UPDATE – FEBRUARY 2026:
Colorado continues expanding its leadership in regulating AI and algorithmic decision-making in insurance. The Colorado Division of Insurance (DOI) has advanced draft rulemaking to extend Regulation 10-1-1-style governance, risk management, and fairness requirements beyond life insurance to include auto and health insurers. These proposed rules would require insurers to implement formal AI governance programs, maintain detailed documentation on algorithm design and testing, and conduct impact assessments to identify and mitigate potential discriminatory outcomes before deploying predictive models in underwriting, pricing, or claims processing.
The DOI has also signaled that insurers may soon be required to perform structured model impact assessments and demonstrate compliance with fairness and transparency requirements as part of regulatory oversight. While final adoption is expected following public consultation and review, insurers are already being encouraged to align internal governance, testing, and documentation practices with these anticipated requirements.
Colorado’s regulatory framework continues to influence national efforts. Several states, including California and Connecticut, have initiated consultations and working groups focused on insurance AI governance, often referencing Colorado’s approach as a model. In parallel, the National Association of Insurance Commissioners (NAIC) has updated its AI guidance to reflect governance, accountability, and risk-management principles similar to those established under Colorado law.
Also, these developments reinforce Colorado’s role as a national leader in AI insurance regulation. It signals a broader shift toward formal governance, fairness testing, and regulatory oversight of algorithmic decision-making across the insurance industry.
ORIGINAL BLOG POST:
More and More U.S. Lawmakers Considering AI Regulations in Health Decisions
While several U.S. states are considering safeguards for AI’s use in elections, a collection of several states are also considering formal regulations aimed at AI systems used by insurance companies. States like New York, California, Connecticut, and New Jersey have issued warnings or are considering legislation aimed at insurance algorithms. Several government bodies are using Colorado’s path because it was the first state to adopt formal regulations aimed at insurance AI.
Senate Bill 21-169
It all started back in 2021 when Colorado lawmakers passed Senate Bill 21-169, titled “Concerning Protecting Consumers from Unfair Discrimination in Insurance Practices.” It aims to prohibit unfair discrimination based on race, color, national or ethnic origin, religion, sex, sexual orientation, disability, gender identity, or gender expression in any insurance practice.
The bill recognizes that insurers increasingly use external consumer data, information sources (ECDIS), algorithms, and predictive models in their insurance rating, underwriting, claims, and other business practices. While these tools can simplify processes, their accuracy and rationale may vary, potentially leading to negative impacts on insurance availability, affordability, and utilization for protected classes.
To ensure fair and equitable access to insurance products, the bill prohibits unfair discrimination based on the protected classes mentioned above. It also prohibits the use of ECDIS, algorithms, and predictive models that unfairly discriminate based on these protected classes.]
Role of the Insurance Commissioner
The bill directs the Commissioner to lead a stakeholder process and create rules for each insurance type. These rules require insurers to:
-
Disclose their data sources
-
Explain how they use external data and models
-
Establish governance and risk frameworks
-
Perform assessments and correct any discriminatory impacts
Insurers must also cooperate with investigations, and documents obtained during reviews are treated as confidential.
Importantly, the bill does not force insurers to collect sensitive information about applicants. It also avoids overriding existing practices—unless they involve external data and predictive models that could introduce unfair discrimination.
Regulation 10-1-1: Turning Principles Into Practice
In 2023, Colorado adopted Regulation 10-1-1, a governance and risk management framework for life insurers using external consumer data. It emphasizes transparency, accountability, and fairness in algorithmic decision-making.
Key features include:
Senior Management Oversight
Insurers must build strong governance frameworks, approved and overseen by the board of directors. Senior leaders are responsible for developing strategies, assigning roles, and reviewing risks related to algorithms and data use.
Cross-Functional Governance Groups
Each insurer must form a documented governance group. This group includes legal, compliance, risk, product, actuarial, underwriting, marketing, data science, and customer service representatives. It ensures decisions are made with a holistic view of risk.
Ongoing Monitoring & Documentation
Insurers must document policies for designing, testing, deploying, and monitoring algorithms. Regular reviews for model drift, performance, and governance structure are required to maintain compliance.
Third-Party Vendor Accountability
Even if an insurer uses external vendors for algorithms or data sources, the insurer remains fully responsible for compliance. They must document how vendors are selected and supervised to meet regulatory expectations.
Reporting & Compliance
Insurers must submit narrative reports outlining their progress toward compliance. These reports highlight challenges, timelines, and areas still in development. Annual reports must also be signed by a senior officer and detail full compliance.
Even companies not using algorithms or external data must submit an annual attestation confirming non-use.
The Big Picture
If Colorado’s model proves effective, more states are likely to adopt similar rules—especially in auto, health, and other high-impact sectors. Also, the state’s combination of legislation and regulatory guidance provides a blueprint for AI oversight in insurance.
Need Help?
If these two bills prove to be successful in the long-term, it wouldn’t be surprising to see more and more states considering AI regulations on a variety of insurance industries. For assistance in navigating compliance, don’t hesitate to contact BABL AI. Hence, one of their audit experts can offer valuable guidance and support.
