When the European Union AI Act came into force, it was celebrated globally as a landmark moment for artificial intelligence regulation. In many ways it was. But sitting in Nairobi, working inside an insurance platform that processes thousands of policy transactions daily, I kept asking myself a question that nobody in the mainstream governance conversation seemed to be asking: who actually built this framework for us? The honest answer is that nobody did.

The European Union AI Act is built on assumptions that make perfect sense in Brussels but completely fall apart in Nairobi. It assumes that regulators possess the deep technical capacity to audit complex machine learning models. It assumes companies have dedicated legal teams to interpret algorithmic accountability, and it assumes that consumers have meaningful channels for recourse when an automated system makes a decision that harms them. In Kenya, none of these conditions are reliably true yet.

The Insurance Regulatory Authority of Kenya is doing incredibly important work, but it is regulating an industry that is simultaneously digitizing, automating, and adopting artificial intelligence far faster than any framework can keep up with. When a local insurance company deploys an AI model to score claims or assess underwriting risk, there is currently no standardized requirement to explain how that model works, what data it was trained on, or how a consumer can challenge its output.