2025 NAIC Spring National Meeting: H Committee Recap

In March, the National Association of Insurance Commissioners (NAIC) met in Indianapolis to discuss various topics. The overall theme of the Innovation, Cybersecurity, and Technology (H) Committee and the Big Data and Artificial Intelligence (H) Working Group centered around the use of artificial intelligence (AI) and machine learning (ML).

AI/ML Survey

The Big Data and AI (H) Working Group provided an update on the AI/ML Survey. As a reminder, the purpose of the AI/ML Survey is to understand the current status of AI/ML use by comprehensive major medical and student health insurers, gain insight into the role third parties play in the development and use of AI, gain an understanding of health insurers’ AI governance frameworks, and review alignment of health insurers’ AI governance frameworks with NAIC AI Principles and Model Bulletin. Sixteen states participated in the Health Survey. The AI adoption among the four lines of insurance are as follows:

The responses as to which reason best describes why life insurers are not using AI included the following: no compelling business reason, waiting for regulatory guidance, lack of resources, legacy systems requiring upgrades, waiting on third-party vendor products, and risk not commensurate with current strategy.

The top ML techniques included Ensemble, Decision Trees, Clustering, Rule System, Deep Learning, and Large Language Models.

When asked about third-party data usage, including development of AI/ML systems, 78 insurers responded as follows:

Regulatory Framework for the Use of AI Systems

The Big Data and AI (H) Working Group provided an update on the AI Systems Regulatory Framework. As a reminder, the roadmap is as follows:

Currently, there are several states in Step 2 of the roadmap exploring AI evaluations. The goals of Step 2 are to provide regulators with an efficient, standardized data collection tool(s) to use in an investigation or exam that helps identify and assess financial and market risk associated with AI use and to provide insurance companies with guidance and/or tool(s) that align with regulatory expectations on AI use to ensure development, implementation, and monitoring follow safe and fair practices.

Step 3 of the roadmap, Regulatory Oversight and Accountability, is also scheduled for 2025 and includes the following goals and tasks:

Responsible AI Framework

Travelers presented on the responsible use of AI to the Innovation, Cybersecurity, and Technology (H) Committee. The suggested framework included four topics: People-Centric, Fair, Responsible, and Trustworthy. They stated that AI is designed to augment, enhance or replace the human decision-making process but is also subject to appropriate human oversight and judgment. It should be implemented in a way that respects privacy and applies appropriate security controls. The AI framework should be lawful and provide fair access to products without unlawfully discriminating based on legally protected characteristics. It should also be governed and monitored to ensure that AI models function as intended. Lastly, it must be transparent, explainable, and proportional.

Update on Federal Activities Related to AI, Cybersecurity, and Technology

Shana Oppenheim of the NAIC presented an update on federal AI, cybersecurity, and technology activities. The Trump administration nominated Sean Plankey to lead the Cybersecurity and Infrastructure Security Agency. The Insurance Cybersecurity Act of 2025 has been introduced in Congress, which requires the National Telecommunications and Information Administration to establish a working group on cyber insurance that provides guidance to issuers, customers, and state regulators.

Looking Ahead

The discussions at the NAIC’s recent meetings highlight a growing focus on the responsible use of AI and the need for clear regulatory guidance. As insurers across health, auto, home, and life lines continue to explore and adopt AI technologies, they must also be mindful of evolving expectations around transparency, fairness, and oversight. These developments underscore the importance of having strong cybersecurity and data governance practices in place. For insurance companies, staying informed and prepared will be key to navigating this shifting landscape and meeting both regulatory and consumer expectations.