# What are the NAIC AI Principles? _The NAIC AI Principles, adopted in 2020, are the foundation beneath every state AI bulletin. The five principles spell FACTS: Fair, Accountable, Compliant, Transparent, and Secure._ Before there was a [model bulletin](/naic-model-bulletin-ai), there were the principles. The NAIC adopted its AI Principles in August 2020, and they remain the foundation beneath every state bulletin that followed. Understanding them makes the rest of the framework click into place, because each later requirement is a principle made concrete. The five principles are easiest to remember by the mnemonic **FACTS**. ## Fair and Ethical (F) AI should respect the rule of law across its whole life cycle, and it should avoid proxy discrimination against protected classes. This is the principle behind the bulletin's insistence that AI-driven decisions cannot be unfairly discriminatory, even when the discrimination is unintended. Work on [bias and fairness](/ai-bias-fairness) traces directly back here. ## Accountable (A) The people and organizations behind an AI system are responsible for how it behaves, including outcomes they did not intend. There is no hiding behind the algorithm. Accountability is why the [AIS Program](/ais-program) expects named ownership and board-level oversight. ## Compliant (C) AI systems must follow the insurance laws of every jurisdiction they touch, whether a violation is intentional or not, and compliance is treated as an ongoing process rather than a one-time check. This is the principle that makes [state-by-state](/insurance-ai-governance) adoption matter so much. ## Transparent (T) Stakeholders and regulators should be able to inquire about and seek recourse for AI-driven decisions, with explanations they can actually understand. The principle balances disclosure against an insurer's right to protect proprietary models, which is why [explainability](/ai-explainability) is a recurring theme in examinations. ## Secure, Safe, and Robust (S) Systems should be traceable and resilient across their life cycle, with continuous, systematic risk management. In practice this is converging with cybersecurity: the access controls, change management, and monitoring an insurer already runs for critical systems are exactly what regulators now expect around models. ## Why the principles still matter The principles are guidance, not law. They do not impose liability on their own. But they are the reference point regulators return to, and they explain the why behind every expectation in the bulletin. When an examiner asks how a control protects fairness or supports accountability, they are testing the principles in operational form. For insurers, the practical move is to map your [AIS Program](/ais-program) back to these five ideas, so every control has a clear reason to exist. Swept AI helps turn that mapping into evidence. [See how it works](/offering/governance-and-certification), or explore the requirements for [your state](/insurance-ai-governance/michigan).