Cytora earns ISO/IEC 42001 for AI governance in insurance tech

Cytora has attained ISO/IEC 42001 certification for its artificial intelligence (AI) governance processes.

This certification places Cytora among a small group of technology companies globally that have received formal recognition for aligning their AI management and governance frameworks to international standards. ISO/IEC 42001 is the world's first international standard specifically focused on AI governance. The protocol establishes requirements for setting up, implementing, maintaining, and enhancing AI management systems within organisations deploying AI at scale.

AI governance standard

The ISO/IEC 42001 standard is designed to help technology firms demonstrate responsible and transparent AI development. It covers the lifecycle of AI systems, covering topics such as risk management, human oversight, and impact assessments. Cytora's successful certification builds upon its previously achieved ISO 27001 certification, which relates to information security management.

Achieving this level of certification means Cytora has formalised its efforts to embed structured risk reviews, include human-in-the-loop controls, and implement ongoing impact assessments throughout its development and deployment processes for AI technologies.

AI is a central element in Cytora's digital risk processing platform, which commercial insurers use to digitise and manage risk submissions. The platform employs large language models to automate the intake and digital processing of insurance transactions, covering a range of use cases from new business acquisition through to managing claims.

Role of AI within Cytora

Cytora's AI does not perform core underwriting tasks such as risk selection or pricing. Instead, it is employed to automate the intake process, enrich the data contained in submissions, and increase operational efficiency. The firm emphasises that all actions taken by its AI systems are subject to robust audit trails and are explainable, allowing for oversight and review by human decision-makers.

The company stated that certification is intended to provide assurance to insurers that its AI systems are being governed rigorously, with the aim of supporting rather than replacing human expertise in insurance operations.

Business growth and recent developments

The announcement follows recent developments at Cytora, including the launch of a new AI-powered service called Concierge. This service utilises agentic AI to automatically categorise and digitise intake across all transaction types for insurers. Over the past year, Cytora has expanded its partnerships to include firms such as Chubb, Arch, and Everest. The company reported that transaction volumes processed on its platform increased sevenfold in 2024.

Leadership comments

João Domingues, Security Director at Cytora, emphasised that responsible governance is a core part of Cytora's approach as the company increases its use of AI within insurance workflows:

"As AI technology becomes more deeply embedded in our world, it is crucial that innovation is handled responsibly to protect the integrity of the insurance industry and the people it serves. We are therefore proud to be one of the first insurance technology providers to receive ISO/IEC 42001. It reflects our culture and deep commitment to developing transformative technology for the insurance industry in an ethical and accountable way - now and in the future."

Cytora's emphasis on AI governance also dovetails with increasing regulatory and industry expectations for transparency and accountability when deploying machine learning technologies in financial services. With ISO/IEC 42001 certification, the company aims to further reinforce trust among insurer clients and demonstrate compliance with recognised global standards for AI governance.