Certification highlights growing focus on risk controls as AI regulation tightens
Hanwha Life said on Wednesday that it has obtained ISO/IEC 42001, an international certification for artificial intelligence security and governance, becoming the first insurance company to do so. The move reflects how financial institutions are beginning to formalize oversight of AI systems as their use expands across customer service, sales, and internal operations.
The certification suggests that Hanwha Life has established structured processes to manage AI-related risks and accountability, rather than treating AI simply as a technology add-on. As insurers increasingly rely on AI-driven tools, governance has emerged as a key issue alongside performance and efficiency.
What ISO/IEC 42001 measures
ISO/IEC 42001 is a global standard issued by the International Organization for Standardization that focuses on how organizations manage AI systems across their full lifecycle. Unlike technical performance benchmarks, the standard examines governance and control frameworks.
Specifically, it evaluates whether organizations maintain:
- Clear accountability for AI decision-making
- Defined controls from planning and development to deployment and retirement
- Ongoing monitoring of risks linked to data, models, and operations
The standard applies not only to AI developers, but also to companies that deploy and operate AI systems in real-world services.
Impact on Hanwha Life’s AI services
With the certification in place, Hanwha Life said it plans to further strengthen security across AI-powered services already in use. These include customer-facing chatbots, AI-based sales training tools, and translation assistants used in internal and external communications.
The insurer said its focus is on lowering risks that have become more visible with wider AI adoption, such as prompt injection attacks, data breaches, and unintended exposure of personal information. These issues have drawn increased scrutiny in financial services, where trust and data protection are critical.
Governance and control requirements
Hanwha Life said the certification process required the company to meet a wide range of control criteria. These covered not only technical safeguards, but also internal governance and operating procedures.
Key areas assessed included:
- Internal policies and decision-making structures for AI use
- Management standards for AI models and training data
- Systems to detect, monitor, and respond to security or operational risks
Meeting these requirements signals a shift toward treating AI governance as part of enterprise risk management, rather than a standalone IT function.
Managing AI risks beyond security
Beyond cybersecurity, the company said it placed particular emphasis on broader AI risks that can affect fairness and reliability. Hanwha Life said it has strengthened its AI risk management framework to identify and address issues such as algorithmic bias, declining data quality, and vulnerabilities that may emerge during development or live operation.
The insurer also highlighted its AI data management system, which is designed to ensure compliance with personal data protection laws and data ethics principles. According to the company, this system governs the full lifecycle of machine-learning data, from collection and storage to processing and use.
Regulatory pressure as a key driver
Hanwha Life said the certification comes as oversight of AI continues to tighten in Korea and overseas. In particular, the company pointed to Korea’s Basic Act on Artificial Intelligence, which is scheduled to take effect next year, as a factor behind its decision to align internal controls with international standards.
By adopting ISO/IEC 42001, the insurer said it aims to prepare for future regulatory requirements while maintaining consistency across its AI governance practices, even as laws and guidelines evolve.
Outlook: governance as a competitive factor
“This certification is meaningful because it shows that our use of AI has been recognized internationally as safe and responsible,” said Lee Chang-hee, executive vice president of Hanwha Life. He added that the company will continue to strengthen AI security and internal controls to provide digital insurance services that customers can trust.
While the certification does not measure how advanced Hanwha Life’s AI systems are, it highlights a growing shift in the insurance industry. As AI becomes more embedded in core services, the ability to demonstrate strong governance and risk management may increasingly shape how insurers build trust with regulators, partners, and customers alike.
