U.S. regulators widen AI scrutiny

Insurance regulators are getting more specific about AI. For a while, the big question was whether insurers were using new data and models in ways that quietly produced unfair prices. Now the question is broader — and tougher. Regulators want to know how AI systems shape underwriting, claims, fraud detection, and prior authorization, and what documentation exists when those systems affect a consumer. ### What changed? The shift is from principles to supervision. The National Association of Insurance Commissioners adopted its AI model bulletin in December 2023, but by 2025 and 2026 the work turned operational: regulators launched surveys, pushed more states to adopt the bulletin, and started building an AI Systems Evaluation Tool for actual examinations. That means insurers get reviewed. ### What are regulators actually looking at? Basically, anything that helps make or support a decision affecting a policyholder. The NAIC’s framework explicitly covers underwriting, pricing, claims handling, fraud detection, and utilization management. The model bulletin also says insurers need written AI governance programs, testing, documentation, and oversight of third-party vendors — not just their own in-house models. ### Why does insurance get special scrutiny? Because insurance decisions are consequential in a very old-fashioned way. A model can raise a premium, deny coverage, flag a claim, or slow down medical approval. Regulators do not really care whether the tool is branded as “AI” or something duller like advanced analytics. The legal standard stays the same — no unfair discrimination, no matter what happened. ### How far along is this? Far enough that vendors should stop treating it like a future problem. The NAIC said in May 2025 that nearly 30 states had enacted the AI bulletin or similar guidance. In the same release, it said 84% of surveyed health insurers were already using AI or machine learning in some form, and nearly 92% reported governance principles modeled on that, so oversight is catching up to reality, not speculating about it. ### Why does explainability matter so much? Because “the model said so” is not a defense. The bulletin tells insurers to be able to show governance, testing, and controls around systems that affect consumers. The evaluation tool under development points the same way — examiners want something they can inspect. Think of it less like auditing a model — what data went in, what logic ran, who reviewed it, and what guardrails were supposed to catch bias or drift. ### Where does the federal government fit? Mostly as a parallel pressure point, not the main insurance cop. Insurance regulation in the U.S. is still state-based, and the NAIC is actively defending that turf. In March 2026 it argued that existing state insurance laws already apply whether decisions are made by humans, algorithms, or outside vendors. ### So what does this mean for insurers and AI vendors? The easy sales pitch — faster decisions, lower costs, better segmentation — is no longer enough. The product now has to survive an exam. That means documentation, model governance, vendor management, bias testing, and the ability to explain outcomes in plain English. In practice, the commercial advantage is shifting. ### Bottom line? U.S. regulators are widening AI scrutiny from rates to decision systems. The real story is not a single ban or headline enforcement action. It is that insurance AI is being pulled into ordinary supervision — and once that happens, black boxes start looking like liabilities.