Insurance Bulletin No. 229Adopted

AI governance for Vermont insurers

The Vermont Department of Financial Regulation issued Insurance Bulletin No. 229 on March 12, 2024, adopting the NAIC Model Bulletin on the Use of AI Systems by Insurers. It reminds every insurer that holds a certificate of authority that decisions and actions impacting consumers must comply with applicable insurance laws, including those on unfair trade practices and unfair discrimination, regardless of the methods used to make them. The bulletin expects each insurer to maintain a written AIS Program and lets that program rely, in whole or in part, on a recognized framework such as the NIST Artificial Intelligence Risk Management Framework, Version 1.0. It recognizes the NAIC's 2020 AI Principles as an appropriate source of guidance and preserves the Department's market conduct examination authority.

Talk to an expert Explore the hub

BulletinNo. 229

IssuedMarch 12, 2024

EffectiveUpon issuance

BasisNAIC model bulletin

What Vermont expects from your AIS Program

Vermont adopted the NAIC model with some changes. The four pillars below are the shared foundation.

Governance

A written program with clear ownership. Senior management is accountable to the board, and a cross-functional body oversees AI across its whole life cycle.

Risk Management & Internal Controls

Controls at every stage of the model life cycle, from data sourcing through retirement, sized to the potential harm to consumers.

Third-Party AI Systems & Data

The insurer stays responsible for AI it did not build. Vendor relationships need diligence, contract rights, and the ability to produce evidence.

Documentation & Audit-Readiness

Section 4 spells out what an examiner can ask for. Treating that list as a standing requirement is what keeps a program defensible.

Legal authority

Vermont's DFR grounds the bulletin in laws it already enforces:

Insurance Trade Practices8 V.S.A. §§ 4721-4724 and 4727
Corporate Governance Annual Disclosure8 V.S.A. § 3316 (CGAD)
Insurance Rate Requirements (Rating Laws)8 V.S.A. §§ 3861 and 4685

Who it applies to

The bulletin reaches every entity holding a Vermont certificate of authority, including:

Property and casualty insurers
Life and annuity insurers
Health insurers
All other entities holding a Vermont certificate of authority

State-specific changes: Vermont tracks the NAIC model and expressly allows the AIS Program to adopt or rely on a third-party framework such as the NIST AI Risk Management Framework, Version 1.0. The core program expectations match the national framework.

Learn the basics

Resources for Vermont insurers

Start with these plain-language explainers and field guides.

Guide

What is the NAIC Model Bulletin on AI?

The NAIC Model Bulletin on the Use of AI Systems by Insurers is the template most states use to set AI governance expectations. Here is what it says and why it matters.

Guide

What is an AIS Program?

An AI Systems Program (AIS Program) is the written program the NAIC Model Bulletin expects every insurer to maintain. Here are its four pillars and what each one requires.

Guide

What are the NAIC AI Principles?

The NAIC AI Principles, adopted in 2020, are the foundation beneath every state AI bulletin. The five principles spell FACTS: Fair, Accountable, Compliant, Transparent, and Secure.

Guide

AI in Insurance: Key Regulatory Definitions

The NAIC Model Bulletin defines the terms that carry legal weight, from AI System to Adverse Consumer Outcome to Model Drift. Here is what each one means for insurers.

Article

Insurance Regulators Are Forcing AI Governance. Most Carriers Aren't Ready.

State insurance regulators and bar associations are sounding the alarm on AI in insurance. Legal and regulatory pressure is forcing insurers to operationalize AI governance, not just document it.

Article

The NAIC Bulletin Is the Floor Your Reinsurer Will Hold You To

Twenty-four jurisdictions have adopted the NAIC Model Bulletin on AI. Most carrier compliance teams are working to the regulatory text. Their reinsurers will use the same document as an evidentiary baseline at the next placement, and the cedent that meets the floor and stops there is preparing for the wrong audience.

Vermont AI governance FAQs

What is Vermont Insurance Bulletin No. 229?

It is the bulletin the Vermont Department of Financial Regulation issued on March 12, 2024 adopting the NAIC Model Bulletin on the Use of AI Systems by Insurers. It tells insurers that existing Vermont insurance laws apply to any decision an AI system touches and expects each insurer to maintain a written AIS Program that can rely on a recognized standard such as the NIST AI Risk Management Framework, Version 1.0.

Which companies have to comply in Vermont?

Any insurer that holds a certificate of authority to do business in Vermont, across property and casualty, life, and health lines. The bulletin is not limited to a single line of business.

Does the bulletin allow the NIST AI Risk Management Framework?

Yes. Bulletin No. 229 lets an insurer's AIS Program adopt, incorporate, or rely upon, in whole or in part, a framework developed by an official third-party standards organization such as the NIST Artificial Intelligence Risk Management Framework, Version 1.0.

How will Vermont enforce it?

Through existing authority. The bulletin grounds itself in the Insurance Trade Practices laws (8 V.S.A. §§ 4721-4724 and 4727), the claims settlement standards, the Rating Laws, and the Corporate Governance Annual Disclosure Act (8 V.S.A. § 3316), and preserves market conduct examination authority under 8 V.S.A. §§ 3573 and 3574 and the NAIC Market Regulation Handbook.

How does a Vermont insurer get ready?

Stand up a written AIS Program covering governance, risk management and internal controls, and third-party oversight, then keep model inventories, validation records, and a clear data-to-decision trail examination-ready.

Sources

Get audit-ready for Vermont Bulletin No. 229

Swept AI supervises your models and produces the AIS Program evidence Vermont examiners can request.

Book a demo Explore the platform