AI governance in US insurance.
US insurance is state-regulated, but the NAIC Model Bulletin establishes a national AI governance baseline. Colorado SB 21-169 is the most advanced state requirement. State unfair trade practices laws apply to AI outcomes in every jurisdiction.
Regulatory obligations at a glance
Key frameworks applying to AI in US insurance.
Adopted December 2023. Requires insurers to implement an AI governance programme covering board accountability, model risk management, data governance, explainability, bias testing, and consumer protection. De facto national baseline for AI governance examinations.
HighEffective 2023. Requires insurers to adopt a governance programme for external consumer data and information sources, prohibit use resulting in unfair discrimination, and file a written statement of compliance with the Colorado Insurance Commissioner.
HighAll states prohibit unjust discrimination in insurance. AI systems producing outcomes that systematically disadvantage protected groups — even without using protected characteristics as inputs — may constitute unfair trade practices under state law.
HighWhere insurance AI uses consumer report data, FCRA adverse action notice requirements apply — insurers must provide specific reasons for adverse decisions, not just reference to algorithmic output.
HighState insurance departments are conducting market conduct examinations specifically focused on AI. Examiners request AI model documentation, bias testing results, governance programme evidence, and consumer complaint data.
HighFTC jurisdiction over unfair or deceptive practices applies to insurtech and insurance-adjacent AI products. AI misuse in consumer insurance contexts — including discriminatory outcomes — creates FTC enforcement risk.
Medium