State insurance commissioners across North America are conducting detailed examinations of carrier underwriting algorithms. The questions are blunt: What variables does your algorithm use? How did you test for discrimination? Can you prove your pricing model doesn’t correlate with protected classes? If you can’t answer, you’re facing a market conduct examination—and possible exclusion from the state market.
Insurance regulators in 2026 have moved decisively from passive oversight to active algorithmic scrutiny. The shift is driven by four converging forces: advances in algorithmic bias detection, documented cases of AI pricing discrimination, state-level transparency laws, and political pressure to ensure fair access to insurance.
Carriers that deployed underwriting algorithms without rigorous bias testing, or without documenting their testing protocols, are now facing regulatory reckoning. This is the year the insurance industry’s relationship with AI changes fundamentally.
The Regulatory Scrutiny Accelerates
The New York Department of Financial Services, California Department of Insurance, and insurance regulators in Texas, Florida, and Colorado are all running examinations of how carriers use AI in underwriting and pricing. The common thread: they want evidence that the algorithms are not discriminatory.
Discrimination in insurance doesn’t have to be intentional. If an algorithm uses variables that proxy for protected classes—if it uses credit score as a proxy for race, or uses ZIP code as a proxy for income and family structure—the algorithm can produce disparate impact without ever explicitly using race, gender, or other protected classes in the decision logic.
Regulators are looking for: (1) documentation of the algorithm’s variables and decision logic; (2) testing for correlation with protected classes; (3) evidence that variables are actuarially justified (they genuinely predict risk, not just correlate with demographic groups); (4) appeal mechanisms when applicants challenge algorithmic decisions.
Carriers that can’t produce this documentation are facing enforcement actions. In Q1 2026 alone, three major carriers received formal inquiry letters demanding detailed algorithmic documentation. One carrier in California disclosed that it hadn’t tested its underwriting algorithm for racial correlation since deploying it three years earlier. That gap is now a regulatory matter.
The Underwriting Algorithm Governance Gap
Here’s where many carriers are vulnerable: they deployed underwriting algorithms that worked well—they reduced false positives, improved quote accuracy, accelerated underwriting—without building robust governance around algorithmic bias testing and documentation.
Typical carrier AI governance included: (1) model validation (does it predict what we want?); (2) accuracy testing (how often is it right?); but NOT (3) bias testing (does it discriminate?). Model validation and accuracy testing are technical questions. Bias testing is a regulatory question, and many carriers didn’t allocate resources to it.
Even carriers that did bias testing often didn’t document it. They ran analyses internally, saw no obvious correlation with race or gender, and called the algorithm fair. But when regulators ask “show me the testing,” these carriers can’t produce systematic documentation of bias testing protocols, sample sizes, statistical confidence intervals, or remediation steps taken when bias was detected.
That documentation gap is now the regulatory liability. Even if an algorithm is actually fair, the inability to prove it to regulators creates enforcement risk.
The specific areas of vulnerability:
Variable justification: Carriers must be able to prove that each variable in the underwriting algorithm is actuarially justified—it genuinely predicts risk difference. Credit score is heavily used in underwriting, but regulators are asking: does credit score predict insurance loss, or is it a demographic proxy? Some carriers can’t clearly separate the two.
Disparate impact testing: Carriers must test whether the algorithm produces systematically worse outcomes for protected classes. This requires demographic data on applicants and systematic analysis of approval rates, premium levels, and claim outcomes by demographic group. Many carriers haven’t done this. They assume the algorithm is fair because they didn’t build discrimination into the logic, but that’s not enough regulatorily.
Vendor algorithm risk: Some carriers use third-party AI underwriting vendors. Carriers are responsible for ensuring those vendor algorithms are non-discriminatory, but many carriers haven’t required vendors to provide bias testing documentation. Regulators now ask: did you require your vendors to test for bias? Many carriers answer: no, we didn’t think to ask.
Algorithmic drift: Algorithms change over time as they’re retrained on new data. A 2023 version of an underwriting algorithm might have been fairly tested; the 2026 version retrained on new data might have drift toward bias. Carriers need ongoing bias testing, not one-time validation.
Claims AI and Algorithmic Disclosure
Beyond underwriting, regulators are scrutinizing how carriers use AI in claims handling. States are asking: what percentage of claims are routed to automated claims handling? What percentage are adjudicated entirely by algorithm without human review? If a claim is denied by algorithm, can the insured appeal to a human?
Carriers deploying AI claims handlers (chatbots, decisioning systems) without human appeal mechanisms are now facing questions about whether they’re violating claims handling standards that require “prompt investigation” and “fair settlement” practices.
This is driving carriers to implement disclosure protocols: when an applicant or claimant interacts with a carrier’s AI system, they should know they’re interacting with AI (not a human) and should have the right to escalate to human review.
The governance requirement: document which claims are handled by algorithm, which get human review, what appeal mechanism exists, and how often humans override algorithmic decisions. This transparency is becoming standard.
The Insurance Cyber Coverage Implication
Here’s a secondary effect worth noting: carriers are starting to clarify coverage for “AI system failure” and “algorithmic error.” A carrier’s underwriting algorithm fails (produces systematically wrong quotes). Does the carrier’s cyber insurance cover the financial impact? What about business interruption from system outages?
Standard cyber policies don’t clearly cover algorithmic discrimination liability. If a carrier’s algorithm produces discriminatory outcomes and results in regulatory fines, is that covered under E&O insurance? Cyber insurance? General liability? These questions aren’t settled, and carriers are now shopping for coverage clarity.
This creates an emerging market: cyber coverage specifically for algorithmic errors, AI system failures, and algorithmic discrimination liability. Carriers using AI in critical decisions should be evaluating this coverage gap.
Building Algorithmic Accountability: The 2026 Framework
Carriers that move decisively in 2026 on algorithmic governance will outpace competitors in regulatory confidence. Here’s the framework:
Algorithm Inventory and Documentation: Document every AI system used in underwriting and claims. For each: variable list, decision logic, training data date, accuracy metrics, bias testing protocols, bias testing results, and date of last bias retest.
Bias Testing Protocol: Establish a systematic protocol for testing underwriting algorithms for racial, gender, and age correlation. Test annually or after material model updates. Use statistical methods to test for disparate impact (do approval rates or premiums differ significantly by demographic group?). Document results.
Variable Actuarial Justification: For each variable in the underwriting algorithm, document actuarial justification: why does this variable predict loss? What’s the correlation with actual claim history? Is this correlation independent of demographic correlation? If a variable correlates with race/gender primarily through demographic proxy, remove it or rebuild it to isolate risk signal from demographic signal.
Appeal Mechanism Transparency: Clearly disclose to applicants and claimants: (1) that algorithmic decisions are being made; (2) what mechanism exists to appeal or escalate; (3) that human review is available. This isn’t optional—it’s becoming regulatory standard.
Vendor Governance: Require third-party AI vendors to provide bias testing documentation. Don’t accept vendor assurances that “the algorithm is fair”; demand statistical evidence. Include algorithm audit rights in vendor contracts.
Board and Audit Committee Oversight: Ensure algorithmic governance is elevated to board/audit level. Annual reporting on algorithmic inventory, bias testing results, regulatory inquiries, and remediation actions. This signals to regulators that the carrier is serious about algorithmic accountability.
The Regulatory Acceleration Timeline
In 2026, the regulatory scrutiny is accelerating. We expect:
Q2-Q3 2026: More state DOI examinations of carrier algorithms. Formal inquiry letters to carriers lacking bias testing documentation.
Q4 2026: Possible NAIC (National Association of Insurance Commissioners) model regulation on algorithmic transparency and bias testing, driving multi-state guidance.
2027: Likely state-level algorithmic transparency laws (similar to California’s AI Transparency Act) specifically targeting insurance underwriting and pricing.
Carriers building algorithmic governance now—establishing bias testing protocols, documenting all testing results, elevating oversight to the board—will move smoothly through future examinations. Carriers without this framework will face enforcement risk.
Related Reading: