The insurance laws regulating artificial intelligence in the United States are still emerging, but one statute stands out as the first comprehensive, binding AI‑in‑insurance law in the country: Colorado SB21‑169. Several other states are exploring similar frameworks, but Colorado remains the clearest example of a fully enacted, enforceable regime governing insurers’ use of algorithms, predictive models, and external consumer data.
The description below gives you a structured, practitioner‑ready overview of how U.S. insurance law is beginning to regulate AI, anchored by Colorado’s statute and supported by current authoritative sources.
Colorado SB21‑169 — the first U.S. insurance AI law
Colorado’s SB21‑169, titled Restrict Insurers’ Use of External Consumer Data and Information Sources, is the nation’s first law explicitly regulating insurers’ use of AI, algorithms, predictive models, and external consumer data. It prohibits insurers from engaging in unfair discrimination through these tools and requires them to demonstrate that their models do not produce discriminatory outcomes.
Core elements
- Prohibition on unfair discrimination: Insurers may not use external consumer data, algorithms, or predictive models in ways that unfairly discriminate based on protected characteristics such as race, color, national or ethnic origin, religion, sex, sexual orientation, disability, gender identity, or gender expression.
- Applies to all insurance practices: Underwriting, pricing, marketing, claims, and other insurance functions are covered.
- Governance and testing obligations: Insurers must maintain governance programs, conduct testing, and document how their models avoid discriminatory outcomes.
- Reporting requirements: Life insurers using external consumer data or predictive models must report progress to the Division of Insurance and be prepared to prove non‑discriminatory outcomes by December 1, 2024.
- Regulatory authority: The Commissioner of Insurance is empowered to adopt rules, require documentation, and impose penalties, including potential license revocation.
Policy rationale
Colorado enacted SB21‑169 to address the risk that AI‑driven underwriting and pricing could unintentionally produce proxy discrimination, even when protected characteristics are not explicitly used. The law reflects growing concern that big data and machine learning can embed or amplify bias.
How SB21‑169 fits into the broader U.S. landscape
While Colorado is the only state with a fully enacted, AI‑specific insurance law, several states are moving in the same direction. The emerging pattern includes:
- Anti‑discrimination frameworks targeting AI and data models
States are increasingly concerned about algorithmic bias in insurance. Colorado’s model is likely to influence future legislation because it directly regulates outcomes, not just inputs.
- Regulator‑driven guidance and rulemaking
Even without statutes, many state insurance departments are issuing bulletins or guidance on AI governance, model risk management, and fairness testing. These are not yet binding laws but signal future regulatory expectations.
- Integration with broader AI or consumer‑protection laws
Some states are considering cross‑sector AI bills that would apply to insurers, including requirements for transparency, impact assessments, and risk‑mitigation measures.
- Federal interest
Federal agencies (FTC, CFPB, EEOC, and Treasury) have signaled interest in algorithmic fairness in financial services, but no federal insurance‑specific AI law exists.
Why Colorado’s law matters for insurers and vendors
SB21‑169 is reshaping compliance expectations across the insurance sector:
- Model governance becomes mandatory, not optional.
- Outcome‑based fairness testing is required, not just documentation of inputs.
- Vendors and third‑party model providers must support insurers’ compliance obligations.
- Enterprise‑wide AI governance is becoming the norm, even in states without similar laws, because insurers prefer uniform internal standards.
What to watch next
Several states—including New York, California, and Connecticut—are evaluating AI‑in‑insurance frameworks that could follow Colorado’s lead. The NAIC is also developing model guidance on AI governance, which may eventually evolve into a formal model law.