The regulatory perimeter inside which AI-driven insurance decisions now have to operate, and the per-decision evidence the regulators ask for.
Every framework below is enforceable today or about to be. Velma evidence is the format both sides expect.
Sorted by soonest deadline first.
AI used in consumer-facing decisions (including insurance underwriting, pricing, and claims) must meet documented governance, impact-assessment, and disclosure obligations enforced by the Texas Attorney General.
Texas joins Colorado as the second comprehensive U.S. state AI law. Penalties are tiered and per-violation.
Final phase of the 2023 amendments (encryption of nonpublic information, asset inventory, and access-control review) must be in place across all NY-licensed financial entities including insurers and CRE lenders.
NY DFS examiners now expect operational evidence on first request, with no remediation grace period.
High-impact AI systems used in financial services, including insurance and credit decisions, must meet new accountability, monitoring, and incident-disclosure obligations under federal Canadian law.
Canadian carriers and reinsurers operating cross-border face an additional federal AI examination surface from this date.
Member states must transpose IRRD into national law. (Re)insurers above defined thresholds must maintain pre-emptive recovery plans, and resolution authorities receive new powers, including write-down and bail-in tools.
Carriers must produce governance and operational evidence for resolvability assessments, including auditable model behavior under stress.
Member states must transpose the amended Solvency II framework into national law, with the new internal-model governance, ORSA, and validation evidence in force from this date.
Internal-model carriers operating across multiple EU jurisdictions must demonstrate consistent governance evidence to every national supervisor.
High-risk AI (including insurance pricing, claims, and underwriting systems) must ship with documented risk management, human oversight, and regulator-readable audit trails.
Original 2 Aug 2026 deadline deferred by the Omnibus VII provisional agreement (May 2026). Standalone systems now in force 2 Dec 2027; embedded systems 2 Aug 2028. Fines up to 7% of global turnover. The deferral confirms the audit-format gap; it does not eliminate it.
Full conformity obligations for high-risk AI in embedded products (including those covered by sector-specific safety legislation) take effect.
Original 2 Aug 2027 deadline deferred to 2 Aug 2028 by the Omnibus VII provisional agreement. Captures the long tail of embedded AI in financial-services infrastructure.
The examiner can cite any of these on first request.
Amended framework tightens governance of internal models and ORSA, including model-change notification and independent validation evidence.
Adopted by EU Council. Transposition into national law is now running; internal-model carriers should treat this as live.
Financial entities, including insurers and reinsurers, must implement an ICT risk management framework, conduct resilience testing, and govern third-party ICT providers, with mandatory incident reporting.
ESAs now have direct supervisory powers over critical ICT providers. Governance evidence is examinable.
Supervisory expectations across IAIS members for AI governance, accountability, fairness, robustness, transparency, and explainability. Applicable to underwriting, pricing, claims, and reserving.
175+ member jurisdictions. Cross-border insurers face multi-supervisor convergence on AI evidence.
Bermuda-domiciled (re)insurers using AI must demonstrate board-level governance, fairness testing, model risk management, and ongoing monitoring, with documentation available on examination.
Bermuda is the largest reinsurance domicile globally. ILS sponsors and reinsurers carry the BMA expectations into every cedant relationship.
Insurers using AI or external consumer data sources in underwriting must demonstrate unfair-discrimination testing, governance, and transparency to the regulator.
NY sets precedent for other large-market states. Evidence-grade audit trail is expected.
A written AIS program governing the entire lifecycle of AI used in underwriting, rating, claims, and fraud, with board-level oversight and vendor-management evidence.
Adopted or proposed in 20+ U.S. states. State DOIs are now asking for evidence on examination.
Life insurers using external consumer data or algorithms must maintain a governance framework, test for unfair discrimination, and produce on-demand evidence to the DOI.
First state-level algorithmic accountability rule in insurance. More states are modeling their bulletins on it.
Voluntary framework (Govern, Map, Measure, Manage) referenced by NAIC, federal agencies, and state regulators as the de facto baseline for AI risk evidence.
Treated as the floor of expectation across U.S. financial-services AI examinations.
Reserve and disclosure framework requiring current-measurement, risk-adjusted, and audit-evidenced insurance contract accounting.
Global standard. Reserving models must produce evidence compatible with the disclosure schedule.
Carriers must document AI governance, vendor controls, and unfair-discrimination testing for consumer-facing models, examined annually.
First U.S. state insurance bulletin specifically targeting big-data and AI; template for other states.
Five stages. The evidence artifact. Sealed forecasts at horizon. Isometric DFD-0.
Formal safety models, ODD, assurance cases, reviewer briefs.
How we are set up and why the trust structure matters.
Direct line to the inventor. No demo, no deck.
Thirty minutes. Architecture, not sales. On the regulatory surface you already know.
