AI Regulations Reshaping the Insurtech Landscape

The Impact of AI Regulations on Insurtech

Insurtech is steeped in artificial intelligence (AI), leveraging the technology to improve insurance marketing, sales, underwriting, claims processing, fraud detection, and more. Insurtech companies are likely only scratching the surface of what is possible in these areas. In parallel, the regulation of AI is expected to create additional legal considerations at each step of the design, deployment, and operation of AI systems working in these contexts.

Legal Considerations and AI Exposure

As with data privacy regulations, the answer to the question “Which AI laws apply?” is highly fact-specific and often dependent on the model’s exposure or data input. Applicable laws tend to trigger based on the types of data or location of the individuals whose data is leveraged in training the models rather than the location of the designer or deployer. As a result, unless a model’s use is strictly narrowed to a single jurisdiction, there is likely to be exposure to several overlapping regulations (in addition to data privacy concerns) impacting the design and deployment of an Insurtech AI model.

Managing Regulatory Risk in AI Design

Given this complexity, the breadth of an Insurtech AI model’s exposure can be an important threshold design consideration. Companies should adequately assess the level of risk from the perspective of limiting unnecessary regulatory oversight or creating the potential for regulatory liabilities, such as penalties or fines. For instance, an Insurtech company leveraging AI should consider if the model in question is intended to be used for domestic insurance matters only and if there is value in leveraging data related to international data subjects. Taking steps to ensure that the model has no exposure to international data subjects can limit the application of extraterritorial, international laws governing AI and minimize the potential risk of leveraging an AI solution. On the other hand, if exposure to the broadest possible data is desirable from an operations standpoint, for instance, to augment training data, companies need to be aware of the legal ramifications of such decisions before making them.

Recent State-Level AI Legislation

In 2024, several U.S. states passed AI laws governing the technology’s use, several of which can impact Insurtech developers and deployers. Notably, state-level AI bills are not uniform. These laws range from comprehensive regulatory frameworks, such as Colorado’s Artificial Intelligence Act, to narrower disclosure-based laws such as California’s AB 2013, which will require AI developers to publicly post documentation detailing their model’s training data. Several additional bills relating to AI regulation are already pending in 2025, including:

  • Massachusetts’ HD 3750: Would require health insurers to disclose the AI use including, but not limited to, in the claims review process and submit annual reports regarding training sets as well as an attestation regarding bias minimization.
  • Virginia’s HB 2094: Known as the High-Risk Artificial Intelligence Developer and Deployer Act, would require the implementation of a risk management policy and program for “high-risk artificial intelligence systems,” defined to include “any artificial intelligence system that is specifically intended to autonomously make, or be a substantial factor in making, a consequential decision (subject to certain exceptions).
  • Illinois’ HB 3506: Among other things, this bill would require developers to publish risk assessment reports every 90 days and to complete annual third-party audits.

The Growing Importance of Compliance

With the federal government’s evident step back in pursuing an overarching AI regulation, businesses can expect state authorities to take the lead in AI regulation and enforcement. Given the broad and often consequential use of AI in the Insurtech context, and the expectation that this use will only increase over time given its utility, businesses in this space are advised to keep a close watch on current and pending AI laws to ensure compliance. Non-compliance can raise exposure not only to state regulators tasked with enforcing these regulations but also potentially to direct consumer lawsuits. Being well-positioned for compliance is also imperative for the market from a transactional perspective.

The Insurtech space is growing in parallel with the expanding patchwork of U.S. AI regulations. Prudent growth in the industry requires awareness of the associated legal dynamics, including emerging regulatory concepts across the nation.

More Insights

AI Regulations: Comparing the EU’s AI Act with Australia’s Approach

Global companies need to navigate the differing AI regulations in the European Union and Australia, with the EU's AI Act setting stringent requirements based on risk levels, while Australia adopts a...

Quebec’s New AI Guidelines for Higher Education

Quebec has released its AI policy for universities and Cégeps, outlining guidelines for the responsible use of generative AI in higher education. The policy aims to address ethical considerations and...

AI Literacy: The Compliance Imperative for Businesses

As AI adoption accelerates, regulatory expectations are rising, particularly with the EU's AI Act, which mandates that all staff must be AI literate. This article emphasizes the importance of...

Germany’s Approach to Implementing the AI Act

Germany is moving forward with the implementation of the EU AI Act, designating the Federal Network Agency (BNetzA) as the central authority for monitoring compliance and promoting innovation. The...

Global Call for AI Safety Standards by 2026

World leaders and AI pioneers are calling on the United Nations to implement binding global safeguards for artificial intelligence by 2026. This initiative aims to address the growing concerns...

Governance in the Era of AI and Zero Trust

In 2025, AI has transitioned from mere buzz to practical application across various industries, highlighting the urgent need for a robust governance framework aligned with the zero trust economy...

AI Governance Shift: From Regulation to Technical Secretariat

The upcoming governance framework on artificial intelligence in India may introduce a "technical secretariat" to coordinate AI policies across government departments, moving away from the previous...

AI Safety as a Catalyst for Innovation in Global Majority Nations

The commentary discusses the tension between regulating AI for safety and promoting innovation, emphasizing that investments in AI safety and security can foster sustainable development in Global...

ASEAN’s AI Governance: Charting a Distinct Path

ASEAN's approach to AI governance is characterized by a consensus-driven, voluntary, and principles-based framework that allows member states to navigate their unique challenges and capacities...