AI Assurance

Insurance AI Assurance Report (2025): Balancing Innovation, Fairness, and Compliance

A comprehensive analysis of the regulatory landscape, risk themes, and enforcement trends shaping AI adoption in the insurance industry, covering NAIC guidance, Colorado regulations, EU AI Act compliance, and emerging governance challenges.

Insurance AI governance and compliance framework

Puneet Anand

Fri Aug 22

Insurance AI Assurance Report (2025)

Balancing Innovation, Fairness, and Compliance in Risk-Based AI

Download Insurance AI Assurance Whitepaper

Executive Summary

Artificial intelligence is reshaping the insurance industry, from underwriting and pricing to claims processing and fraud detection. Insurers see opportunities for efficiency and personalization, but regulators are increasingly focused on fairness, transparency, and accountability.

Concerns center on whether AI can perpetuate unfair discrimination, whether third-party vendor models are adequately governed, and whether firms are overstating their AI capabilities in ways that mislead consumers. In 2025, state regulators, federal agencies, and international bodies have all sharpened their oversight of AI in insurance.

This report explores the regulatory frameworks shaping insurance AI, outlines key risk themes, highlights notable enforcement stories, and reviews adoption metrics across the United States and Europe.

Regulatory Landscape

NAIC Model Bulletin
The National Association of Insurance Commissioners (NAIC) issued a Model Bulletin on the Use of AI by Insurers to provide consistent expectations for governance, bias testing, data controls, and documentation. The bulletin emphasizes that insurers remain accountable for AI decisions, even when using third-party vendors.

By 2025, more than 20 states —including Alaska, Connecticut, Illinois, Massachusetts, Michigan, New Jersey, and Wisconsin—had adopted the bulletin, reflecting growing momentum for harmonized oversight.

Colorado Regulation 10-1-1
Colorado continues to lead state-level rulemaking. Its Regulation 10-1-1 requires governance and risk management standards for external consumer data and information sources (ECDIS) and algorithms used in life insurance underwriting. In 2025, rulemaking expanded the regulation’s scope to cover auto and health insurance, reinforcing Colorado’s role as a testing ground for insurance AI regulation (Faegre Drinker).

European Union and EIOPA
On the EU side, the European Insurance and Occupational Pensions Authority (EIOPA) issued an opinion on AI governance in insurance following the EU AI Act. Many life and health underwriting systems are expected to be classified as “high-risk” under the Act, requiring conformity assessments, transparency, and human oversight (DLA Piper).

Risk Themes

Unfair discrimination.
AI systems can unintentionally rely on proxy variables (like ZIP code or purchase history) that correlate with protected characteristics. Actuarial groups and regulators warn this can lead to unlawful disparate impacts in pricing and claims (Investopedia).

Vendor and third-party oversight.
NAIC guidance stresses that insurers remain accountable for AI decisions even when models are sourced from vendors. Firms must document governance, conduct due diligence, and maintain testing protocols (Holland & Knight).

Deceptive marketing.
The Federal Trade Commission’s “Operation AI Comply” has put insurers and vendors on notice that exaggerating AI capabilities or making misleading claims will be treated as deceptive marketing.

Stories and Enforcement

State-level momentum.
Colorado’s 2025 special legislative session debated additional AI accountability measures in insurance, reflecting national tensions between innovation and consumer protection (Axios). Other states are watching closely, and some are expected to follow with similar rules.

Pushback on health coverage AI.
Following reporting on Cigna’s use of algorithms to deny claims, lawmakers in Connecticut introduced a proposal to restrict or closely scrutinize AI-driven denials of health coverage (CT Insider). This reflects growing political and consumer sensitivity to AI-driven decision-making in critical areas like healthcare coverage.

Numbers and Metrics

  • By mid-2025, 20+ states had adopted the NAIC AI bulletin, signaling accelerating alignment across the U.S. regulatory landscape.

  • Colorado remains the most advanced state, with Regulation 10-1-1 expanding from life insurance to auto and health lines.

  • In the EU, EIOPA estimates that a majority of AI applications in life and health insurance underwriting will fall under the “high-risk” category of the AI Act, subject to compliance obligations.

Conclusion

AI in insurance is no longer optional—it is central to underwriting, pricing, claims, and fraud detection. But with this adoption comes heightened scrutiny. Regulators are emphasizing fairness, transparency, and accountability, with state-level innovation (Colorado), harmonized guidance (NAIC), and cross-border rules (EU AI Act) shaping the landscape.

For insurers, the path forward is clear:

  • Audit models for unfair discrimination.

  • Maintain governance over vendor systems.

  • Avoid overstating AI capabilities in marketing.

  • Prepare for evolving global obligations, including EU conformity assessments.

The central message is that AI in insurance must be governed with the same rigor as core actuarial and compliance processes. Firms that fail to demonstrate fairness, safety, and accountability risk reputational harm and regulatory action.

Download Insurance AI Assurance Whitepaper