NAIC Model Bulletin on Use of AI Systems by Insurers

Summary

The National Association of Insurance Commissioners adopted the Model Bulletin on Use of Artificial Intelligence Systems by Insurers on December 4, 2023. It operationalises the NAIC AI Principles adopted in August 2020 (the FACTS principles: Fair and Ethical, Accountable, Compliant, Transparent, Secure/Safe/Robust) by requiring each insurer to adopt, implement and maintain a written AIS Program. The bulletin is a template that state insurance departments issue as their own regulatory guidance. As of 2025, more than 24 US jurisdictions had adopted it with little to no material change, and additional states have issued related guidance or enacted AI-specific insurance legislation.

How it fits alongside other insurance AI rules

The bulletin does not replace unfair trade, unfair discrimination, market conduct or corporate governance rules that already apply to AI-driven decisions. It tells regulators what an insurer's AIS Program should look like when they examine how those existing rules are being met. Colorado's SB 21-169 and Regulation 10-1-1 impose sharper, quantitative bias-testing obligations for insurers operating in Colorado and sit on top of the bulletin for those insurers. The Colorado AI Act (SB 24-205) adds cross-sector obligations that apply to insurers alongside the bulletin.

Core AIS Program obligations

The bulletin expects a written AIS Program that covers:

• Governance with documented policies, cross-functional roles across actuarial, data science, underwriting, compliance and legal, and senior management oversight.
• Risk management and internal controls proportional to the Degree of Potential Harm to Consumers from each AI use case. Underwriting and claims systems carry tighter controls than back-office assistants.
• Testing and validation for errors, bias and unfair discrimination, with documented results and corrective action when testing fails.
• Third-party vendor oversight including diligence, audit rights in contracts and ongoing monitoring. Responsibility for vendor AI stays with the insurer.
• Documentation and regulatory cooperation so the insurer can produce evidence quickly during market conduct examinations or consumer complaints.

The 2026 AI Systems Evaluation Tool pilot

Beginning March 2026, 12 participating states are running an NAIC-designed evaluation tool with four exhibits:

• Exhibit A: breadth of AI adoption across the enterprise.
• Exhibit B: governance framework and AIS Program structure.
• Exhibit C: deep dive on high-risk systems, with current emphasis on agent-facing AI in claims handling, billing disputes and total-loss decisions.
• Exhibit D: data source review including proxy-discrimination screening for data used in rating, social-media signals and aerial imagery.

Even insurers outside pilot states should treat the exhibits as the template regulators will reuse when examining their AIS Program.

Who this resource is for

• Chief risk officers, compliance officers and general counsel at US-licensed insurers using AI in underwriting, pricing, claims or fraud detection.
• Model validation, data science and actuarial teams building and testing AI systems that feed regulated decisions.
• Managing general agents, TPAs and reinsurers whose models or data feed a Colorado- or NAIC-state-regulated insurer.
• Insurtech vendors providing scoring, ECDIS, claims AI or agent-facing systems that will face downstream diligence.

Common implementation pitfalls

• Treating the bulletin as a policy drafting exercise instead of an operational program with evidence artefacts.
• Excluding external consumer data, credit-based scores, wearables, social-media signals and aerial imagery from the data review.
• Applying a single control level across every AI use case instead of scaling controls with the Degree of Potential Harm.
• Assuming vendor certifications transfer responsibility away from the insurer.
• Ignoring the Evaluation Tool pilot because the insurer is not in a pilot state.

Related VerifyWise resources

For a clause-by-clause walkthrough of the bulletin and how a platform can produce the required evidence, see the NAIC AI Principles and Model Bulletin compliance guide on the VerifyWise site.