Embedded insurance represents a needed move forward in how insurance is sold to consumers and businesses in the US. Though it’s a relatively nascent strategy, existing laws already clearly define how embedded insurance can be rolled out—but some gray areas remain.

State power

Given that insurance is regulated in the US on a state-by-state basis, embedded insurance providers have to obtain a license in each state where the insurance product is provided and for each line of insurance offered. Given that embedded insurance offerings are overwhelmingly provided online, this means that embedded insurance players have to obtain a license in all US territories. 

The upstart costs of launching a full-stack licensed insurance carrier operation compel most companies to work with a third-party licensed producer. Producers can receive compensation for the sale of an insurance product, while non-licensed partners that direct users to producers can receive income through clickthrough fees, ad fees, or referral fees.

Clearly, the complex nature of licensing on a state-by-state basis creates a number of ancillary concerns—in terms of business structuring, income models, and territory-specific sales.

Data collection and privacy

As EY writes in its explainer on embedded insurance, businesses looking to enter the space should use advanced analytics “to actionably understand drivers of new product adoption and satisfaction and apply such insights into product and experience design on an ongoing basis.” Such a move helps businesses successfully launch embedded-insurance products and solve for their profitability and scalability over time. 

However, as with licensing regulations, some data privacy laws do change from state to state. The California Consumer Privacy Act, for example, gives consumers the right to delete personal information collected from them and the right to opt out of the sale or sharing of personal data. Embedded insurance carriers dealing with cross-border use cases, such as those in shipping, may also have to comply with international standards like GDPR given an international user base.

Known unknowns

EY identified six industries as those most ready to “go all in on embedded,” including: equipment manufacturers, health care, real estate, financial services, travel, and retail. These industries, however, come with their own regulatory implications. 

Reproductive rights and healthcare are especially in flux in the US on a state-by-state basis, for instance, since the Supreme Court overturned Roe v. Wade last year. This may affect insurance providers and their partners in terms of the potential liability they face in states that have banned certain forms of reproductive healthcare such as abortions, further forcing insurance carriers to consider local legal dynamics that are shifting quickly.