Open insurance

Category: Insurtech · Reviewed by Jake Leat, Associate Director · Last reviewed 2026-06-10

Open insurance is the conceptual extension of open banking and open finance to insurance: a regime under which policyholders can authorise third parties to access their insurance data through standardised application programming interfaces, and under which insurers may be required or incentivised to expose such data in agreed formats. In the United Kingdom it remains a policy concept rather than a statutory regime, but it is moving through the Joint Regulatory Oversight Committee’s roadmap for Open Finance.

Category: Insurtech Also known as: open finance for insurance, insurance data portability Established / Coined: EIOPA Discussion Paper on Open Insurance (January 2021) Related concepts: Insurtech, API-led insurance, Embedded insurance

Definition

Open insurance describes any arrangement under which a customer’s insurance data (policy details, claims history, premium and renewal information) can be shared with third parties — typically via APIs — under the customer’s authorisation, and any arrangement under which insurers or intermediaries expose product-level data (terms, prices, target market information) to authorised third parties for purposes such as comparison, advice or aggregation. The European Insurance and Occupational Pensions Authority’s January 2021 Discussion Paper on Open Insurance set out three possible scopes — narrow (customer-permissioned policy data), medium (also covering product data and claims) and broad (covering supervisory data).

In the United Kingdom open insurance has not been legislated as a stand-alone regime. Instead, it features within HM Treasury and the FCA’s wider open finance programme, the Joint Regulatory Oversight Committee’s open banking work and the Smart Data Council established under the Data Protection and Digital Information framework. The Joint Regulatory Oversight Committee’s 2024 roadmap and HM Treasury’s October 2024 update on the future of open banking discuss extending data sharing into other consumer financial sectors including insurance.

Legal / Regulatory basis

The current United Kingdom legal underpinning is the UK GDPR — in particular the right to data portability under Article 20 — together with the Data Protection Act 2018. Article 20 entitles a data subject to receive personal data in a structured, commonly used, machine-readable format and to transmit it to another controller, although in practice insurers rely on subject access requests because portability has not been operationalised through standardised insurance APIs.

The FCA’s Call for Input on Open Finance (December 2019) and Feedback Statement FS21/7 (March 2021) confirmed the regulator’s interest in open finance and identified insurance as a candidate sector. The Smart Data Council, established under HM Government’s Smart Data programme, has commissioned cross-sector work on data standards. Internationally, EIOPA’s Discussion Paper on Open Insurance (January 2021) and its 2022 supervisory communications, together with the European Commission’s proposed Financial Data Access regulation (FIDA), have shaped expectations: FIDA proposes a permissioned data-sharing regime for in-scope financial data including non-life insurance, although the United Kingdom is not bound by it.

Conduct expectations remain anchored in ICOBS, PROD 4 and the Consumer Duty (PS22/9), all of which apply to any insurance product or service that uses or is informed by shared data. Where AI is used to analyse the shared data, the FCA and Bank of England Discussion Paper DP5/22 (October 2022) and Feedback Statement FS2/23 set the supervisory frame.

How it works in practice

There is no single open insurance standard in operation in the United Kingdom. In practice three patterns are emerging. The first is private API consortia between brokers, insurers and aggregators, often using ACORD standards or proprietary OpenAPI specifications, with bilateral consent and data-sharing agreements. The second is the use of subject access requests at scale by switching services, sometimes augmented by document intelligence to parse policy schedules. The third is participation in cross-sector data trusts and smart data pilots run under government auspices.

The customer journey when implemented typically follows an OAuth 2.0 or FAPI-compliant consent flow: the customer authenticates with their current insurer, approves a scoped data share to a third party, and the data is delivered over an authenticated API endpoint. The third party may then provide comparison, advice (PROD 4 considerations apply), claims tracking or risk reduction services.

Subsequent developments

The Data (Use and Access) Bill, introduced to Parliament in October 2024, advances the Smart Data framework and could provide the statutory hook for an extended open insurance regime in the United Kingdom. The Joint Regulatory Oversight Committee continues to consult on premium open finance use cases. The European Financial Data Access proposal, if finalised and adopted, would impose direct obligations on European Economic Area insurers and would influence United Kingdom firms operating in the European Union.

Example

A consumer using a household-budgeting application authorises the application, via a permissioned data share, to receive a structured copy of her home and motor policy schedules and renewal dates from her insurer. The application detects that the home policy renews at a 28 per cent uplift the following month and provides a comparison from a panel of insurers — with the comparison engine acting as an authorised broker under FSMA 2000 article 25. The customer chooses to switch and the application’s broker arm handles the bind, mid-term cancellation and refund, all under ICOBS and Consumer Duty obligations.

See also

• /wiki/insurtech-technology-in-insurance/
• /wiki/api-led-insurance/
• /wiki/embedded-insurance-batch-12/
• /wiki/insurance-marketplace/
• /wiki/consumer-duty/

References

1. UK GDPR (retained Regulation (EU) 2016/679) — https://www.legislation.gov.uk/eur/2016/679/contents
2. Data Protection Act 2018 — https://www.legislation.gov.uk/ukpga/2018/12/contents
3. EIOPA Discussion Paper on Open Insurance (January 2021) — https://www.eiopa.europa.eu/publications/discussion-paper-open-insurance
4. FCA Call for Input — Open Finance (December 2019) and FS21/7 (March 2021) — https://www.fca.org.uk/publications/feedback-statements/fs21-7-open-finance
5. HM Treasury, “The Future of Open Banking” update (October 2024) — https://www.gov.uk/government/publications/
6. Joint Regulatory Oversight Committee, Open Banking Roadmap and Open Finance work (2023–2024) — https://www.fca.org.uk/firms/open-banking
7. European Commission Proposal for a Regulation on Financial Data Access (FIDA), COM(2023) 360 — https://eur-lex.europa.eu/
8. FCA / BoE DP5/22 “Artificial Intelligence and Machine Learning” (October 2022) — https://www.bankofengland.co.uk/prudential-regulation/publication/2022/october/artificial-intelligence
9. ICO guidance on the right to data portability — https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/individual-rights/right-to-data-portability/
10. Data (Use and Access) Bill 2024 — https://bills.parliament.uk/

This entry is part of the Apex Insurance Wiki. Last reviewed by Matt Bartlett on 2026-06-10. Next review: 2026-12-10.

Apex Insurance Brokers Limited. Authorised and regulated by the Financial Conduct Authority, FRN 724952. Registered in England and Wales, Companies House 07014570. This entry provides general information about UK insurance concepts and is not regulated advice. Consult your insurance broker on your specific position.