Solvency II AI Governance Compliance Checklist 2026

/ Agentic AI, ai, ai agents, ai transformation, data, data transformation, governance

Solvency II was not designed with AI in mind, but its governance pillars — the System of Governance, ORSA, and the Own Funds framework — create direct obligations for insurers deploying AI in regulated decisions. This checklist gives CAIO, CDO, and CTO at DACH insurance carriers a structured way to assess whether their AI governance framework satisfies Solvency II requirements as interpreted by BaFin and FINMA in 2026. Each item is grounded in the specific Solvency II Delegated Regulation, BaFin and FINMA supervisory guidance, the EU AI Act, and GDPR requirements applicable in DACH (Germany, Switzerland, Austria).

Model Risk and Solvency II System of Governance

☐ Map all AI models used in regulated decisions to Solvency II governance pillars
STRATEGIC · HIGH

Solvency II Article 41 requires a sound System of Governance covering all material risks, including model risk from AI. Create an inventory of every AI model that influences underwriting, pricing, claims, reserving, or capital decisions. Classify each by materiality and map it to the relevant governance pillar. BaFin and FINMA examiners will request this inventory on entry.

☐ Assign a named Model Risk Owner for every AI model in scope
MEDIUM-EFFORT · HIGH

Solvency II requires clear accountability within the System of Governance. Every AI model used in a regulated decision must have a named owner responsible for performance, documentation, and remediation. Anonymous model ownership is a recurring finding in BaFin and FINMA AI governance reviews. Assign owners at the business unit level, not at the IT or data science function alone.

☐ Integrate AI model risk into your ORSA process
STRATEGIC · HIGH

The Own Risk and Solvency Assessment (ORSA) must reflect all material risks to the business. Insurers deploying AI in underwriting or pricing without including model risk in the ORSA are creating a documented gap that BaFin and FINMA supervisors will challenge. Add an AI model risk section to your ORSA narrative covering model concentration risk, data dependency risk, and model drift risk.

☐ Establish independent model validation for all high-risk AI models
MEDIUM-EFFORT · HIGH

Solvency II Pillar II requires independent review of models used in risk management. Extend your existing actuarial model validation framework to cover ML models: independent validation by a team not involved in model development, documented performance backtesting, and formal sign-off before production deployment. Without this, AI models used in reserving or capital calculations have no Solvency II-compliant validation trail.

Documentation and Audit Trail Requirements

☐ Build model documentation to the standard BaFin and FINMA will audit
MEDIUM-EFFORT · HIGH

BaFin and FINMA supervisory guidance on machine learning (updated 2024–2025) requires documentation covering model purpose, training data, feature engineering, validation results, performance thresholds, and escalation triggers. Design documentation templates to this standard before building models, not as a retrospective exercise. Retroactive documentation has lower credibility with examiners and takes significantly longer to produce.

☐ Implement data lineage from source to AI model output for all regulatory data
STRATEGIC · HIGH

Solvency II requires complete and auditable data lineage for all inputs to regulatory reporting and risk models. AI models using claims, reserving, or capital data must be integrated into this lineage framework — not treated as separate analytical tools. Use Azure Microsoft Fabric, Databricks Unity Catalog, or equivalent tooling to enforce lineage documentation automatically. Manual lineage documentation does not scale and introduces audit risk.

☐ Document explainability approach for each model affecting policyholders
STRATEGIC · HIGH

Solvency II Pillar III transparency obligations, combined with GDPR Article 22 and the EU AI Act, require that AI decisions affecting policyholders can be explained. Implement SHAP-based explanation layers for all underwriting, claims, and pricing models. Maintain pre-approved customer-facing explanation templates reviewed by your legal and compliance teams. BaFin and FINMA examinations increasingly include test scenarios where examiners request explanations for specific AI-driven decisions.

☐ Version-control all AI models and their training datasets
MEDIUM-EFFORT · MEDIUM

Solvency II governance requires the ability to reconstruct any model decision at any point in time. Implement model versioning (MLflow or equivalent) and dataset versioning so that the exact model and data used in any historical decision can be retrieved on demand. This is particularly critical for reserving and capital models where BaFin and FINMA may request retrospective analysis months or years after the fact.

Ongoing Monitoring and Supervisory Readiness

☐ Implement model performance monitoring with automated drift detection
MEDIUM-EFFORT · HIGH

Solvency II requires ongoing assessment of model adequacy. AI models degrade over time as claims patterns, fraud behaviours, and policyholder demographics shift. Implement automated monitoring for data drift and model performance degradation with defined thresholds that trigger review or recalibration. Set governance escalation paths: who is notified, within what timeframe, and what remediation authority they hold.

☐ Conduct annual AI governance review aligned to the Solvency II review cycle
MEDIUM-EFFORT · MEDIUM

Align your AI model governance review cycle to the annual Solvency II internal governance review. This creates a single annual compliance event rather than parallel processes that duplicate effort. The review should cover: model inventory completeness, validation currency, data quality metrics, ORSA model risk section, and regulatory change impact from updated BaFin and FINMA guidance and the EU AI Act.

☐ Run EU AI Act gap analysis for all Solvency II-relevant AI models
MEDIUM-EFFORT · HIGH

EU AI Act high-risk obligations apply from August 2026. Insurance AI models used in underwriting, claims, and fraud scoring are likely to fall under Article 6 high-risk classification. These models require conformity assessment, technical documentation, human oversight mechanisms, and registration in the EU AI Act database. Conduct a formal gap analysis now against your Solvency II model inventory — the overlap between the two regulatory regimes is significant and the documentation can be shared.

☐ Prepare a Solvency II AI governance briefing document for BaFin and FINMA
QUICK-WIN · MEDIUM

BaFin and FINMA increasingly request a structured AI governance overview at the start of supervisory examinations. Prepare a standing briefing document covering: AI model inventory, governance framework summary, validation status, ORSA integration, and EU AI Act compliance roadmap. Having this document ready reduces examination friction and demonstrates proactive governance — a factor that influences supervisory tone and examination depth.

Pro Tips

Engage your BaFin or FINMA relationship manager before deploying AI in any Solvency II-regulated decision. Pre-notification of significant AI initiatives builds regulatory goodwill and surfaces expectations that should inform your governance design from the start.

The overlap between Solvency II model governance requirements and EU AI Act obligations is substantial — documentation, validation, human oversight, and explainability requirements map closely. Build one governance framework that satisfies both, rather than two parallel compliance programmes.

The EU AI Act’s August 2026 compliance deadline for high-risk AI systems creates a natural forcing function. Use the Solvency II annual governance cycle as the vehicle to complete your EU AI Act gap analysis and remediation plan simultaneously.

Ready to Start Your AI & Data Transformation?

mindit.io works with banking, retail, and insurance organisations across DACH, UK, and BENELUX. Talk to our team about your programme. Contact mindit.io →