Find a lawyerOur capabilitiesYour career
Locations
Our capabilities
News

Select language:

Locations
Our capabilities
News

Select language:

hamburger menu showcase image
  1. Our thinking
  3. Blogs
  5. Risk and Compliance
  7. The Infrastructure Powering Modern Insurance
6MIN

The Infrastructure Powering Modern Insurance

Apr 21 2026

For much of the past decade, insurtech was synonymous with digital challengers aiming to disrupt traditional insurers. Venture‑backed start‑ups promised to reinvent underwriting, distribution and customer engagement. While some have succeeded, the most significant technological change now appears to be coming from another direction.

A growing proportion of insurtech activity is focused on B2B infrastructure: technology providers that enable insurers, brokers and MGAs to operate more efficiently, launch new propositions and connect with partners without taking on underwriting risk themselves. This shift brings new opportunities but also important regulatory, operational and strategic implications for insurers.

The rise of infrastructure insurtech

Earlier waves of insurtech focused heavily on direct‑to‑consumer models, often battling high customer acquisition costs and the challenge of achieving underwriting profitability. Today, venture investment increasingly targets firms that support the market’s “plumbing”.

These infrastructure insurtech providers offer, among other things:

  • underwriting and rating engines;
  • policy administration and billing systems;
  • claims automation and straight‑through processing tools;
  • API connectivity layers and integration platforms;
  • fraud detection and analytics solutions; and
  • digital distribution and customer‑facing front ends.

Their technology is typically designed to integrate with, rather than completely replace, existing core systems. By avoiding underwriting risk and capital requirements, they can focus on building scalable software platforms, with revenue generated from licences, usage‑based pricing or revenue‑sharing arrangements.

For insurers, the appeal is clear. Infrastructure providers offer a way to:

  • modernise operations incrementally, without embarking on full core system replacement;
  • digitise specific processes (for example, claims, bordereaux management or document handling); and
  • enable new capabilities such as embedded distribution or ecosystem partnerships.

However, increased reliance on third‑party technology also brings questions around outsourcing, operational resilience and vendor oversight. Regulators are looking more closely at how firms manage dependencies on critical third parties and how they ensure continuity of important business services.

In the UK, this sits alongside the emerging critical third parties (CTP) regime, under which certain technology and service providers to the financial sector may be designated as “critical” and brought within a direct supervisory framework. Even where a particular insurtech provider is not designated, the regime underlines the direction of travel: regulators expect firms to have a clear view of their most important third‑party dependencies, to understand the potential impact of disruption at those providers, and to build those risks into their operational resilience planning, contractual arrangements and ongoing oversight.

Infrastructure as an enabler of new business models

Infrastructure insurtech is a key enabler of new digital business models, including embedded insurance.

Modern distribution models typically require:

  • real‑time pricing and quote‑and‑bind capabilities
  • seamless integration with partners’ interfaces via APIs
  • digital policy issuance and documentation
  • automated claims intake and processing
  • data pipelines that feed platform‑generated insights into underwriting and pricing

Many incumbents still rely on legacy technology stacks that were not designed for this level of connectivity. Infrastructure providers therefore serve as a bridge between traditional systems and modern digital platforms.

Examples include:

  • API‑based underwriting platforms that expose pricing and rules to partners’ applications, enabling instant quotes and binding in third‑party checkout flows
  • claims automation tools that streamline first notification of loss, triage and settlement, improving customer experience and reducing operational cost
  • data and analytics platforms that normalise and interpret data from partners and internal systems, feeding it back into pricing, underwriting and fraud models

In practice, these infrastructure solutions often become embedded in core operational processes. This can deliver significant efficiency gains and enable entirely new propositions, but it also makes the governance of those relationships increasingly important.

Regulatory and operational considerations

As dependence on infrastructure insurtech grows, insurers will need to think carefully about a number of regulatory and risk themes, many of which cut across each other.

Outsourcing and operational resilience

Where third‑party platforms support underwriting, policy administration, claims handling or critical data flows, regulators are likely to view them as material outsourcing or key third‑party arrangements. Firms will be expected to carry out proper due diligence before appointing providers, put in place clear contractual terms covering performance, security, data handling, audit and exit, and monitor performance and risk on an ongoing basis – including concentration risk where multiple critical functions rely on the same supplier. These arrangements also need to be reflected in firms’ operational resilience frameworks, including the identification of important business services, setting impact tolerances and testing how disruption at a provider would be managed.

Data, security and confidentiality

Infrastructure partnerships usually involve large volumes of data, including personal data and commercially sensitive information. Insurers should ensure that data protection and privacy requirements are fully addressed, with a clear allocation of controller/processor responsibilities, and that security standards, incident management processes and notification obligations are clearly defined. Questions of data hosting, access and cross‑border transfer also need to align with regulatory expectations and internal risk appetites.

Model and algorithm governance

Where infrastructure providers supply pricing, underwriting or fraud analytics tools, issues around model and algorithm governance come into focus. Insurers remain responsible for the outputs of those tools and their effect on customers. That means maintaining appropriate oversight of models (including validation, monitoring and periodic review) understanding how models are trained and updated (particularly where AI or machine learning is involved), and having mechanisms to spot and address potential bias or unfair outcomes.

Cross border considerations 

For cross‑border groups, all of this becomes more complex. Infrastructure arrangements need to be mapped against local outsourcing, data and operational resilience regimes in each jurisdiction. A single technology platform used across multiple markets may attract different regulatory treatment in each, especially where local authorities are introducing their own rules for critical third parties or important service providers.

Rethinking the operating model

Beyond pure compliance, infrastructure insurtech also opens up strategic options for insurers, including through partnership and M&A.

Technology architecture and flexibility are central. API connectivity and modular, component‑based architectures are becoming the norm, and that plays to the strengths of insurers that can invest and move at scale. Larger carriers and groups can use insurtech partnerships and acquisitions to accelerate modernisation, selectively bringing key capabilities in‑house while using third parties where it makes sense to do so. The ability to plug new acquisitions or strategic partners into a well‑designed integration layer and data architecture will be a differentiator, and can help avoid being locked into legacy or proprietary solutions that restrict future options.

Data governance and commercial terms are also an area where established insurers can lean in. Infrastructure providers often generate and process valuable operational and behavioural data; insurers with clear data strategies and negotiating leverage are well placed to secure robust rights around access to, and use of, that data. For some, acquiring strategic technology or analytics providers may be the best way to secure long‑term access to critical data assets and tools. Either way, intellectual property ownership and usage rights for platforms, models and derived data need to be clearly defined so that value is protected if relationships evolve.

There is also an opportunity for insurers to use infrastructure insurtech to reshape their role in the value chain. As more operational and technical heavy lifting can be done by specialist providers, insurers can focus investment on where they most want to differentiate, whether that is product design, underwriting expertise, capital strength, brand, or their ability to orchestrate an ecosystem of partners. For some, this may mean building a group of technology and distribution assets through M&A; for others, it may mean deep, long‑term strategic alliances with key insurtechs. In both cases, the aim is the same: to retain meaningful control over the customer and distribution interface, preserve strategic flexibility as the market evolves, and capture a greater share of the value created by new infrastructure.

Integration 

It is clear that the insurtech landscape is shifting. The emphasis is moving away from direct‑to‑consumer disruption towards B2B enablement. Infrastructure providers are reshaping how insurance operations are built and run, and are increasingly central to the ability of incumbents to launch new propositions, connect with digital platforms and respond to customer expectations.

The key question for insurers is how quickly and proactively they will adapt. The next phase of insurtech is likely to be less about “challengers versus incumbents” and more about integration, with technology providers, insurers and platforms each contributing to a shared ecosystem.

Insurers that can position themselves effectively within that ecosystem, leveraging infrastructure to modernise operations while maintaining strong governance, control and strategic flexibility, stand to gain significant advantages in efficiency, speed to market and innovation capacity.

For further information on any of the topics raised please contact the authors or your usual Freshfields contact. 

Tags

fcafinancial institutionsfintechpraregulatoryukfinancial servicesinsurance

Authors

London

Priti Lancaster

Senior Knowledge Lawyer
London

Andy Robinson

Partner
Latest Insights

Latest Insights

NAVIGATE TO
About usLocations and officesYour careerOur thinkingOur capabilitiesNews
CONNECT
Find a lawyerAlumniContact us
NEED HELP
Fraud and scamsComplaintsTerms and conditions
LEGAL
AccessibilityCookiesLegal noticesTransparency in supply chains statementResponsible procurementPrivacy

Select language:
Select language:
© 2026 Freshfields. Attorney Advertising: prior results do not guarantee a similar outcome