Nos derniers articles

The messages on the upcoming 𝗗𝗶𝗴𝗶𝘁𝗮𝗹 𝗢𝗺𝗻𝗶𝗯𝘂𝘀 provide the insurance industry's perspective and concrete recommendations regarding new European Union digital legislation. 𝗜𝗻𝘀𝘂𝗿𝗮𝗻𝗰𝗲 𝗘𝘂𝗿𝗼𝗽𝗲 argues that greater simplification and alignment are urgently needed in the existing patchwork of regulations—including the 𝗔𝗜 𝗔𝗰𝘁, 𝗗𝗢𝗥𝗔, and 𝗚𝗗𝗣𝗥—which currently create complex, overlapping, and sometimes inconsistent obligations for insurers. The document outlines guiding principles for policymakers, such as achieving real burden reduction and coordinating rules across different regulatory levels, to ensure the new Digital Omnibus package is fit for purpose. Specific areas addressed include the need to clarify how existing financial services legislation (like 𝗦𝗼𝗹𝘃𝗲𝗻𝗰𝘆 𝗜𝗜 and 𝗜𝗗𝗗) applies to AI use, streamlining cyber incident reporting under DORA, and clarifying the legal basis for using personal data for AI training purposes. Ultimately, the paper seeks a more coherent regulatory framework to enable digital innovation and support the sector's contribution to Europe's economic resilience.

Cet article, basé sur une analyse d'Insurance Europe, souligne la complexité et la redondance des réglementations numériques européennes (AI Act, DORA, RGPD, etc.). Ce "labyrinthe numérique" crée des frictions opérationnelles et freine l'innovation.
L'objectif est une simplification stratégique basée sur des principes de clarté, de réduction des charges administratives et de coordination entre autorités.
Des recommandations précises sont proposées pour alléger le fardeau réglementaire :
• IA : Exclure les méthodes statistiques traditionnelles de l'AI Act et clarifier le chevauchement avec Solvabilité II.
• Services Cloud : Prioriser DORA sur Solvabilité II pour les services TIC critiques et reconnaître les audits tiers existants.
• Cybersécurité : Exempter les entités DORA du Cyber Resilience Act et instaurer un modèle européen unique de rapport d'incidents.
• Données : Aligner les évaluations d'impact (DPIA/FRIA) et adopter une approche plus réaliste de l'anonymisation pour stimuler l'innovation.
En simplifiant intelligemment, l'UE permettra aux assureurs d'évoluer vers une gestion proactive des risques numériques.

Insurance Europe's recommendations ahead of the EU Commission’s Digital Omnibus package propose clearer and more consistent EU digital rules. The organization views the insurance sector as central to Europe's digital transition, citing its investments in cyber resilience, responsible data use, and AI tools for faster claims, improved prevention, safer data handling, and expanded consumer access.
The existing framework—including the AI Act, GDPR, DORA, and Cyber Resilience Act— is described as creating complexity through overlapping requirements, which hinders practical application and diverts resources from service enhancements.
The recommendations call for clarifications on AI scopes to avoid duplication with financial laws; reduced repetitive reporting under DORA with use of existing certifications; alignment of cybersecurity and cloud rules across DORA, CRA, and national frameworks; and clearer guidance on GDPR, AI Act, and Data Act for data use in AI training and anonymization.
These adjustments would redirect resources to better claims, cyber protection, prevention, and accessible products.

Afin d’accompagner le secteur financier dans sa préparation, l’ACPR a organisé une réunion de Place le 17 septembre 2025 à l’occasion de laquelle elle a présenté un état des lieux de la nouvelle règlementation et donné des précisions quant à son rôle et son organisation en matière de surveillance des systèmes d’IA.

The European Union’s AI Act significantly reshapes corporate governance, imposing new responsibilities on directors, compliance officers, in-house counsels, and corporate lawyers. It demands transparency, risk management, and regulatory oversight for AI systems, particularly high-risk ones. These professionals must integrate AI oversight into governance, manage liability, conduct impact assessments, and ensure cross-border compliance. With its extraterritorial reach, the Act influences non-EU entities and sets global standards for AI governance. This paper aims to offer strategic guidance on aligning corporate policies with these emerging legal requirements, emphasizing proactive risk management and ethical AI adoption.

The EU's AI Act is a pioneering, risk-based law designed to regulate AI. It balances promoting AI adoption with protecting fundamental rights and democratic values. The Act uses pre-emptive risk assessments to categorize AI technologies and apply corresponding legal requirements, drawing from existing EU product safety laws.

This paper examines the rise of algorithmic harms from AI, such as privacy erosion and inequality, exacerbated by accountability gaps and algorithmic opacity. It critiques existing legal frameworks in the US, EU, and Japan as insufficient, and proposes refined impact assessments, individual rights, and disclosure duties to enhance AI governance and mitigate harms.

The paper examines the EU AI Act's impact on banking supervision, highlighting the ECB's role. It discusses legal frameworks, obligations for high-risk AI systems, AI governance, and the balance between innovation and prudential requirements. Strategic policy recommendations are provided to enhance oversight and financial system integrity.

“... we argue there are good reasons for skepticism, as many of its key operative provisions delegate critical regulatory tasks to AI providers themselves, without adequate oversight or redress mechanisms. Despite its laudable intentions, the AI Act may deliver far less than it promises.”

“... we analyse the regulatory necessity in introducing a coercive regulatory framework, and second, present the regulatory concept of the AI Act with its fundamental decisions, core provisions and risk typology. Lastly, a critical analysis points to shortcomings, tensions and watered down assessments of the Act.”