What is the NAIC Model Bulletin on AI?

The NAIC Model Bulletin on the Use of Artificial Intelligence Systems by Insurers is the single most important document for understanding how AI is regulated in U.S. insurance. The National Association of Insurance Commissioners adopted it on December 4, 2023, and state regulators have been issuing their own versions of it ever since.

It is worth being precise about what the bulletin is. The NAIC is a coordinating body for state insurance regulators, not a legislature. A model bulletin is a template. It carries weight only once a state department of insurance adopts it, which is why this topic is best understood state by state. Michigan, for example, adopted it verbatim in August 2024.

The bulletin does not create new law

The most common misread is that the bulletin invents new rules for AI. It does not. Its central message is simple: the laws already on the books apply to every decision an AI system touches.

If an algorithm helps decide a rate, an underwriting outcome, or a claim, that decision still has to satisfy unfair trade practice standards, unfair discrimination standards, and rating laws. An insurer cannot point to a model or a vendor as the reason a consumer was treated unfairly. The duty to comply travels with the decision, regardless of the tool that produced it.

The four-part structure

Every adopting state's bulletin follows the same shape:

1. Introduction and legislative authority. Grounds the bulletin in laws the department already enforces.
2. Definitions. Fixes the terms that carry legal weight, including AI System, Adverse Consumer Outcome, and Model Drift. These regulatory definitions matter, because they decide what the rest of the document applies to.
3. Regulatory guidance and expectations. Sets the expectation that every insurer maintain a written AIS Program.
4. Regulatory oversight and examination considerations. Lists the documentation a department can request during an investigation or market conduct exam.

The AIS Program is the deliverable

Section 3 is where the work lives. It asks every insurer to develop, implement, and maintain a written AI Systems Program, usually shortened to AIS Program. It is the first artifact a regulator looks for, and its expected strength scales with the harm a given model could cause a consumer.

The program covers governance, risk management and internal controls, and third-party oversight. The bulletin draws heavily on the NAIC AI Principles adopted in 2020, which explain the reasoning behind each expectation.

Why Section 4 deserves attention

Section 4 is the part insurers underestimate. It lists exactly what an examiner can ask for: the written program, a model inventory, model-level documentation, data lineage, and third-party contracts and diligence. Treating that list as a standing requirement, rather than something to assemble under pressure, is what makes a program hold up when a regulator comes asking.

This is where an audit trail becomes the practical foundation of compliance. As regulatory scrutiny shifts from principles toward proof, the ability to show how a control was implemented, tested, and enforced is what holds up under examination.

How Swept AI helps

Swept AI supervises AI systems in production and produces the evidence the bulletin asks for. Continuous evaluation, monitoring, and certification turn an AIS Program from a binder into documentation an examiner can read. To see how that maps to your state, start with the Insurance AI Governance hub or talk to our team.