At a Glance

• The European Insurance and Occupational Pensions Authority has published two core papers on open insurance in relation to accessing and sharing insurance-related data and an exploratory use-case in the insurance sector.
• Given the current pace, we expect European regulatory progress to be gradual; and there is no clear indication as to what position the regulators may take, although we envisage it will be shaped around the existing regimes.
• An interesting question for U.S. insurers, agents, third-party service providers and regulators is whether, and to what extent, open insurance concepts begin to take root in the United States. Regulatory concepts in the U.S. sometimes evolve from developments in Europe; and as open insurance gains traction “across the pond,” we would anticipate open insurance offerings in U.S. markets.

Open insurance is a trend gaining traction throughout the global insurance industry. Similar to open banking, it involves the industry moving to a connected data ecosystem¹ powered by open application programming interfaces² (APIs). This article explores how open insurance is viewed in Europe and provides insight for U.S. insurers on how the landscape is developing and how open insurance may impact U.S. insurers.

One of the primary drivers of the open insurance initiative is increasing customer demand for personalized insurance products and related services. Some insurance companies are looking to establish API platforms and open their data and products to third-party providers, such as big tech companies. Sharing data in this way may provide more products and services for consumers, and enable mutual growth opportunities, new business models and, in turn, new revenue streams for insurers. However, where the data includes personal data, there are often challenges in justifying new use of any personal data for different purposes than those for which the personal data (often including sensitive personal data) was originally collected, and challenges in maintaining the integrity and security of the data.

Due to the growth of open banking platforms in Europe, some insurance firms there are already familiar with the concept of data sharing in the context of reporting fraud, where there is a willingness and clear interest in sharing. The principle of data sharing beyond fraud reporting is the same, albeit with a different data set and in the context of providing a customer product or service. Insurance firms should consider whether there is a commercial benefit in sharing data with competitors to ultimately enhance the customer experience.

To date, and unlike open banking, open insurance in Europe is not regulated and few U.S. insurance regulators are familiar with the concept. There has been some consideration in Europe as to what a potential regulatory landscape could look like. The European Insurance and Occupational Pensions Authority (EIOPA) has published two core papers on open insurance in relation to: (i) accessing and sharing insurance-related data (the “2021 Paper”) and (ii) an exploratory use-case in the insurance sector (the “2023 Paper”).

Five Key Takeaways

The key takeaways from the 2021 Paper and 2023 Paper in respect of regulation and supervision of open insurance are:

1. A regulatory approach is yet to be agreed and the legislative process appears to be slow. The possible regulatory approaches are:
   • compulsory data-sharing (within the regulatory perimeter, with third parties, or in certain lines of business); or
   • a self-regulatory approach (where there is no rule base at the supervisory or regulatory level, with data sharing occurring through voluntary industry codes of conduct and standards, and within existing data protection laws).
2. There is a divergence in industry views on the preferred regulatory approach, with a bias towards compulsory data sharing for regulated insurance entities, together with a bespoke licensing/authorisation regime to include certain third parties. According to the responses to the 2021 Paper, the top three preferred approaches are:
   • compulsory data sharing inside the regulated insurance industry;
   • compulsory data sharing inside the regulated insurance industry and with third parties (e.g., external claims managers) with a bespoke licensing approach; and
   • a mix of approaches.
3. There is general consensus that regulators should learn from the open banking regime set out in the Payment Services Directive 2015 (known as PSD2), but not copy it. A common concern is that insurance products and contracts are much less standardised than their equivalents in the banking industry. Additionally, more sensitive data may be shared in open insurance — e.g., health, sexuality and political views — so new rules would need to be stricter and more detailed.
4. Some National Competent Authorities consider harmonisation as necessary at a European level and not only within the insurance sector but across other industries, such as the technology sector (e.g., by implementing data sharing standards).
5. The 2023 Paper provides an example of an open insurance use-case: A dashboard personal to a consumer, showing all of the individual’s insurance policies and enabling insurers (both incumbent and prospective) to promote products to that consumer. It suggests that compulsory access to and sharing of data among regulated entities could make data more accessible and that the regulatory perimeter could be extended to include certain third parties, generally service providers to insurance entities, by means of bespoke licensing / authorisation regimes and proper safeguards.

Analysis

Responses to the 2023 Paper were due on 24 October 2023, so a response or feedback statement can be expected in 2024. Given the current pace, we expect regulatory progress to be gradual; and there is no clear indication as to what position the regulators may take, although we envisage it will be shaped around the existing regimes.

An interesting question for U.S. insurers, agents, third-party service providers and regulators is whether, and to what extent, open insurance concepts begin to take root in the United States. Regulatory concepts in the U.S. sometimes evolve from developments in Europe; and as open insurance gains traction “across the pond,” we would anticipate open insurance offerings in U.S. markets.

We continue to monitor this area and will update on any further developments.

FOOTNOTES

1. A connected data ecosystem is an environment that combines data from separate business systems and providers to provide a single integrated experience that builds value through use of the processed data.
2. Application programming interfaces are a set of rules that allows two or more software applications to communicate and interact with each other.