English 
Português
Open Insurance in Brazil has moved beyond being just a regulatory promise and entered the practical execution phase. For insurance companies, 2026 represents a milestone: the year when compliance with regulations shifts from optional to mandatory.
SUSEP has established clear guidelines through CNSP Resolution No. 415/2021 and SUSEP Circular No. 635/2021, which require insurance companies to implement standardized APIs capable of sharing data with other participants in the financial ecosystem. We’re talking about banks, fintechs, brokers, and other institutions that will need to communicate seamlessly with insurance companies’ systems.
Now, the technical challenge is to ensure high-availability APIs that are secure and fully interoperable with an ever-growing ecosystem.
What has changed with Open Insurance?
Open Insurance is fundamentally about controlled data sharing. Insurance companies need to make product information, proposals, and policies available through APIs that follow specific technical standards, allowing customers to authorize access to their data by other institutions.
The current phase of the program, according to CNSP Resolution No. 415/2021, requires insurance companies to implement complete layers of cadastral and transactional data sharing. Unlike the initial phases focused on open product data, we’re now entering the territory of deep integration with customer consent.
The numbers show the system’s accelerated growth. According to PwC Brasil data, Open Insurance requests rose 80% in one year, jumping from 8.4 million in 2023 to 15.2 million in 2024. SUSEP reports that between September 2023 and September 2024, Open Insurance in Brazil totaled approximately 16.5 million transactions. Compliance goes beyond following the law, as it’s also an opportunity to actively participate in a rapidly expanding ecosystem.
The technical requirements insurance companies need to meet
Open Insurance Brasil’s technical specifications are detailed and rigorous. Insurance companies need to implement API infrastructure that meets specific availability, performance, and security standards established in the technical manuals prepared by the Open Insurance Governance Structure.
The security architecture requires implementation of OAuth 2.0, encryption of data in transit and at rest, plus robust authentication and authorization mechanisms. Each endpoint needs to be documented according to OpenAPI 3.0 standards, allowing third-party developers to understand exactly how to interact with their systems.
Interoperability goes beyond technology. Insurance companies need to integrate with the Central Directory of participants, manage consents through standardized interfaces, and maintain auditable logs of all transactions for periods determined by regulation.
The deadline for full compliance is approaching, and non-compliance can result in significant fines, suspension of product commercialization, and considerable reputational damage.
The IT team’s dilemma
For managers, the scenario is challenging. Research by the Economist Intelligence Unit (2021) revealed that companies on average have a backlog of planned IT projects dating back between three months and one year. Adding a complex project like Open Insurance to this queue means either compromising strategic deliveries or running the risk of non-compliance.
According to a study published in the Journal WJAETS (2024), research indicates that API standardization efforts can reduce implementation costs by 30-40% compared to proprietary approaches, while also significantly accelerating integration timelines. The problem is that internal teams don’t always possess this specialized expertise.
Developing Open Insurance APIs internally requires specific knowledge about regulatory standards, microservices architecture, financial API security, and consent management. These are competencies that internal IT teams don’t always master, which increases development time and the likelihood of rework.
The complexity also lies in continuous maintenance. APIs need to evolve as regulation advances, new participants enter the ecosystem, and technical standards are updated. This creates a permanent demand for specialized technical capacity.
The solution: custom development with specialists
Outsourcing Open Insurance API development to specialized partners solves the time and expertise problem simultaneously. NextAge offers custom software development focused exactly on this type of regulatory and technical challenge.
So, while our team handles the connection architecture and regulatory compliance, the insurance company’s internal team remains focused on core business demands. There’s no diversion of productive capacity nor compromise of strategic projects.
Data from the insurance sector shows that well-implemented APIs can increase operational efficiency by up to 30% and reduce maintenance costs by 25%. Companies like Lemonade and MetLife have built their modern operations around API-first architectures, obtaining benefits such as instant policy approval, real-time policy management, and optimized operational workflows.
Next steps for your insurance company
Open Insurance compliance needs to start with technical diagnosis. Assess the current state of systems architecture, identify which APIs already exist and which need to be developed, map necessary integrations with the ecosystem, and establish a realistic timeline until 2026.
With the regulatory deadline approaching, insurance companies that start the process now have comfortable room for gradual implementation, extensive testing, and adjustments before the deadlines. Leaving it to the last minute increases operational risks and emergency development costs.
Talking with specialists who have already implemented similar solutions saves months of learning curve. NextAge works with financial institutions, from modifications to current systems to comply with new legislation to improvements for greater business efficiency.
Compliance as a gateway to modernization
Open Insurance is not just a regulatory obligation that needs to be fulfilled. It’s also an opportunity to modernize technological infrastructure, improve customer experience, and open new distribution channels.
Choosing the right partner for this journey makes a difference in implementation speed, the technical quality of the solution, and the ability to evolve as the market transforms. NextAge delivers not only regulatory compliance but also frees up internal capacity so your IT team can focus on what truly generates competitive value for the business.
