Skip to main content
Why Kadence Products AI Agents How It Works The Edge Results FAQ

I'm a...

IMO & FMO Life Insurance Agency Life Insurance Agent
Navigating State Regulatory Expectations for Trustworthy AI: A Compliance Guide for Insurance Agencies
compliance NAIC AI Model Bulletin insurance agency operations AI governance 8 min read

Navigating State Regulatory Expectations for Trustworthy AI: A Compliance Guide for Insurance Agencies

Many agency owners assume AI oversight is optional until Congress passes a federal law. That's wrong: state regulatory expectations for trustworthy AI already carry enforcement weight under existing unfair trade practices statutes, and by late 2025, 23 states plus Washington, D.C. had adopted the NAIC Model Bulletin covering insurance agencies' AI use.

What is the NAIC Model Bulletin and how does it affect insurance agency governance?

The NAIC Model Bulletin is a regulatory guidance document that codifies existing insurance law's expectations for AI governance, not a new statute. It directs insurers and agencies to document AI use, test for bias, and assign board level accountability, according to the National Association of Insurance Commissioners.

The bulletin doesn't invent new obligations; it maps AI oversight onto laws agencies already answer to, most notably the Unfair Trade Practices Act. That means a state examiner doesn't need a dedicated AI statute to cite an agency for an unfair or deceptive AI assisted decision in marketing, underwriting, pricing, or claims. The bulletin is also principle based rather than prescriptive: it doesn't mandate a specific bias testing method, but it does require an agency to prove its AI systems were validated for bias and error before deployment and periodically afterward. For agencies, the practical output is a written AI Systems Program reviewed and formally acknowledged by the board or senior management, treated as a living document rather than a one time compliance memo.

Which states have adopted the NAIC AI Model Bulletin as of 2026?

23 states and Washington, D.C. had formally adopted the NAIC AI Model Bulletin by late 2025, and that count crossed the halfway mark of all U.S. states by early 2026. Agencies licensed across multiple states now face overlapping AI governance duties layered on top of existing conduct rules.

The adoption curve moved quickly once the model language cleared NAIC's working group, and the pace matters for multi-state agencies because the bulletin's expectations don't wait for a state's own rulemaking cycle to catch up.

Milestone Timeframe States or jurisdictions covered
Initial adoption wave Late 2025 23 states plus Washington, D.C.
Broader adoption Early 2026 Over 50% of all U.S. states
Evaluation tool pilot Early 2026 12 state pilot program

An agency writing marketing or outbound scripts for producers licensed in a dozen states can no longer assume one state's silence means safe harbor elsewhere; the working assumption should be that AI governed conduct rules apply broadly and are converging fast.

What are the five core principles regulators expect from insurance AI systems?

Regulators expect insurance AI systems to satisfy five core principles: transparency, accountability, fairness and equity, privacy, and safety, as defined in the NAIC Model Bulletin. These principles apply to AI used in marketing, underwriting, pricing, and claims, not only to models built in house.

Each principle carries a distinct operational duty:

  • Transparency requires an agency to disclose when AI materially influences a decision affecting a consumer, not bury it in a privacy policy footnote.
  • Accountability assigns a named internal owner for every AI system, so no tool operates without a person answerable for its outputs.
  • Fairness and equity requires testing for disparate impact across protected classes before and after deployment, not a one time launch check.
  • Privacy governs how consumer data feeding the AI system is collected, stored, and shared with any third party vendor.
  • Safety requires monitoring for model drift and error rates over time, since a model validated at launch can degrade in production.

These five principles are the vocabulary examiners will use in interview questions and document requests, so an agency's internal policy language should mirror them directly rather than paraphrase loosely.

How should an insurance agency prepare its documentation for regulatory AI examinations?

An agency preparing for AI examinations should maintain a master model inventory listing every AI system's risk tier, owner, and last review date. Regulators plan to apply NAIC's new AI Systems Evaluation Tool, a structured questionnaire piloted across 12 states in early 2026, during market conduct exams.

The documentation set an examiner will ask for typically includes:

  1. A master model inventory covering every AI tool in use, internal or vendor supplied.
  2. Bias mitigation testing records showing dates, methodology, and results, not just a pass or fail note.
  3. Conversation or interaction logs for any AI system that communicates directly with consumers.
  4. Escalation documentation showing how and when a human took over from an AI decision or interaction.
  5. Board or senior management sign off records for the written AI Systems Program itself.

Agencies that build this file incrementally, as tools go live, avoid the scramble of reconstructing a year of records during a live exam window.

What are the major industry statistics for AI adoption across different insurance sectors?

AI adoption varies sharply by insurance line: 92% of health insurers report current or planned AI use, per a Crowell client alert on health payors, while auto, home, and life carriers report adoption near 88%, 70%, and 58% respectively. Bias testing gaps persist even where adoption runs highest.

Insurance sector AI adoption rate Adoption status
Health 92% Current or planned use
Auto 88% Using, planning, or exploring
Home 70% Current or planned use
Life 58% Current or expected use

The gap between adoption and governance is the real story. The same Crowell alert on health payors notes that approximately 33% of health insurers do not regularly test their models for bias, meaning a third of the sector with the highest AI adoption rate is also running the largest unmonitored exposure. Life insurers show the lowest adoption rate of the four lines tracked, which suggests agencies distributing life products still have a window to build governance before adoption catches up to health and auto.

How do third-party vendor compliance liabilities affect insurance agencies using external AI tools?

Insurance agencies remain fully liable for AI tool compliance even when a vendor built or hosts the system, because liability doesn't transfer under state insurance law. Regulators hold the licensed agency accountable for a vendor's bias, privacy, or transparency failures during examinations and enforcement actions.

This reshapes vendor selection into a compliance exercise, not just a features comparison. An agency evaluating an outbound calling or CRM platform should ask the vendor directly how it logs consent, honors opt outs, and suppresses numbers on Do Not Call lists before a single dial goes out, since that logic sits squarely inside the fairness, privacy, and accountability principles regulators now expect documented. Kadence, positioned as AI built to grow life insurance distribution, front to back office, ties its outbound voice layer to consent and suppression checks by design rather than as an add on, which is the kind of vendor architecture an agency can point to during an exam. Agencies weighing whether their current stack can produce that evidence on demand can to compare how a compliance aware front office handles the same lead flow.

What is the NAIC AI Systems Evaluation Tool and when will regulators use it?

The NAIC AI Systems Evaluation Tool is a structured questionnaire that assesses an insurer's or agency's AI governance maturity, piloted across 12 states starting in early 2026. Regulators expect to apply it during market conduct examinations beginning in 2026, according to NAIC's working group tracking.

A structured questionnaire changes the exam dynamic because it standardizes what used to be an open ended document request. Expect the tool to probe the same territory as the five core principles: who owns each model, how bias testing is documented, whether consumer facing AI discloses itself, and how data privacy is handled end to end. Agencies that already maintain a model inventory and testing log will answer a standardized questionnaire far faster than agencies reconstructing records under exam pressure, since the tool rewards documentation that already exists rather than testing knowledge on the spot.

What core steps can an insurance agency target to operationalize trustworthy AI standards?

An agency operationalizes trustworthy AI through four concrete artifacts: a written AI Systems Program acknowledged by leadership, a master model inventory with risk tiers, documented bias mitigation testing, and escalation records tied to conversation logs. These four elements map directly onto NAIC Model Bulletin expectations.

A practical build sequence looks like this:

  1. Inventory every AI touchpoint first, from a website chat widget to an outbound dialer to underwriting support tools.
  2. Assign an internal owner and risk tier to each system before writing a single policy sentence.
  3. Draft the written AI Systems Program around the five core principles, then route it for board or senior management acknowledgment.
  4. Establish a testing cadence for bias and error, not a single pre launch check.
  5. Build escalation logging so every AI to human handoff is timestamped and retrievable.

Agencies that treat this as a live operating document, updated as tools are added or retired, spend far less time reconstructing history when an examiner or the new evaluation tool comes calling.

Does state AI regulation apply to marketing calls and lead outreach, not just underwriting?

Yes, state AI regulatory expectations apply to marketing and lead outreach exactly as they apply to underwriting, pricing, and claims. Unfair trade practices statutes cover AI assisted decisions across the full distribution chain, so an AI dialer or chatbot answering leads carries the same governance duty as a pricing model.

This matters because speed to lead is where most agencies first deploy AI, often before governance catches up. Buyers overwhelmingly favor whichever provider reaches them first, which is exactly why agencies rushed AI answering and texting into the front office. Kadence's voice layer answers, texts, and schedules a follow up for every inbound lead within roughly ten seconds, day or night, while checking the number against consent records and Do Not Call suppression before the call connects, folding governance into the same motion that wins the lead rather than treating it as a separate step. An agency running its own DIY dialer script should build that same consent and suppression check into the workflow before scaling call volume, not after a complaint surfaces it. Agencies rethinking speed to lead more broadly can also review how instant lead response changes conversion economics as part of the same governance conversation.

What should a written AI Systems Program actually include?

A written AI Systems Program should include governance roles, a model inventory, testing protocols for bias and error, incident escalation procedures, and a board or senior management sign off requirement. Under the NAIC Model Bulletin, this single document is typically the first artifact regulators request during an inquiry.

Beyond the five required elements, a program that holds up under scrutiny usually separates responsibilities by role: who approves a new AI tool before it touches a consumer, who reviews bias testing results quarterly, and who owns the escalation log when an AI interaction gets flagged. Agencies that write this program once and never revisit it tend to fail the accountability principle specifically, since an outdated ownership list is itself evidence of weak governance. Pairing the written program with a single system of record for leads, calls, and commission data, the kind of consolidated pipeline a CRM built for life distribution provides, makes it far easier to pull the evidence a regulator or the new evaluation tool will ask for.

FAQ

Sources

State AI Regulation and Insurance AI Adoption, 2025-2026

Metric Value
States adopting NAIC Model Bulletin (late 2025) 23 states plus Washington, D.C.
U.S. states with AI governance guidance (early 2026) Over 50%
Health insurers using or planning AI 92%
Auto insurers using, planning, or exploring AI 88%
Home insurers using or planning AI 70%
Life insurers using or expecting AI use 58%
Health insurers not regularly bias-testing models Approximately 33%
Agency principals saying AI improves efficiency 50%

Frequently asked questions

Does the NAIC Model Bulletin create new insurance law?

No, the NAIC Model Bulletin doesn't create new law; it codifies existing expectations under laws like the Unfair Trade Practices Act, directing insurers and agencies to document governance, testing, and accountability for AI systems already subject to state oversight.

What happens if an agency has no AI Systems Program during an exam?

An agency without a written AI Systems Program faces direct audit exposure, since regulators plan to apply NAIC's AI Systems Evaluation Tool questionnaire during market conduct exams starting in 2026, and missing documentation signals unmanaged risk under existing unfair trade practices statutes.

Can a small independent agency skip AI governance if it only resells a carrier's AI tools?

No, a small independent agency can't skip AI governance because liability for a vendor's AI tool never transfers to the vendor; the licensed agency stays accountable for transparency, fairness, privacy, and safety failures under state law regardless of who built the system.

How many U.S. states now expect some form of AI governance from insurance agencies?

Over 50% of U.S. states had adopted the NAIC Model Bulletin or similar AI governance guidance by early 2026, up from 23 states plus Washington, D.C. in late 2025, meaning most licensed agencies now operate under some codified form of AI oversight.

Share

Written by

Kadence Team

Kadence is AI built to grow life insurance distribution, front to back office, purpose-built for producers, agencies, and IMO/FMO networks. We write about speed to lead, AI search, back-office tracking, and the systems that help producers and agencies win more policies.

Reviewed by the Kadence Team.

Book a demo

Book a demo

A founder replies within 1 business day.

Or email us directly at hi@startkadence.com