Insurers between supervision and digitalisation

What defines the sector

Insurance is an industry of long timelines. A life insurance contract accompanies the insured for decades; a health policy spans an entire working life. That longevity shapes every IT decision — migrations are expensive, data models outlive architectures, and supervisors expect consistency across the full lifetime.

Each line of business has its own logic: life with actuarial work and capital investment; health with treatment tariffs and PKV specifics; property and liability with claims and deductibles; reinsurance with treaties on large risks. Primary insurers, reinsurers, brokers, sales partners and pools form the market structure.

BaFin supervises under the VAG; on the European level EIOPA with Solvency II. Add VAIT (insurance-specific IT supervision), DORA for digital resilience, MaGo for business organisation, and a dense GDPR environment — health data, claims photographs and telematics data demand particular care.

Current challenges

Insurers run several large building sites at the same time — and most of them interact.

VAIT and DORA. IT supervisory expectations have tightened noticeably in recent years: outsourcing and third-party management, cyber resilience, contingency plans, penetration tests and continuous vulnerability monitoring. DORA has added EU-level ICT resilience obligations since 2025 — and forces tighter discipline at the interfaces with service providers.

Policy migrations. Books from mainframe environments, ageing Java monoliths or merger-driven combined systems must be modernised — during live operations, over years, without losing historical contract logic. These projects are the most expensive and riskiest in the industry.

Claims automation. First-line triage by language models, image classification for property damage, automatic settlement of small claims, plausibility checks on applications — handling becomes increasingly data-driven. Prerequisite: clean data models, documented decision paths, auditable models.

Embedded insurance. Tariffs migrate into other companies' sales channels — car dealers, travel platforms, device makers. APIs become a sales channel, with all the identity, consent and data-protection questions that come with that.

Mergers and acquisitions. Industry consolidation regularly produces combined IT landscapes — different policy administration systems, divergent tariff catalogues, duplicate claims pipelines. Integration bridges are rarely standard software.

Why custom software

Standard policy administration covers the booking core. As soon as the layers above come into view — application journeys, claims pipelines, sales-partner APIs, data analytics — insurer-specific quirks dominate. Standard software ends here; custom solutions begin.

Tariff variety is the main reason: every line, every product, every insurer has its own tariff logic, risk questions and claims classification. Sales partners have their own interface preferences. Idiosyncrasies from historically grown contracts or from acquisitions can't be squeezed into a standard configuration.

Concrete examples of custom components that pay off in practice:

• Application journeys for sales partners: white-label front end, embedded in a broker's or car dealer's portal, with a clean hand-off into policy administration.
• AI-assisted claims pipeline: photo capture for property damage, automatic first classification, plausibility checks, hand-off to a case worker with a prepared recommendation.
• Analytics tools for actuarial work: claims history, trend analysis, lapse early warning — with models that remain explainable to the supervisor.
• Migration tools for portfolio takeovers: data enrichment, tariff mapping, rule-based validation — fully auditable.

Our position: we build the components standard policy administration doesn't cover — and make sure the interface to the standard system stays clean, documented and VAIT-fit. Insurance-specific depth isn't concept theatre for us; it's craft.