Artificial intelligence is offering US insurers a plethora of new opportunities, driving transformation in risk assessment, customer engagement and operational efficiency. Despite recent efforts to bring AI regulation under federal auspices, oversight remains characterised by a fragmented and largely state-driven regulatory environment.
The US insurance industry is on the cusp of a broad AI-driven transformation. Generative AI, deep learning and autonomous systems are being deployed to streamline claims processing, personalise pricing, detect fraud, and enhance customer service. According to a 2024 Deloitte survey, 76% of US insurance firms have implemented GenAI in at least one business function, with the focus shifting from pilot projects to firm-wide integration in 2025.
Despite this shift, scaling AI remains problematic for insurers across the country, with data security, privacy, integration hurdles, a skills gap, and – above all else – regulatory complexity and uncertainty among the challenges faced by carriers operating in the market.
A patchwork of regulation
Unlike the EU and certain APAC jurisdictions, the US lacks a unified federal regime for AI in insurance. Instead, oversight is characterised by a complex system of federal agency guidance and state legislation. The Consumer Financial Protection Bureau, Federal Trade Commission, and Office of the Comptroller of the Currency have all issued AI oversight statements relating to fairness, bias and consumer rights, but no binding federal framework exists.
The One Big Beautiful Bill Act, signed into law in July 2025, includes broad AI-related provisions but does not specifically regulate AI use in insurance. Earlier drafts proposed a 10-year federal moratorium banning states from enforcing AI laws or regulations, which would have paused nearly all state-level AI insurance rules. However, this moratorium was removed after Senate opposition, allowing states to retain authority over AI regulation, including in insurance. The bill primarily focuses on federally funded investments in AI infrastructure, and imposes strict limits on foreign influence in the AI supply chain, but contains no direct provisions addressing AI governance, transparency, bias or consumer protections specific to insurance.
In the absence of overarching federal AI law, states continue to pursue their own approaches, resulting in a patchwork of rules. For instance, Colorado and Utah have passed AI transparency and consumer protection laws, while California’s AI Transparency Act comes into effect in January 2026.
At the national level, the National Association of Insurance Commissioners (NAIC) provides model guidelines to foster consistent best practices specific to the insurance industry. The organisation’s Model Bulletin on the Use of Artificial Intelligence Systems by Insurers, adopted in December 2023 and embraced by 24 states thus far, sets a comprehensive framework for responsible AI use in the industry. It requires insurers to establish and maintain a documented AI governance programme that governs how AI is developed, implemented, monitored and overseen across the insurance lifecycle, including underwriting, pricing, claims, fraud detection and customer engagement.
Key principles guiding the NAIC framework include transparency, accountability, fairness, risk management, privacy and a human-centric approach, aligned with international AI norms including the OECD AI Principles and the EU AI Act. The AIS Program must be tailored to the insurer’s AI usage and the potential risks to consumers, with senior management accountable and ongoing auditing, testing and monitoring to mitigate biases, errors and unfair discrimination.
Insurers are expected to document their AI systems thoroughly, including third-party vendor due diligence, contracts, validating and testing records and risk mitigation processes. Regulators will scrutinise these frameworks during examinations, emphasising governance, transparency and risk controls. The NAIC is also exploring a potential model law to codify AI requirements uniformly across states, requesting stakeholder input on issues like governance scope and third-party oversight.
As of March 2025, the following jurisdictions had adopted AI insurance regulations or issued bulletins aligned with the NAIC Model Bulletin: Alaska, Arkansas, Connecticut, Delaware, DC, Illinois, Iowa, Kentucky, Maryland, Massachusetts, Michigan, Nebraska, Nevada, New Hampshire, New Jersey, North Carolina, Oklahoma, Pennsylvania, Rhode Island, Vermont, Virginia, Washington, West Virginia, and Wisconsin. Since then, four additional states have issued AI-related insurance guidance, though they have not formally adopted the NAIC bulletin. Texas has some AI-related guidance but no specific AI insurance regulations at the time of writing. Other states have neither formal AI insurance rules nor have adopted the NAIC model, while several currently have AI-related bills under consideration.
Global Influence
While the US regulatory environment remains decentralised, international models – in particular the EU AI Act’s risk-based approach and APAC’s sector-specific guidance – are shaping strategic thinking among US insurers.
The US insurance industry stands at a crossroads. To unlock the full promise of AI, insurers will need to navigate the evolving regulatory landscape, embrace best practices in governance and transparency, and invest in people and processes that foster innovation while building trust. By proactively engaging with regulators and industry bodies, US insurers can help shape a regulatory landscape that underpins both responsible AI deployment and the next era of industry growth.
