GERMANY Law and Practice Contributed by: Stephan D. Meyer, Lars Fidan, Elisa Otto and Christian Meisser, LEXR
The EU AI Act introduces a further dimension. Where trading algorithms qualify as high-risk AI systems, the developer may face obligations around conformity assessment, documentation and transparency, even if it is not itself a regulated financial entity. This is a developing area where the intersection of AI regulation and financial regulation has not yet been fully tested in practice.
models offer more flexibility but require considerably more regulatory capital and governance infrastruc - ture. The trend is toward hybrid arrangements where insurtechs handle distribution and technology while partnering with licensed carriers for risk-bearing.
9. Regtech 9.1 Regulation of Regtech Providers
8. Insurtech 8.1 Underwriting Processes
Regtech providers are generally not subject to finan - cial regulation in their own right. A company offering compliance software, AML screening tools or regula - tory reporting automation is typically classified as a technology vendor, not a financial services provider. The regulatory exposure comes indirectly. Financial institutions that outsource compliance-critical func - tions to regtech providers must ensure those providers meet the standards required by MaRisk and DORA. If a regtech provider is designated as a Critical ICT Third-Party Provider under DORA, it becomes subject to direct oversight by the relevant EU Lead Overseer, a material step that transforms a commercial vendor relationship into a regulated one. There is also a functional boundary: where a regtech provider effectively performs regulated services rather than just supplying tools, it may cross into the regula - tory perimeter. The line between enabling compliance and performing compliance is not always obvious. 9.2 Contractual Terms to Ensure Performance and Accuracy Financial institutions in Germany impose increasingly stringent contractual terms on regtech and other tech - nology providers, driven by a combination of regulato - ry requirements and hard-won operational experience. Under DORA, the contractual framework for ICT ser - vices provided to financial entities must include specif - ic minimum provisions covering service descriptions, data handling, security measures, audit rights, exit strategies and incident reporting obligations. These requirements are dictated by regulation and represent a compliance floor that cannot be contracted away.
Insurtech companies in Germany use a range of tech - nology-driven underwriting approaches, including AI- based risk assessment, automated claims processing and telematics data analysis. Regulation does not pre - scribe a specific underwriting methodology but sets boundaries around how it is applied. BaFin expects that insurers and intermediaries using automated underwriting systems maintain transparen - cy, fairness and non-discrimination in their processes. The EU AI Act classifies certain insurance underwrit - ing applications as high-risk AI systems, requiring conformity assessments, documentation and human oversight. BaFin has indicated that algorithmic under - writing models must be explainable and that insurers retain ultimate responsibility for underwriting deci - sions. 8.2 Treatment of Different Types of Insurance German insurance regulation under the VAG distin - guishes between life, health and non-life (property and casualty) insurance, each with distinct capital, reserv - ing and policyholder protection requirements. Insurtech activity in Germany is concentrated in non- life segments: household, travel, pet, gadget and embedded insurance products. These segments offer shorter product cycles and lower regulatory barriers to entry. The market includes both full-stack insurtechs holding their own VAG licence and intermediary models that distribute products underwritten by established carri - ers. The intermediary route is faster to market but lim - its control over product design and pricing. Full-stack
322 CHAMBERS.COM
Powered by FlippingBook