coverage Q&A volume drops 40–60% on common questions. Adjuster time concentrates on actual claims, not coverage interpretation calls.

Powered byRAG-in-a-Box LLM Gateway Guardrails

Solvency II ORSA narrative drafting

ORSA narrative for the next reporting cycle. The agent reads the actuarial outputs, the prior-cycle narrative, regulatory guidance updates, and drafts each section consistent with the figures. The actuarial team reviews, edits, signs. Consistency across scenarios improves because the same agent drafted them all from the same source.

ORSA narrative cycle compresses from 6 weeks to 2 weeks of effort for the actuarial team. The audit trail (which figure informed which paragraph) is preserved.

Powered byAgent Builder AI Gateway

Agent governance

Where insurance agents need extra discipline.

Insurance agents take consequential actions — they auto-pay claims, dispatch assessors, issue quotes. The governance question is what the agent can do, not just what it can read. Kosmoy's Action Capsule is built for this: each agent runs in a container with the AI Gateway as its only egress, and pre-flight authorisation enforces what actions are allowed (auto-pay only up to threshold X, only on perils Y, only when guardrail Z passed). An agent that tries to act outside its scope fails at the boundary.

Every claims agent is registered with its EU AI Act risk classification — and high-risk classifications carry mandatory monitoring and post-market obligations. The AI Inventory tracks the Article 6/7 documentation; the Insights Dashboard tracks the operational metrics; Guardrails Alerts surface policy events. The carrier ships an agent into production with the dossier already populated, not as a six-month back-fill exercise.

Chatbot use cases

Chatbots, by surface and risk class.

Insurance has the most varied chatbot footprint of any financial services subsector — customer self-service, broker support, claims FNOL, underwriting Q&A, internal helpdesk. Each carries different data sensitivity and different regulatory exposure.

Customer self-service for policy and claims status

Standard portal chatbot — coverage Q&A, claim status, document download, hand-off to a human for advice. PII guardrails ensure full policy numbers and medical details aren't echoed back.

FNOL voice + chat

Multi-channel intake — chat, voice (with STT), or in-app. Structured extraction, severity classification, downstream dispatch. The chatbot is an agent; every claim it opens is logged with the conversation transcript.

Broker portal helpdesk

Brokers ask about appetite, conditions, documentation requirements. Agent reads the carrier's broker manuals; never speaks for the underwriter on bindable quotes.

Internal claims handler copilot

Adjuster asks 'what's our reserve practice for whiplash claims with 6-week recovery in Italy?'. Agent reads the firm's reserve manual and prior similar files, gives a citation-grounded answer.

How Kosmoy fits.

Insurance is the second primary persona Kosmoy was built around. The Action Capsule shows up most often here — agents that take real-world actions need real runtime containment, not just policy promises. The AI Inventory carries the EU AI Act dossier across the carrier's portfolio of AI systems. The Gateway centralises the policy point so PII redaction, prompt-injection defence and model selection happen once, consistently, across every claims, underwriting, broker and customer-facing AI.

Deployment is single-tenant in the carrier's Kubernetes — typically the same private cloud already used for policy admin and claims systems. Health data, claim narratives and policyholder identifiers never leave the carrier's perimeter. The platform produces no telemetry to Kosmoy.

Module questions, answered straight.

Does Kosmoy auto-pay claims?

No — the carrier does, through agents the carrier configures. Kosmoy's Action Capsule contains the agent that takes the action and enforces the allowed-action scope. The carrier sets the rules: which perils auto-pay, up to what amount, under what conditions. The agent acts within the rules; out-of-scope attempts fail at the gateway.

How does Kosmoy support the EU AI Act high-risk obligations?

AI Inventory captures every AI system with its risk class. The Risk Classification module runs the EU AI Act flow on each system. The Insights Dashboard captures post-market monitoring metrics — drift, accuracy, complaint correlation. Guardrails Alerts capture policy events. The dossier the regulator asks for is generated from the platform, not assembled in a panic.

Can the FNOL chatbot operate in multiple languages?

Yes. Multi-language is a model capability; the Gateway routes accordingly. Policyholder transcripts are stored with the original language, and downstream review tools translate on demand.

We use specialist underwriting models from external vendors. Can they sit behind the gateway?

Yes. Vendor models — proprietary risk models, marketplace flood/wildfire models, third-party fraud scores — register as external endpoints. The Gateway authenticates, applies guardrails, logs the call. Your DORA register tracks them; your AI Inventory tracks the systems they support.

Make insurance AI auditable on day one.

See how the AI Gateway, Action Capsule and Risk Classification module fit your carrier's claims, underwriting and policyholder workflows.

Book a demo Email sales@kosmoy.com