Governed Agentic AI by Industry · Part 2

One governed trust layer for the business of promises

How insurers can put AI agents to work on claims, underwriting, and service while satisfying a global wave of AI regulation, keeping sensitive data home, and bending a cost curve that is quietly getting worse. This is not a list of use cases. It is the architecture.

Insurance · Claims · Underwriting EU AI Act · NAIC · Colorado · NYDFS · FCA · MAS Trust-secured agentic middleware Local specialized models + cost governance Product-agnostic patterns
A dark, modern insurance operations floor with professionals at holographic dashboards showing claims and policy data, a glowing blue-and-violet network mesh overhead forming a translucent shield and umbrella, suggesting an invisible AI protection layer.
A business built on promises, now coordinated by an invisible agentic layer that has to be worthy of them.

Insurance is a business built on a promise: pay the premium, and when the worst happens we will be there. Everything about how the industry is regulated flows from protecting that promise. So when AI agents arrive offering to triage claims, summarize medical records, draft underwriting narratives, answer policyholder questions, and reconcile books of business, insurers face a sharper version of the question every industry is asking.

The capability is real. Claims, underwriting, and service are document-heavy, judgment-heavy, and volume-heavy, which is exactly the work agents are good at. But insurance is also one of the most heavily regulated environments in the world for algorithmic decision-making, and the regulation is getting more specific, not less.

This article is about the architecture that resolves that tension: a single governed trust layer that every agent, model, data source, and vendor tool plugs into. The same pattern we covered for manufacturing in Part 1, focused here on what makes insurance different: a global wave of AI regulation, data that is almost all sensitive, and an economic problem that grows as token prices rise.

The body of this piece is product-agnostic. The patterns matter more than any vendor. There is a short note at the end about how we build toward them.

1 · The regulatory reality: AI rules for insurers are converging worldwide

Insurers do not get to treat AI governance as an emerging best practice. In most major markets it is now written down, and the requirements rhyme with each other.

European Union

The EU AI Act classifies AI used for risk assessment and pricing of natural persons in life and health insurance as high-risk, triggering risk management, data governance, logging, transparency, human oversight, and robustness obligations. EIOPA adds supervisory expectations across the insurance lifecycle.

United States

The NAIC Model Bulletin on insurers' use of AI, adopted by a majority of states, requires a written AIS program, lifecycle governance, and accountability for third-party AI. Colorado's SB 21-169 regime requires testing for unfairly discriminatory outcomes. NYDFS Circular Letter No. 7 (2024) sets expectations for AI in underwriting and pricing, including board-level governance.

United Kingdom & Asia-Pacific

The FCA's Consumer Duty reaches algorithmic decisions that affect customer outcomes. Singapore's MAS FEAT principles and Veritas methodology set fairness and explainability expectations. Canada's OSFI Guideline E-23 brings model risk management obligations to insurance AI.

The details differ. The demands converge on five things:

Every one of those five demands is an architecture requirement wearing a compliance costume. You cannot satisfy them with a policy PDF. You satisfy them with a layer that enforces and records them at runtime.

2 · Why insurance makes ungoverned AI untenable

The regulatory pressure lands on an environment with specific structural hazards.

Nearly all the data is sensitive

Claims files hold medical records, police reports, financial details, and photographs of the worst day of someone's life. Sending that to a third-party model endpoint is not a casual decision, and in some jurisdictions it is not a permitted one.

Adverse decisions carry legal weight

A claim denial, a nonrenewal, a rated-up premium: regulated outcomes with notice requirements and appeal rights. An agent that drafts or influences one is participating in a decision the insurer must defend, sometimes years later.

Old cores, many integrations

Policy admin, claims platforms, rating engines, actuarial models, and a thick web of third-party data vendors. Point-to-point AI integrations into that estate multiply risk: no single place to see, control, or prove what the AI did.

Shadow AI is already inside

Adjusters and underwriters are pasting claim narratives into public chatbots wherever no sanctioned alternative exists. The choice is not whether AI touches your book of business. It is whether it does so through a governed path.

3 · The architectural answer: one governed trust layer

The response to all of this is the same structural move: a single, ubiquitous middleware layer that everything AI-related plugs into. Agents, frontier models, local models, data vendors, core systems, and partner tools all connect through it, and nothing connects around it.

An isometric diagram of a glowing insurance middleware platform. An AI agent, an underwriter/adjuster, and a partner vendor connect down into a layered slab containing gateway, identity, policy, orchestration, and catalog layers; the slab fans out to policy admin, claims management, data repository, and actuarial systems, with a tamper-evident audit trail chained along the side.
The insurance trust layer: one path in, one path out, every action inspected and recorded.

Its layers will look familiar from Part 1, tuned for insurance:

The distinction that matters most, in insurance more than almost anywhere: runtime enforcement, not after-the-fact review. A fairness policy that is checked quarterly cannot stop a bad outcome in the moment. A layer on the request path can.

4 · The cost curve: the problem that grows even if nothing goes wrong

There is a second pressure building alongside regulation, and it is economic.

Frontier model pricing has not followed the steady-decline curve many planned for. Providers are charging more for their most capable models, usage-based pricing compounds as agents chain calls together, and agentic workflows multiply token consumption by design: a single claim triage might touch a dozen model calls across summarization, extraction, drafting, and checking. Multiply that by claim volume and quote volume, and AI spend becomes a line item the CFO asks about.

Treating cost as an afterthought produces the same failure mode as treating governance as an afterthought: unbounded, invisible, and discovered late. A governed layer makes cost a managed property of the system:

Visibility

Every model call flows through one path, so spend is attributable per team, per workflow, per product line.

Budgets & routing

Caps, quotas, and model-routing rules live in policy, not in each application's code.

Caching

Repeated questions over the same policy language or claim documents are served from cache instead of being re-billed.

Right-sizing

The biggest lever of all: most insurance AI traffic does not need a frontier model, which leads directly to the next section.

5 · Local specialized models: cheaper, faster, and the data never leaves

Because every model call, tool invocation, and human correction flows through the one governed layer, the layer accumulates something no individual application ever sees: the complete exhaust of AI activity across the enterprise. The prompts, the documents, the outcomes, and the corrections adjusters and underwriters made. For an insurer, that exhaust is a precise record of how your organization actually adjudicates, underwrites, and communicates.

A routing diagram: incoming AI requests hit a central router; the thick stream of routine requests flows to compact on-premise local models inside a secure perimeter with falling cost, while a thin stream of complex requests goes to large cloud models whose token costs trend upward.
Route the routine to tuned local models inside your perimeter; reserve frontier models for the hard reasoning.

A well-designed layer turns that exhaust into small, specialized local models, tuned automatically to your lines of business, your policy language, your claim types, and your decisions. Frontier models keep handling the novel, hard reasoning. The high-volume, familiar work routes to a small model that has effectively been trained on your book of business, by your book of business: classifying a first notice of loss, extracting fields from an ACORD form, summarizing a medical record, drafting a routine coverage letter.

Dramatically cheaper

Routine work is most of the volume. Serving it from a tuned small model cuts per-call cost by orders of magnitude, and it decouples your unit economics from providers' pricing decisions.

Much faster

A small model tuned to a narrow task responds far faster than a large general one, which matters at claims-queue and quote-funnel volumes.

Sovereign by locality

The models run inside your perimeter. Medical records, claim files, and underwriting data never have to leave to get a useful answer, converting a hard regulatory problem into a non-event.

Learns only your business

The models improve from your traffic and no one else's. No cross-tenant leakage, no generic internet noise, and the improvement compounds the more the governed layer is used.

The same controls apply regardless of which model serves a request. The gateway, the identity binding, the policy checks, and the audit chain do not care whether the answer came from a frontier model or a local one. Governance stays constant while cost falls.

The layer you route everything through for compliance is the same layer that can quietly learn your book of business, turning the cost of oversight into a durable economic advantage.

6 · Human identity in the loop: the adverse-action linchpin

Regulators across every market in Section 1 converge on one non-negotiable: consequential decisions require accountable human oversight. For insurance, the architecture pattern is precise.

  1. Consequence-level holds. Low-stakes work flows at machine speed: summaries, lookups, drafts, classifications. But when a workflow approaches an adverse action (denying a claim, nonrenewing a policy, applying a surcharge, flagging suspected fraud), the action is held until a verified human approves it. Held means stopped in the workflow engine, not logged for later review.
  2. Verified means verified. The approver's identity is established with real assurance (identity proofing, step-up authentication), not a shared queue and a button anyone could press. The approval, the approver, and the evidence they saw are sealed into the audit chain.
  3. Agent identity is bound to a human principal. "The system denied the claim" is never the answer. "This agent, acting on behalf of this named examiner, prepared the recommendation, and this verified human approved it under this authority" is an answer that survives a market-conduct exam.

One pattern, many regulations

This single pattern lines up with the EU AI Act's human-oversight article, the NAIC bulletin's accountability expectations, Colorado's governance requirements, and the FCA's outcome duties simultaneously. Build it once in the layer, and every workflow inherits it.

7 · The operating model: making it stick

The architecture only holds if the organization around it is explicit.

Clear ownership

Someone owns the trust layer as a product. Someone owns the capability catalog and the standards for publishing into it. Someone owns the adverse-action approval queues. In insurance there is a natural ally: the model-risk and actuarial governance functions already know how to own model inventories. The layer gives them a live one.

Compliance mapped to controls, not bolted on

A runtime-enforced, evidence-producing layer maps directly onto the regimes insurers answer to:

RegimeWhat it expectsWhat the layer provides
EU AI Act (life & health pricing is high-risk)Risk management, logging, human oversight, data governanceRuntime policy, tamper-evident audit chain, verified-human holds
NAIC AI Model BulletinWritten AIS program, lifecycle governance, vendor accountabilityThe catalog is the AI inventory; vendor tools enter only through governed entries
Colorado SB 21-169 / Reg 10-1-1Testing for unfairly discriminatory outcomesOne path for all model traffic makes outcome testing and evidence collection tractable
NYDFS Circular Letter 7Board-level governance, third-party oversightLive per-workflow evidence and attribution, exportable on demand
FCA Consumer Duty / MAS FEATFair customer outcomes, explainabilityDecision records with inputs, model identity, and human approvals attached

A repeatable model, not a pilot graveyard

The first deployment is the hard one because you stand up the layer. Every subsequent agent, line of business, and vendor integration is a composition problem inside controls that already exist. That is how AI in insurance moves from proof-of-concept purgatory to an operating capability with a defensible story.

Governed Agentic AI by Industry. This is Part 2. Part 1 covered manufacturing and the plant floor. Next in the series: another regulated, high-consequence environment where the details change but the governance problem rhymes. Follow along if you are working out how to expand AI capability without expanding AI risk.