AI rules tightening globally
New AI regulation is converging on explainability, bias detection and consent requirements — rules that will change how B2B data vendors collect, process and present model outputs. Vendors that can show ‘audit-ready’ models and role-based access will have a competitive advantage in underwriting and claims workflows. (mediacatalyst.in)
The EU AI Act requires providers of high‑risk AI systems to implement automatic lifecycle logging, keep comprehensive technical documentation, and complete conformity assessments before placing systems on the market. (ai-act-service-desk.ec.europa.eu) Article 18 of the EU AI Act mandates retention of that technical documentation and quality‑management records for 10 years after a system is placed on the market. (ai-act-service-desk.ec.europa.eu) The AI Act entered into force on August 1, 2024, and the bulk of high‑risk and transparency obligations become applicable from August 2, 2026. (eur-lex.europa.eu) The NAIC adopted its Model Bulletin on insurers’ use of AI on December 4, 2023, creating the AIS Program expectation for regulated carriers. (content.naic.org) Industry trackers and law‑firm summaries show the Model Bulletin was adopted by 24 states as of April 7, 2025, with trade analyses reporting 25 states plus Washington, D.C. had adopted by March 26, 2026. (hklaw.com) The Model Bulletin instructs insurers to build AIS Programs that document governance, risk controls, internal audit and third‑party vendor oversight across underwriting, rating, claims administration and fraud detection, and specifies documentation examiners may request during inspections. (content.naic.org) Federal enforcement is active: the FTC launched “Operation AI Comply” in September 2024 targeting deceptive or unfair AI claims, and federal agencies including the FTC, DOJ, CFPB and EEOC have signalled coordinated scrutiny of biased AI outcomes. (ftc.gov) NIST’s AI Risk Management Framework and companion guidance for generative AI provide a voluntary playbook emphasizing risk management, explainability, logging and human oversight aligned with the Executive Order on Safe, Secure, and Trustworthy AI. (nist.gov) Consulting and security briefs identify role‑based access controls (RBAC/ABAC), per‑request attribution, immutable audit trails and SOC 2 evidence as practical controls that accelerate regulatory examinations and vendor due‑diligence. (axs-solutions.com) The NAIC explicitly lists claims administration and fraud detection as AI use cases across the insurance lifecycle, and sector analyses from Deloitte document carriers deploying AI to triage SIU caseloads, automate link analysis and shorten review timeframes. (content.naic.org)
