InsurTech brings together two of the most profound transformations of our contemporary world, the proliferation of risk and uncertainty, and epochal digital societal transformations. Some commentary on InsurTech has identified its positive potential for creating efficiencies, better customer service, or devising new ways of financing or pricing risk that will expand the boundaries of who and what are insurable. Other commentary has identified concerns with InsurTech, such as privacy issues associated with new forms and uses of digitized data, the dangers of misleading, fraudulent, or mispriced insurance products, or the incorporation of problematic discriminatory biases into digitized processes.
An insightful social studies of finance literature is helpful in evaluating the accuracy of these conflicting celebratory and critical perspectives on InsurTech. This literature provides careful detailed analysis of the implications of digitizing insurance. It identifies continuities and discontinuities between conventional insurance and InsurTech practices, including the relevance of ethics. This literature helps get beyond technological determinism or critiques that see InsurTech as relentlessly adding digital forms of harmful surveillance and exploitation to an already exploitative insurance industry, and instead recognize nuance and variation in how InsurTech practices are socially constructed.
This article contributes to this literature by examining how the InsurTech practices that this literature examines interact with the global regulation and structuring of the industry, and how the ethical content that is evident at the firm level is reinforced and amplified by global regulatory arrangements. Much of the existing literature focuses on the relationship between insurance practices, practitioners such as actuaries, and customers (insureds), drawing out the larger social implications of these relationships (such as the connection of these practices to the pathologies of surveillance capitalism). Many of these research contributions are very sensitive to the distinctiveness of local practices and often note the importance of law and regulation. However, they tend to treat as exogenous the changing roles of regulation and law or larger-scale industry structures, and how these operate internationally.
Given the association of digital technologies with the exploitative use of data by large globalized firms and the individualizing of risk assessment in insurance that digitization can promise we might expect global InsurTech regulatory arrangements to display a free market or pro-business orientation. This article, drawing on assemblage and international political economy theories, argues instead that the nuance, variation, and ethical principles that the social studies of finance InsurTech literature has identified in more localized InsurTech practices are present in global InsurTech regulatory initiatives also.
Overall, the article shows that, like local InsurTech practices, global InsurTech regulatory and legal practices are variable and socially constructed and do not relentlessly enable or enhance exploitative features of InsurTech, but instead may or may not promote important ethically-informed constraints on InsurTech. The article demonstrates the value of connecting global regulatory analysis more closely to the existing social studies of finance literature on InsurTech.
The remainder of the article is organized into five sections. The next and first section discusses the social studies of finance literature on InsurTech. The second section presents this article’s theoretical approach. The third section examines how InsurTech relates to the structure of the global insurance industry and Big Tech. The fourth section focuses on cross-border regulatory arrangements. The final section concludes. The research draws on an extensive analysis of business, regulatory, and media reports. These were identified via digital searches for ‘InsurTech’ and related terms on the websites of the regulatory bodies and business associations referenced in this article, Nexis Uni, and the internet more broadly, along with an examination of the sources listed in bibliographies and other references, in all publications and other documents identified as relevant, with a focus on the 2017–2024 time period.
Insights and limitations of social studies of finance research on InsurTech
In this section, I identify key insights provided by a literature that I label social studies of insurance (SSI) as a shorthand to refer to interdisciplinary approaches that integrate insights from social science and humanities disciplines and science and technology studies to illuminate the constructed, embodied, cultural, material, relational, and political practices that produce insurance markets and actors.
Overall, the SSI literature provides a valuable alternative to overly narrow or abstract views that see the digital innovations that constitute InsurTech as inherently beneficial. For instance, an introduction to a special issue on InsurTech of the Geneva Papers on Risk and Insurance that summarizes its contents highlights InsurTech’s benefits: efficiency gains, narrowing protection gaps, improving inclusiveness, creating new business models while only noting in the conclusion that privacy concerns and questions of trust and regulatory frameworks are topics for future research (Braun and Jia, Reference Braun and Jia2025).
In contrast, SSI research goes beyond business processes to analyze the historical, social-structural, and constitutive aspects of InsurTech. This research provides insights into the larger implications of the individualization of risk assessment, surveillance, and privacy risks, the role of ethical values such as fairness and inclusion, and how trust is created, which the following paragraphs discuss in turn.
A major theme in this literature is the continuities and differences between conventional and digital insurance technologies in the individualization of risk assessment (Barry and Charpentier, Reference Barry and Charpentier2022; Barry, Reference Barry2020; McFall and Moor, Reference McFall and Moor2018). Conventional private insurance has always sought to pool risk, but also, historically, to differentiate classes of insureds to charge higher premiums to riskier insureds, or to reduce the overall cost of claims by maximizing sales to low-risk customers. Digitization and big data have offered the promise to insurers of greatly increasing the sophistication, precision, and individualization of risk assessment (Barry and Charpentier, Reference Barry and Charpentier2023). This includes ‘behavioral insurance’ that uses devices that monitor the activities of car drivers or individual fitness metrics as well as more sophisticated big data analytics. A major concern is the erosion of the solidarity risk-pooling principle of insurance which includes a practical business implication (a rationale for insurance is at risk if individuals cover the costs of their individual risks) and ethical implications (a displacement of mutual assistance to individuals coping individually with misfortunes) (Cevolini and Esposito, Reference Cevolini and Esposito2020).
A second related major theme is surveillance. Tanninen (Reference Tanninen2020: 5) argues that ‘critical data studies’ approaches draw on concepts such dataveillance, neoliberal responsibilization, the exploitative aspect of insureds not being paid for the use of their data and applies insights from research on data and power more generally to insurance, but that ‘generally, the literature is not empirically well-informed about Big Data-enabled personalization in insurance’. In contrast, ‘sociology of insurance’ approaches provide more nuanced empirically-based analysis that highlights the limitations of the ability of insurers to use personalization technologies in this way (Barry and Charpentier, Reference Barry and Charpentier2020; Barry, Reference Barry2024; Jeanningros and McFall, Reference Jeanningros and McFall2020; Tanninen et al., Reference Tanninen, Lehtone and Ruckenstein2021). For instance, insureds may be inconsistent or opportunistic in their use of wearable fitness sensors. The idea of personalization can be more of a marketing tool than a risk-assessment tool (McFall et al., Reference McFall, Meyers and Hoyweghen2020; Sadowski et al., Reference Sadowski, Lewis and Bednarz2024).
A third theme in SSI research is the role of ethical values such as fairness and inclusion. This research challenges the idea that risk assessments can rely on numerical calculations alone and thereby be free of biases, and shows how they draw on stories (Kiviat, Reference Kiviat2017; Reference Kiviat2023), reproduce biases and exclusions, and mobilize competing perspectives on fairness (Kiviat, Reference Kiviat2019), even as the capacities for calculation increase with digitization. Actuarial fairness is the matching of premiums to individual risks and expected claims: each person should be responsible for the costs of their own risks, a perspective that aligns with the goal of personalization (Meyers and Van Hoyweghen, Reference Meyers and Van Hoyweghen2018). This has been contested, with efforts to differentiate and evaluate differently those risks that the insured can control, those that are more social or structural, including those associated with gender or race, and those that are not accurately measured (Krippner and Hirschman, Reference Krippner and Hirschman2022). As well, there are contestations over the ethical worth of the solidaristic principle of pooling risk versus matching premiums to individual risk (Krippner, Reference Krippner2024). These ethical tensions are evident in choices made by the industry and by insurance regulation and law, for instance, the EU prohibition against using gender to differentiate risk classes (Rebert and Van Hoyweghen, Reference Rebert and Van Hoyweghen2015). With digitization, these issues do not disappear, and they can be amplified.
A fourth theme in SSI research is to show the importance of trust and how it is created. McFall (Reference Mcfall2007) analyzes the resonance between nineteenth-century efforts of insurers to differentiate insurance from gambling and tie it to larger liberal ideals of conduct and the legitimacy conferred by scientific statistical calculations that could predict patterns of mortality. With digitization, the need for trust persists but the practices that produce it are adjusted. For instance, blockchain cannot only rely on its decentralized cryptographic hashes but may seek other sources of trust such as the EU’s General Data Protection Regulation (Meyers and Keymolen, Reference Meyers and Keymolen2023). New technologies such as behavioral insurance can be viewed ambivalently by customers, who then hope to receive help in interpreting and responding to the data collected from access provided by the insurer to health professionals or to retain the ability to choose how their data is tracked and to have assurances that their data will be secure and used appropriately (Tanninen et al., Reference Tanninen, Lehtone, Ruckenstein, Booth, Lucas and French2022).
The above SSI insights do not just provide a nuanced analysis of the benefits and harms that InsurTech can bring but also contribute to our understanding of how InsurTech is constituted. This includes the role of ethics in the actual practices of firms, motivated by the need to gain trust or by regulatory constraints, or in response to ethical concerns of activists or a broader public. InsurTech is not only constituted by the innovativeness of software engineers seeking to generate sales and profits but rather involves the mobilization of an assemblage of actors, ideas, and practices to constitute InsurTech products and markets (McFall, Reference McFall2025). Consistent with insurance more generally, this assemblage involves governance by InsurTech (for instance, when drivers being monitored by sensors modify their behavior to avoid higher premiums) as well as governance of InsurTech (for instance, the need to comply with the European Union’s General Data Protection Regulation, when collecting data).
Despite the value of these insights, the SSI literature reviewed above tends to focus especially on non-governmental actors, ideas, and practices that occur at the firm level, and to only mention law and regulation in passing or as exogenous constraints on firms. The SSI literature provides intensely researched cases from different countries and produces valuable insights about the industry and InsurTech, but the cross-border aspects of InsurTech and InsurTech’s relationship to insurance industry’s inter-firm or firm-state power relations are most often not considered.
There are some important exceptions in the SSI literature to the above absences, including contributions that overlap with the field of international political economy (IPE), for which firm-state, intra-industry, and cross-border power relations are central concerns. Some of these exceptions do not address InsurTech directly, but they provide analysis of the insurance industry that can be extended to InsurTech. Lobo-Guerrero’s trilogy (Reference Lobo-Guerrero2011; Reference Lobo-Guerrero2012; Reference Lobo-Guerrero2016) addresses issues such as security, war, and biopolitics (Lobo-Guerrero, Reference Lobo-Guerrero2016: xvi). Haufler (Reference Haufler1997) analyzed the interplay between states and the insurance industry in providing the stable context required for international trade. In their comprehensive analysis of insurance governance Erickson, Barry, and Doyle (Reference Ericson, Doyle and Barry2003: 7) discuss how the state is ‘entwined with the private insurance industry, helping to form the economic, social, legal, cultural, and political aspects of insurance as governance’. Graz (Reference Graz2019) shows how leading insurance firms interact with governmental standards that ‘reflect a truly transnational hybrid authority’, which ‘encapsulates a public dimension that tends to blur the distinction between the private and public spheres, and their scope cannot ignore societal values as well as overlapping with the supposedly exclusive sovereign spaces of territorial states’ (Graz, Reference Graz2019: 172). While Graz does not focus on InsurTech, his insights into the globalization of insurance governance should inform analysis of InsurTech.
Other useful contributions to the global and regulatory aspects of InsurTech have explored the problematic role in bringing together InsurTech firms and regulators in regulatory sandboxes (Perticone, Reference Perticone2023) and the financial inclusion agenda in developing and emerging economies, in which the appropriation of racially hierarchized data objectifies targeted individuals, legitimized by international standards, but reproducing colonial practices for classifying subjugated populations (Perticone et al., Reference Perticone, Graz and Rahel2023). Perticone and Graz (Reference Perticone and Graz2024) have identified limitations to InsurTech’s ability to scale up and expand access in the Global South, including the reluctance of the firms involved to share data (interoperability problems), the clash between conventional and digital methods of assessing insureds’ risks (valuation problems), and the impact of individualization on risk pooling (aggregation problems). Bernards (Reference Bernards2022) and (Aitken, Reference Aitken2022) have similarly shown the limitations in the Global South of microinsurance and remote sensing due to their inability to address the poverty and risks that austerity policies or the climate crisis have created or to reconcile local specificities and the scale needed to create a market. They also highlight the role of international organizations and globally active insurance firms in promoting microinsurance innovations.
Overall then the above review of the SSI and IPE literature on InsurTech confirms the importance of going beyond narrower or more abstract economic or business analysis to provide interdisciplinary critical analysis that considers power relations, ethics, social and cultural practices, and the distinctive roles of technology in understanding and assessing InsurTech, but the review also reveals a gap in connecting the insights from firm-level SSI research to the cross-border and regulatory aspects of InsurTech. Work with IPE themes begins to fill this gap by analyzing the role of international institutions and globally active firms in cross-border insurance governance but with consideration of only some aspects of InsurTech, such as digital innovation associated with microinsurance in the Global South. The remainder of this article seeks to contribute to filling this gap.
A framework for analyzing the global regulation and governance of InsurTech
In past decades, cross-border governance and regulation have become more complex. Centralized national policymaking and implementation have increasingly migrated or been delegated to regulatory agencies, private firms and associations, most often with cross-border connections. A wide variety of theoretical approaches and labels have been developed to capture this historic shift conceptually, including a shift from hierarchy towards networks (Ferguson, Reference Ferguson2018), from the state ‘rowing’ to ‘steering’ (Osborne and Gaebler, Reference Osborne and Gaebler1992), towards ‘polycentric governance’ (Black, Reference Black2008), ‘regulatory capitalism’ (Levi-Faur, Reference Levi-Faur2005), ‘experimentalist governance’ (Zeitlin, Reference Zeitlin2015), and ‘global governmentality’ (Larner and Walters, Reference Larner and Walters2006) to name a few. A great many regulatory arrangements that these efforts theorize involve cross-border collaboration between nationally based regulatory authorities and private-sector standard setters, with iterative efforts to identify common standards or best practices that are then implemented nationally. Informal or ‘soft law’ norms, practices, guidelines, or rules that are developed transnationally can be hardened when referenced in national-level formal law and regulation, or by the reputational damage of noncompliance.
This article brings together concepts from assemblage theory and from international political economy to analyze the cross-border significance of InsurTech regulation. Assemblage theory highlights how the hybrid mixes of humans and objects, ideas and materiality, and between clusters of organized activities, often stretching across borders, can come together by design or by chance to contribute to new governance arrangements (Bueger, Reference Bueger2018; Cohen, Reference Cohen2019: 214; DeLanda, Reference DeLanda2016). As compared to other theoretical approaches noted above, assemblage theory is particularly useful in emphasizing how the organizational connections between people and things require sustained work at the micro-level (Latour, Reference Latour2007) rather than decrees by a top-down exercise of power or the imperatives of deep structures, and this is helpful in integrating the nuanced firm-level insights of the SSI literature with emergent transnational regulatory developments.
At the same time, insights from the field of international political economy are useful in identifying tensions between states and regions, which interact with the relationships between dominant firms and competitors within an industry such as insurance. A key question is whether digitization contributes to the concentration or decentralization of power. Langley and Leyshon (Reference Langley and Leyshon2021) highlight the centralizing properties of platforms, conventional big firms acquiring or financing FinTech start ups, and the reliance of FinTech on Big Tech components and products such as those provided by Amazon Web Services. An alternative is the concept of functional differentiation in systems theory (Fischer-Lescano and Teubner, Reference Fischer-Lescano and Teubner2004). In this approach, specialization is a constant feature of the evolution of human societies, but within each specialized unit increasing capacity to respond to the larger system is created, such as when intellectual property rules provide guidance for how these interact with international trade rules (Fischer-Lescano and Teubner, Reference Fischer-Lescano and Teubner2004). Systems theory’s holistic character is contrary to assemblage theory’s recognition of spontaneous emergence, but this mix of fragmentation and integration is useful for understanding InsurTech. We can integrate assemblage and systems theory insights by being alert to the simultaneous presence of both tendencies.
The implications of this integration of assemblage and IPE theorizing are as follows. First, in contrast to more structural or market-oriented approaches, we need to consider the implications of specificity of an InsurTech technological innovation and its interactions with all those who shape or are shaped by it and the relations of power that interact with these, including transnational regulatory arrangements, rather than assuming that underlying and enduring features of capitalism will dictate and continually reproduce negative or positive ethical, experiential, or distributive effects. This means that transnational regulatory arrangements, interacting with firm-level processes, will include ethical concerns and contestations, and not simply amplify or enforce market or profit-oriented imperatives. Second, the organization and regulation of an emergent complex phenomenon like InsurTech will draw upon multiple potential national and transnational sources of order that may have a high degree of autonomy, and may only tangentially be related to insurance, such as the provisions of the EU General Data Protection Regulation or ethical principles developed for AI.
The next section explores more empirically the article’s argument that the transnational and regulatory aspects of InsurTech and the firm-level aspects highlighted by the SSI literature on InsurTech interact in important ways and that the rich and nuanced understanding of the role of ethics that the SSI literature provides at the firm level is present at the transnational level also.
How is InsurTech transforming insurance globally?
This section examines the interaction of InsurTech with the structure of the global insurance industry. This helps clarify the larger industry power relations and structures that the firm-level processes discussed by the SSI literature on InsurTech interact with. This article defines InsurTech as the application of new digital technologies to insurance, thereby not limiting these to a particular type of firm, such as a start-up. Consistent with the SSI literature and this article’s assemblage approach, a focus on the differentiation of this industry structure helps avoid overstating the role of deep structures or more abstract formulations of the inherent benefits or harms of digital technologies. This differentiated global industry structure interacts in turn with the global regulatory arrangements discussed in the section that follows this one.
We can identify four key axes of differentiation of this structure. The first is the stages of the insurance value chain. The second is the relationship of the relevant firms to the power of traditionally dominant incumbent firms, which includes two main potential challengers to this dominance: small and relatively recent InsurTech start-ups, and Big Tech firms from outside the insurance industry. The third is territorial, the distribution of a firm’s activities across different jurisdictions and regions. A fourth differentiation is between lines of insurance, such as life, property and casualty, cyber insurance, and health insurance. These axes intersect, and individual firms engaging with InsurTech may operate at one or more than one of these intersections. This section discusses the first three of these types of differentiation in turn, only considering differentiation by lines of insurance briefly, given article scope constraints.
Differentiation 1: Insurance value chain stages
In past decades, production processes across the economy have become more complex, globalized, and differentiated, as the stages of production processes have been dispersed across different locations, often produced by different firms connected to one another by a variety of ownership, contractual arrangements, or informal relationships (Gereffi, Reference Gereffi2014). A literature on global value chains (GVCs) and global production networks (GPNs) (Neilson et al., Reference Neilson, Pritchard and Yeung2014) has explored the efforts of actors to maximize their own share of the overall value that is produced. This literature has begun to explore the role of GVCs and GPNs in digital technologies. These technologies can reinforce the dominance of lead firms, for instance, via their control of the standardization and digitization of the tasks (Durand and Milberg, Reference Durand and Milberg2020: 408), or when a dominant firm uses a platform to extract and act on data on customer and competing producer transactions (Grabher and Van Tuijl, Reference Grabher and Van Tuijl2020). Tensions can develop when non-US dominant firms in a non-digital manufacturing GVC or GPN start to rely heavily for cloud infrastructures on US Big Tech firms (Lechowski and Krzywdzinski, Reference Lechowski and Krzywdzinski2022).
The stages of insurance value chains have been conceptualized with some relatively minor variations. For instance, the main EU regulator, the European Insurance and Occupational Pensions Authority (EIOPA) identifies a list of stages, with an example of a digital innovation for each: product design and development (predictive modeling of disease development patterns), pricing and underwriting (price optimization practices), sales and distribution (automated advice), post-sales services and assistance (chatbots), and claims management (enhanced fraud analytics) (EIOPA, 2020b: 10).
As in other industries, digitization has facilitated the dispersing across many firms of functions and stages that previously were contained within a single firm. For instance, Penni.io (Denmark) provides infrastructure for embedding insurance into other products (distribution), Demex (US) helps firms analyze, price, and transfer climate risks (product development), Zesty.ai (US) uses AI to analyze building characteristics to estimate climate risk (underwriting), Ravin (UK) has developed a smartphone app and AI to assess vehicle damage (claims), and Nect (Germany) provides automated online identity verification (customer experience) (Insurtech Insights, 2021a; 2021b)
This differentiation of value chain stages has two especially important implications for understanding InsurTech. First, it highlights the complexity of insurance and InsurTech, with different stages involving different firm-level processes and regulatory constraints. For instance, asset management relates to solvency regulation and the systemic stability of the financial system (as evident in insurer AIG’s prominent role in the 2008 Global Financial Crisis), while product development is more related to cybersecurity and privacy concerns. Traditional insurance regulation that focuses on a single insurance firm is likely to be inadequate as different stages and their functions are performed by new and different suppliers. Second, this differentiation draws our attention to concentration and fragmentation, as evident in business and regulatory publications. For instance, global consultancy McKinsey notes ‘superior technology and healthy margins in insurance service businesses will challenge the traditional approach of many insurers to own the whole value chain – they will be forced to form partnerships or make outsize investments to keep up’ (Bernard et al., Reference Bernard, Binder, D’Amico, de Combles de Nayves, Ellingrud, Kotanco, Klais and Strovink2022: 9).
Differentiation 2: Incumbent, start-up, and Big Tech firms
What are the shifting distributions of power and relationships between the three main types of firms involved in InsurTech?
Surveys of the InsurTech industry highlight the liveliness of the start-up segment, but it is evident that this segment is still relatively new, small, and fragile as compared to the population of incumbent firms. By 2022, there were two InsurTech unicorns (start-ups with valuations greater than $1 billion), Betterfly and Branch Insurance (Gallagher Re, 2022: 11). In contrast, the top ten global insurers alone had a total market capitalization of $1,915 billion in 2023, with Berkshire Hathaway, the largest, having $677 billion (NAIC, 2024). The premium revenue for InsurTech firms that provide core insurance risk functions has been estimated at 1% of premium revenue for incumbent insurers (Bian, Reference Bian2023: 1). InsurTech annual start-up funding increased fairly constantly from US$348 million in 2012 to a peak of $15.8 billion in 2021, then declining to $4.2 billion in 2024, close to its 2018 level (Gallagher Re, 2025: 8). However, while investments by venture capital (VC) and private equity (PE) firms were on the decline by 2024, technology investments by insurers and reinsurers followed a different pattern, declining from a 2019 high point through 2020 to 2022, then resuming growth in 2023 and 2024, exceeding all previous years (Gallagher Re, 2025: 10). This is consistent with a surge of more independent start-ups fueled by VC and PE, the momentum of which was then displaced by incumbent insurance firms.
Other industry reports confirm that InsurTech start-ups strengthen incumbent insurance firms rather than challenging them. In global consultancy PWC’s advice on ‘how insurers can seize InsurTech opportunities’, the focus is not on the threat that start-ups can pose to incumbent firms, but rather how incumbent firms can acquire start-ups, fund start-ups through their own corporate venture capital, or integrate start-up culture into their firms (PWC, n.d.). The founder and CEO of Sønr, which bills itself as the world’s number one InsurTech scouting and innovation management used by big insurers, noted InsurTech start-ups will play an important role in helping big incumbent insurers innovate and compete with Big Tech and other firms (Insurtech Insights, 2021a). This role of Big Tech and retail is consistent with an EIOPA assessment’s emphasis on fragmentation, identifying three primary drivers: nontraditional technology firms providing cheaper, more efficient, and more effective functions; customers purchasing insurance from platforms (like bike sharing) where the insurance is ancillary; and new firms’ provision of new services (such as stolen car geolocation) where the insurance may be a minor component (EIOPA, 2020b: 10–11). However, their survey of regulators found that ‘the entering of BigTech companies to the insurance market seems to still be at emerging state’ (EIOPA, 2020b: 16). Overall then, we can see InsurTech start-ups, in general, aligning with the interests of incumbent insurance firms to respond to challenges from non-insurance firms, which so far are only emerging.
A Bank for International Settlements report (Garcia Ocampo et al., Reference Garcia Ocampo, Taneja, Yong and Zhu2023) provides valuable insights into the role of Big Tech firms in the insurance industry, including Apple, Alibaba, Alphabet, Amazon, Baidu, Meta, Microsoft Tencent, and others. It finds that Big Tech firms play three types of roles: carrying out the core risk-related activities of insurance themselves, selling insurance products, and providing services. Big Tech is especially oriented towards the aspects of insurance that resonate with Big Tech business models, such as cloud services, platforms, or data, and is less engaged with the displacement of the core insurance functions of the incumbent firms. As the report notes, these core insurance functions, especially for life insurance, are more heavily regulated, carry bigger risks, and have lower profit margins than other activities associated with Big Tech. This suggests that the core insurance functions of the incumbent firms and their regulators will continue to shape the industry, even if Big Tech firms contribute to the globalization of the digitization process, start extracting more value from insurance value chains, and even begin to move into the provision of the core functions in a few atypical cases.
Differentiation 3: Jurisdictions and regions
This section focuses on the importance of variation across regions and jurisdictions, as well as the ways in which the industry and InsurTech transcend these boundaries.
Most InsurTech start-up activities take place in the US, the UK, and China. According to Gallagher Re (2025: 76), InsurTech start-up funding rounds between 2012 and 2024 were distributed as follows: US 49%, UK 8%, China 5%, India 5%, France 4%, Germany 3%, Canada 2%, Singapore 2%, Israel 2%, and other jurisdictions 20%. Over the same time, the distribution of private technology investments by insurers and reinsurers was US 55%, France 8%, the UK 7%, Germany 6%, with other jurisdictions making up the remainder. Consistent with the US lead in tech start-ups and venture capital markets more generally, there is large gap between the US and its closest competing jurisdiction, but this also reflects the distribution of insurance (as measured by gross written premiums in 2023), which is US 40%, China 7.8%, the UK 6.9%, Germany 5.2%, Japan 5.1%, with others making up the remainder (IAIS, 2024a: 11).
It is useful to consider the jurisdictional distribution of incumbent insurance firms as an indicator of the possible future distribution of innovations within these firms, although it should be noted that a EIOPA (2024) survey found large variation in the state of digital innovation within insurance firms. The industry is globalized in many ways. For 58 jurisdictions reporting to the OECD (2023), the average share of foreign companies in their markets was 42% for life and 43% for non-life (2021 data or the most recent year in which both figures were reported). Many firms operate globally. In 2016, regulators at the Financial Stability Board (2016) deemed nine insurers to pose significant enough risks to the global financial system to be labeled ‘globally systemically important’ and subject to heightened prudential regulation.
Differentiation overall
The differentiation discussed in this section helps better understand the potential and limitations of InsurTech, complementing the firm-level insights of the SSI literature. Differentiation involves a dispersal of insurance activities across more specialized firms, including ones not carrying out the core risk-carrying insurance function, and across multiple jurisdictions. The fourth differentiation not discussed in detail, by insurance line, has similar implications. This means that different InsurTech activities come with different risks, power relations, and cultures. Yet overall, this differentiation does not mean disconnection. Specialist start-ups and Big Tech companies more often assist incumbent insurers than threaten them. This can create a tension between insurance-related forces and digitization-related forces, despite their complementarities. Regulatory constraints and institutional inertia of incumbent insurers reinforce the insurance-related forces and ongoing dominance of incumbent firms, limiting the effects of digitization-related forces. Differentiation across jurisdictions is accompanied by globalization, enhancing the importance of the global regulatory responses to InsurTech that the next section addresses.
Global regulatory responses
This section focuses on four locations of regulatory responses. The first is the International Association of Insurance Supervisors. Established in 1994, the IAIS is an organization of insurance supervisors and regulators from more than two hundred jurisdictions. It identifies best practices and is a forum for information sharing. It coordinates with other relevant bodies such as the Financial Stability Board and the International Accounting Standards Board, it is a partner in the Access to Insurance Initiative (A2ii), and it is called upon by the G20. The second is EIOPA, the main insurance regulatory body in the EU. The third is China. The fourth is the US National Association of Insurance Commissioners (NAIC). In the US, insurance regulation is primarily at the state level, with coordination via NAIC. We shall see that EIOPA is playing the strongest role globally, with regard to the degree of attention devoted to InsurTech issues and the degree to which this attention goes beyond narrow market concerns to address ethical and distributional questions. This is consistent with the EU’s role in other areas of digital governance, such as internet (O’Hara and Hall, Reference O’Hara and Hall2021), data protection, and AI regulation (Paul, Reference Paul2023).
These four locations are the most important for cross-border insurance regulation, with the IAIS being most global, and the NAIC, EU, and China being important not just for the significance of InsurTech activities within their jurisdictions, but for the extraterritorial effects of their regulation, carried by the diffusion of regulatory ideas and the effects of firms active across their border. This includes the EU’s significant extraterritorial impacts despite its modest share of the world’s InsurTech start-ups that was noted previously. There are many other cross-border arrangements that are also significant. Examples include the Global Federation of Insurance Associations, which aims to ‘increase industry effectiveness in providing input to international regulatory bodies’, InsurTech Insights (the ‘World’s Largest Insurtech Community’), the International Insurance Society (‘for all stakeholders of the global insurance and risk management community’), or the Geneva Association (‘the think tank for the global insurance industry’). These link firms and cross-border regulatory arrangements, but a full exploration of their roles goes beyond the scope of this article.
The IAIS
The first two major reports from the IAIS on the current wave of digital transformation in insurance were issued in 2018. The first report focuses on conduct of business (IAIS, 2018b: 4). It notes that ‘supervisors are likely to be confronted with new insurance market participants, like start-ups and ‘Big Tech’ firms. These entities may have different perspectives on consumer interest and compliance culture than traditional incumbent insurers’ (IAIS, 2018b: 5). Examples of potential harms that it identifies include the difficulty for consumers in understanding some products, the misuse of data, biases and discrimination, abusive marketing practices such as manipulation of emotions, failure to adequately understand customer needs, the risk of exclusion if finer-grain differentiation among insureds leads to the exclusion of higher-risk customers, and the challenge for supervisors of acquiring the needed technical skills. The report only has a few general recommendations (IAIS, 2018b: 34) and mainly serves to identify the new technologies and their risks and benefits.
The second 2018 IAIS report is on the use of digital technology in inclusive insurance, which is insurance ‘aimed at the excluded or underserved markets’ (IAIS, 2018a: 5). It is similar to the other report, but with additional attention devoted to technologies that are especially important in the Global South, such as mobile phone insurance, which can create risks that the providers are ‘outside the traditional jurisdiction of insurance supervisors’ (IAIS, 2018a: 16). The report has more detailed recommendations, building on earlier IAIS papers on inclusive insurance and microinsurance.
Since 2018, the IAIS issued four additional particularly relevant reports (IAIS, 2020; 2022; 2023; 2025). The 2020 report addresses the use of big data analytics in personalized insurance, targeted marketing, sales execution, distribution and advice, pricing and underwriting, and claims handling. It notes benefits, but also identifies risks, such as the use of genetic data: ‘these types of insights can potentially make large segments of society uninsurable’, noting examples of prohibitions on the use of genetic data in insurance in Switzerland and the US (IAIS, 2020: 24–25). The report notes the danger of ‘winner takes all’ network effects for one or a few companies (or platforms), resulting in limited options for consumers, at least in the mass market. Therefore, insurance supervisors may need to engage more broadly with the relevant anti-competition agencies in their jurisdictions’ (IAIS, 2020: 33). The 2022 report analyzes ‘open insurance’ (the voluntary or mandatory making of data held by incumbent insurers available to be used by InsurTech start-ups and other competitors), the use of distributed ledger technology and blockchain, and AI and machine learning. The 2023 report is a brief review of approaches to AI and machine learning, with a list of reports from different supervisory jurisdictions. The 2025 report is a strategic plan for 2025 to 2029, which includes ‘adapting to increasing digital innovation and cyber risks’ as one of three strategic themes, with the other being ‘strengthening supervisory response to climate change’ and ‘supporting insurance to serve its societal purpose of building resilience’. Its first operational priority focuses on diversity and inclusion.
Although not directly focused on InsurTech, we can see the ongoing development of relevant global regulatory standards in the response of the Global Federation of Insurance Associations (GFIA) (2024) to an IAIS Application Paper on how to achieve fair treatment for diverse customers. The GFIA asserts its commitment to diversity, equity, and inclusion as evident in its published diversity, equity, and inclusion principles, but lobbies for voluntary policies. It engages granularly in its response to the IAIS document commenting on the issue of fairness, the matching of personal characteristics, risk and pricing, and inclusion, all of which have implications for InsurTech. This is a contestation over the specific rules that will be widely adopted by regulators.
EIOPA
EIOPA’s regulatory response can be identified through 12 relevant reports (EIOPA, 2019a; 2019b; 2020a; 2020b; 2020c; 2021a; 2021b; 2021c; 2022a; 2022b; 2022c; 2023a). The reports identify a wide range of potential benefits, harms, and risks associated with InsurTech. Risks and harms include, for instance, ‘the opacity of some AI algorithms (the so-called black box effect)’ (EIOPA, 2023a: 10); the risks of third-party suppliers becoming concentrated and global, amplifying risks; ‘platforms may also be subject to conflicts of interest, and may bias search results and rankings to their advantage… The integration in a platform may require a significant investment by an insurer, and this in turn creates a lock-in effect, making it difficult for the insurer to switch to other platforms’ (EIOPA, 2020b: 30); the risk of regulatory or licensing gaps in peer-to-peer insurance (EIOPA, 2019b: 27); public comparison websites could ‘generate a race to the bottom, leading to underinsurance, as consumers navigate by price instead of a combination of price and coverage. Similarly, there is a risk of excessive standardization, leading towards product uniformity, as well as a risk of undermining competition and hindering innovation’ (EIOPA, 2022c: 7); and ‘some new datasets can be closely correlated with protected characteristics such as race, religion, gender, or political orientation’ (EIOPA, 2021c: 23).
EIOPA’s analysis and recommendations draw on a range of related or complementary laws, regulations, and guidelines, as well as new ways to use digital technologies in regulation (‘Suptech’). Related policies and rules include the EU General Data Protection Regulation, the Payment Services Directive (PSD2), Solvency II (EIOPA, 2019b: 21), the European Commission Data Strategy, the Digital Finance Strategy, the Digital Operational Resilience Act (Phelan and Buckley, Reference Phelan and Buckley2024), the Capital Markets Union new Action Plan, the EU’s Ethics Guidelines for Trustworthy AI, and the White Paper on AI (EIOPA, 2021a; 2022c). There are many ways that digitization can enhance the power and effectiveness of regulatory authority. For instance, routine audio recordings involving customer service representatives can be converted to text and scrutinized by AI for regulatory compliance. Firm websites and routine reports to regulators can be similarly scrutinized by AI. National regulators across the EU could share data on regulated firms via blockchain. Social media can be monitored to identify informal complaints. AI can be used to predict firms at risk and in need of closer supervision. The standard Solvency II quantitative reporting templates have ‘allowed the creation of a common database at EIOPA level that includes more than 3,000 insurance and reinsurance undertakings. No other generation of supervisors than the current one has had so much information on the insurance market.’ (EIOPA, 2020c: 4).
A report by EIOPA’s Consultative Expert Group on Digital Ethics (EIOPA, 2021a) is particularly relevant:
There are profound questions here on how risks are determined and the implications of a move from the collective and social determinants of behaviours to a model which implies the accountability of individuals. Accountability is an important concept here and the extent that individuals are made accountable for their lifestyle choices through the vector of insurance. Other risk factors, associated with the individual’s environment or genetic makeup, would likely lead to inevitable discrimination and exclusion insofar as these are completely out of the hands of the individuals in question.
The report also seeks to go beyond an instrumental view, noting that AI:
threatens certain characteristics of what many ethicists and philosophers take to be intrinsic to human beings, including notions of dignity and autonomy. Such concepts do not fit comfortably into the current paradigm of financial regulation. The impact on human autonomy and subjectivities around freedom are important concerns and cannot be simply dismissed as dystopian fantasies. What the precautionary principle posits in the context of such uncertainty is an ethic of care and protection where we aim to safeguard post-war European values.
At the same time, the report notes that relevant ethical concepts are already present in insurance governance to some degree: ‘Many of the elements of the broad concept of fairness are reflected in existing professional practice and insurance and data protection regulation… Paradoxically, digitalization represents both a challenge to establishing fairness in insurance and provides a means to implement more fairness in insurance in the future’.
EIOPA documents thus convey substantial ethical content. However, it should be noted that consultations continue to be dominated by industry actors, with disagreements primarily between these actors’ different interests in the industry. For instance, EIOPA’s consultation on open insurance received 50 responses, including from 19 industry associations, six insurance or reinsurance firms, two insurance intermediaries, three technology companies, two consumer associations, and three academics (EIOPA, 2023b).
China
China’s fintech innovation has leaped past the US (Chorzempa, Reference Chorzempa2022) and it has been very active in InsurTech as well. By 2020, InsurTech premiums were RMB 298 billion, accounting for 6% of the total insurance industry premium market (England, Reference England2021). For years, the fintech sector in China was remarkably freewheeling and lightly regulated, but recent years have seen a sustained and harsh crackdown, fueled by popular dissatisfaction with poorly designed and regulated products and fraud, and by the threat that the power of the financial industry could pose to the control of the Chinese Communist Party (Chorzempa, Reference Chorzempa2022). For instance, Hu Xiang Bao, a platform-based plan for critical illness insurance operated by Ant launched in 2018 and grew to 100 million members a year later, similar in number to traditional critical illness policies in China, but the platform was declared illegal in 2020 and shut down in 2022 (Fang and Xu, Reference Fang and Xu2023: 32). The regulatory crackdown on online insurance led to a 23% decline in online health insurance in the first half of 2022 and the exit of firms from the market. Among a series of regulatory announcements was a 2021 notice aimed at ‘Rectification of Internet Insurance Chaos’ (Khanna, Reference Khanna2022). Corruption charges were also lodged against two senior officials who had been active in insurance regulation (Gaixinglobal, 2024; Zheng, Reference Zheng2024). By 2023, there were signs that the crackdown was easing (Soon, Reference Soon2023). Overall regulatory efforts have been consolidated in an effort to better cope with the complexity of the industry. For instance, the key National Financial Regulatory Administration was joined by the People’s Bank of China, the National Development and Reform Commission, the Ministry of Industry and Information Technology, and the China Securities Regulatory Commission in the issuance of an action plan for digital finance (People’s Bank of China, 2024). This plan includes promoting green finance and rural revitalization amongst other policy priorities.
The state exercises more political control over the insurance industry than in other major jurisdictions, and this adds major political and ethical components to insurance regulation. A 2024 speech by the head of the central regulator to the Insurance Association of China called upon the industry to ‘deeply study General Secretary Xi Jinping’s important expositions on financial work’ (National Financial Regulatory Administration, 2024). The state directly owns several of the larger insurers (Chorzempa and Véron, Reference Chorzempa and Véron2023: 5). While this could be viewed as problematic political interference which ‘hampers supervisory independence and makes it difficult to establish accountability for regulatory failures’ (Chorzempa and Véron, Reference Chorzempa and Véron2023: 2), it certainly also introduces non-market values into the regulatory system.
Although China’s insurance regulator is a member of the IAIS as is the Hong Kong Insurance Authority (IAIS, 2024b), China has not yet been a significant presence in IAIS reports relevant to InsurTech, although TongJuBao, a P2P insurance platform has been briefly featured (IAIS, 2018a: 12). It is likely that China will become more assertive in global InsurTech regulatory issues as it has in other areas of digital standard setting (Cantero Gamito, Reference Cantero Gamito2023; Cheng and Zeng, Reference Cheng and Zeng2023; Hoffmann et al., Reference Hoffmann, Lazanski and Taylor2020). As well, there are other channels that carry the influence of China’s regulation of InsurTech beyond its borders. Half the world’s top 40 insurance companies have entered the Chinese market (Global Times, 2024). Chinese banking and insurance regulators have engaged in bilateral discussions such as a 2024 agreement on insurance supervision with Brazil (Government of Brazil, 2024).
US
Despite the strength of InsurTech innovations in the US, and the prominence of the US in other cross-border regulatory issues areas such as banking or intellectual property (Kapstein, Reference Kapstein1989; Sell, Reference Sell2009), US regulators have a surprisingly weak presence in global discussions of InsurTech regulation and governance. In part, this is due to the fragmentation of insurance regulation, since it is at the state level, with the NAIC providing coordination and opportunities for information sharing. Unlike many business associations, the American InsurTech Council (AITC) (n.d.) which is ‘a dedicated, independent voice for legacy insurers, insurtechs, and other stakeholders, driving public policy and advocacy designed to accelerate ethical digital innovation in insurance’ makes no mention of international issues on its website. Of the 32 documents referenced in the IAIS report on AI/ML regulation (IAIS, 2023: 3), only two are from the NAIC.
There is however a history of collaboration between EIOPA and the NAIC. In 2012, the Federal Insurance Office in the US Treasury (n.d.) convened a US-EU regulatory dialogue ‘Project’ which over the years has included digital technology issues in its discussions. For instance, a report of the Project’s Big Data Working Group (2020) notes that, ‘An insurer should not rely on a third-party vendor’s assessment that the use of non-traditional insurance data points, such as a consumer’s purchase history or internet activity, is not a proxy for the use of a prohibited factor, such as race, religion, or national origin.’ On the use of AI, the report acknowledges EIOPA’s work and notes the creation of a NAIC Artificial Intelligence Working Group that will use the OECD AI principles as a starting point for the regulatory response to the use of AI in insurance. A report of the Project’s Innovation and Technology Workstream (2023) notes that, ‘while the use of complex algorithms and AI/ML can provide new opportunities for businesses and consumers across the insurance sector in the US and EU, it also raises new challenges such as consumer privacy and the need to protect against both intended and unintended unfair discrimination that may result from the use of algorithms’.
The two NAIC reports cited in the IAIS report on AI/ML regulation are the NAIC’s Principles on Artificial Intelligence (NAIC, 2020) and its Model Bulletin setting out expectations of usage of AI by insurance companies (NAIC, 2023). The principles document is a brief two-and-a-half-page statement of five principles. The Model Bulletin (NAIC, 2023) includes provisions for all insurance firms to ‘develop, supplement and maintain a written program (an ‘AIS Program’) for the responsible use of AI Systems’. The AITC represented the US insurance industry actively on these and other InsurTech-related regulatory initiatives. For instance, on the NAIC’s draft AI Principals the AITC (2020) agreed with the goal of ‘more equitable outcomes and less unfair discrimination’, but called for the deletion of the NAIC draft statement that AI ‘should generate benefits for people that are greater than the cultural, social and legal costs’, asking ‘Who would act as the final arbiter of the value of those purported costs, or the value of the benefits associated with AI?’, and arguing for reliance on market discipline instead. The sentence was deleted in the NIAC’s final version.
Overall, NAIC is actively engaged with InsurTech regulatory issues in coordination with EIOPA. The content of its engagement is not only about expanding market opportunities but also about social and ethical concerns. At the same time, the NAIC’s work is more instrumental and less ethically reflective than EIOPA’s, and with EIOPA exercising more leadership and the NAIC less than is often the case in other international regulatory issue areas.
Conclusion
This article has argued for the integration of the more firm-level insights of the SSI literature on InsurTech with analysis of the cross-border, regulatory, and structural features of the industry, assisted by bringing together themes from assemblage and international political economy theories. Assemblage theory is especially useful in highlighting the decentralized but connected and emergent forms of cross-border industry transformations and regulatory responses, shaped by mixes of ideas, material factors, and the properties of technologies. International political economy themes are useful in highlighting power relations within industries and between jurisdictions and regions. A goal of the article has been to show that regulation, including its cross-border aspects, is not simply an exogenous constraint on InsurTech practices, but is instead part of the contestations between ethics and profit-seeking or culture and data that the SSI literature insightfully reveals at the firm level.
The second section of the article analyzed the axes of differentiation of the industry, examining especially the stages of the insurance value chain, the relations between incumbent, start-up and Big Tech firms, and national and regional territorial differentiation, while mentioning more briefly differentiation by product line. This differentiation involves a dispersal of functions across different types of firms in different locations across the globe but also ongoing relations across these boundaries. Overall, it showed that start-ups and Big Tech are strengthening incumbent insurers more than challenging them and that rather than being an abstract relentless imperative, digitization has nuanced effects at the industry and cross-border levels similar to the nuance the SSI literature highlights at the firm level. These features of the industry are an important medium connecting firm-level activities and global regulatory arrangements. This includes the contribution of the ongoing centrality of incumbent firms to the capacity of global regulatory arrangements to continue to shape the industry despite the entry of start-ups and Big Tech firms.
The third section of the article examined four key locations contributing to global regulatory arrangements, the IAIS, EIOPA, China, and the NAIC. Consistent with assemblage theory there is no centralized mandatory regulatory capacity at the global level, but rather a collection of institutions, rules, practices, and ideas that can come together to respond to emergent issues such as InsurTech. These go beyond these four key locations but are also amplified and transmitted through these locations, with emergent standards often working into mandatory regulation at the national or subnational levels. These locations interact as much with the changing global industry and its technologies as with the states that are associated with the locations. At the same time, the relations between jurisdictions and regions matter, with EIOPA making a larger contribution to the ethical dimensions of InsurTech regulation, the US being more laissez-faire, and China displaying more central control. This is similar to the pattern in internet and AI governance (O’Hara and Hall, Reference O’Hara and Hall2021; Paul, Reference Paul2023). The content of discussions in these four locations shows that these regulatory arrangements do not simply promote the expansion of market opportunities, or the monetization of data associated with Big Tech and surveillance capitalism. Ethical, social, and cultural factors other than profit or economic efficiency are important, as they are at the firm level.
The discussions reveal the creation of cross-border consensus, best practices and standards that will work their way into mandatory regulation at the national or subnational levels, which then will reshape practices at the firm level. The industry is very much part of this transnational process, not just in producing the activities that constitute InsurTech, but through negotiation and advocacy with regulators, as evident in EIOPA and NAIC consultations. This may in part involve ‘riskwashing’ (Brown and Piroska, Reference Brown and Piroska2021) designed to create an illusion of effective regulation to allow business to continue to exploit and dehumanize. As well, there are alignments between the industry’s search for new markets and ethical commitments to inclusion. At the same time, the rationale and motivations for the ethical content of regulatory discussions are not only tied to market opportunities but also norms and laws that are based on ethical or social goals. The discussions involve contestations that are not predetermined and that construct regulations and standards with varying mixes of commercial and ethical considerations. Future research can further illuminate these contestations and the locations in which they occur. Overall, this article has demonstrated the connection between cross-border industry structures and regulatory arrangements to the more firm-level properties of InsurTech that the SSI literature on InsurTech illuminates.
Acknowledgments
The research assistance of Mackenzie Porter, PhD candidate, Department of Political Science, McMaster University, is gratefully acknowledged. This research has been supported by SSHRC Insight Grant 435-2021-0155. An early version of this article was presented at the 2024 International Studies Association Annual Convention, and comments from participants in that session are also appreciated as are valuable comments on earlier versions of this article from this journal’s editors and peer reviewers.
Open access
