Since January 2024, artificial intelligence (AI) and machine learning (ML) have become integral across the insurance value chain, from underwriting and claims to customer engagement and fraud detection. With more than 70% of U.S. insurers now using or planning to use AI/ML, regulators have accelerated action to ensure industry modernization does not compromise consumer protection or fairness.
State insurance regulators, coordinated through the NAIC’s Innovation, Cybersecurity and Technology Committee and its Big Data and AI Working Group, continue to lead in crafting principles and oversight grounded in the core tenets of Fairness, Accountability, Compliance, Transparency and Security (FACTS).
Key pillars of the 2025 regulatory landscape
1. NAIC’s 2025 road map: Cementing state oversight
The NAIC’s “Securing Tomorrow” agenda underscores protection of state-based regulation and welcomes AI as a 2025 priority. It calls for enhancing board-engagement, global coordination and insurance-market integrity through AI governance.
2. FACTS: NAIC’s AI principles (Adopted 2020)
The FACTS central doctrine remains current policy, emphasizing:
- Fairness and Ethics: Avoiding bias based on protected attributes
- Accountability: Documenting decision paths and executive oversight
- Compliance: Adherence to all applicable state and federal laws
- Transparency: Informing consumers and examiners how AI systems work
- Safety and Robustness: Strong data, cyber and model management practices
Although not statutorily binding, FACTS continues to underpin state expectations for responsible AI deployment.
NAIC Model Bulletin (December 2023): Implementation as of 2025
In December 2023, NAIC adopted the model bulletin titled “Use of Artificial Intelligence Systems by Insurers” recommending mandatory adoption of a documented AI Systems (AIS) Program aligned with FACTS.
As of June 2025:
- 24 states have fully adopted the model bulletin with minimal changes, now the de facto national standard.ii
- Four additional states have adopted similar guidelines and standards.
Include (NAIC summary):
- A written AIS Program approved by senior management and board
- A governance structure with clear roles, escalation paths and independence
- Consumer notice obligations when AI influences decisions
- Risk management controls appropriate to system risk (bias testing, drift detection, transparency)
- Third party AI management policies, including audit rights and vendor diligence
- Preparedness to support regulatory exam and investigation inquiries (documentation, testing, protocols)
Regulators have already begun market conduct exams and civil exam inquiries, assessing insurers on AIS Program compliance and fair decision-making practices.
Many states are now introducing sector-specific AI laws targeting insurers:
- Colorado: Passed SB 24-205, the Colorado AI Act. Applies broadly to “high risk” AI (e.g. underwriting, claims). Requires consume disclosure, bias prevention and board-approved risk management policies. Will take effect on Feb. 1, 2026.
- Virginia: Enacted HB 2094, closely mirroring Colorado’s AI Act. Awaiting gubernatorial signature.
- Connecticut: Senator Anwar introduced legislation restricting insurers from using AI to deny healthcare claims automatically triggered by a ProPublica investigation. Focuses on ensuring human review in prior authorization.
- Pennsylvania: Proposed HB 1663 requires state licensed health insurers to publicly disclose and define AI tools used in claim decisions
At least 17 states have introduced or advanced AI bills in 2025 targeting insurance, pushing for oversight of bias, vendor practices and AI explainability.
The Senate overwhelmingly voted 99–1 to strike a proposed moratorium on state and federal AI regulation, and the provision was officially removed before President Trump signed the bill into law on July 4, 2025. As a result, state and local governments retain their authority to continue crafting AI guardrails in the evolving legal landscape.
While there is no federal insurance-specific AI law yet, financial regulators, including the Consumer Financial Protection Bureau (CFPB), have made it clear that existing consumer protection laws fully apply to AI and algorithmic models:
- On fair lending, CFPB’s August 2024 comment to Treasury emphasized prohibited bases and urged lenders to implement Less Discriminatory Alternatives (LDAs) if models have disparate impacts.
- Its January 2025 supervisory report directed institutions using credit-scored AI to validate adverse action notices and proactively search for LDAs, even persuading examiners to flag models that use excessive alternative data.
- In June 2024, CFPB finalized a rule governing AI-based home appraisals, reinforcing the need for accuracy, fairness and adverse-action explanation, relevant for insurers relying on automated valuation models.
Insurance entities offering finance-related products (credit scoring, payment plans, auto title lending) must ensure AI tools comply with ECOA, Regulation B, and the Consumer Financial Protection Act, just as human systems must.
In July 2025, the International Association of Insurance Supervisors (IAIS) released an Application Paper clarifying how its existing Insurance Core Principles (ICPs) apply to AI, emphasizing supervisory expectations for:
- Proportionality in controls
- Board-level oversight
- Human-in-loop decision making
- Vendor and third party management
- Audit trails and traceability
These principles align closely with the NAIC model and global best practices.
Based on recent regulatory activity, here's a checklist of updated components insurers should integrate into their AI governance:
- Board approved AI strategy aligned with insurer’s risk appetite and state law
- AI inventory and consumer notice registry triaging high risk models
- Data governance framework: Lineage, bias detection, data minimization and suitability metrics
- Model validation and bias testing, including search for LDAs, drift monitoring and fairness metrics reviewed quarterly
- Explainability radar: Tiered disclosure to consumers when AI affects decisions
- Transparent governance documents: Clear delegation, escalation, independence and audit paths
- Third party vendor oversight protocols: Due diligence, audit rights and contract terms
- Audit trail and record retention that support regulatory exam demands, including versioned data, testing logs and board materials
- Exception and appeal process when AI decisions fail to meet human acceptable thresholds
- Scenario review and incident response plan for emerging risk, show-stopping bias or public scrutiny
The regulatory environment surrounding AI/ML in insurance has evolved rapidly since early 2024. The NAIC’s Model Bulletin is now state law in nearly half the country, and legislative action from Colorado, Virginia, Connecticut and Pennsylvania signals more rigorous, specialized regulation ahead.
For U.S. insurers, whether P&C, life or health, these developments necessitate tightening of AI governance frameworks, operationalizing FACTS-based principles and ensuring robust audit-ready compliance for third party, data and decision-making components.
Insurers operating across multiple states must monitor both model bulletin adoption schedules and new state-specific AI laws, especially in sectors involving underlying credit or health determinations. Meanwhile, there is growing international alignment on AI supervision via IAIS and an emphasis on proportional, risk-based oversight.
Maintaining alignment with these updated regulatory guardrails can allow insurers to continue leveraging AI's potential securely, equitably and with consumer trust intact.
Artificial intelligence in the insurance industry webinar
Below you will find the presentation and recording from our recent webinar, Artificial intelligence in the insurance industry: How to balance innovation with regulatory and ethical considerations. For more information on the subject, and to learn more about how we can assist your organization with its AI strategy, refer to our artificial intelligence and insurance webpages.
Sep. 2025 – Artificial intelligence in the insurance industry: Readiness, risk and real-world impacts



