By Sean Dilweg
Former Wisconsin Insurance Commissioner

Artificial intelligence is rapidly moving from experimentation to operational reality across the insurance industry. Insurers are deploying AI in underwriting, claims management, fraud detection, customer service and pricing models at a pace few would have predicted even three years ago.

At the same time, policymakers in Washington continue debating what federal AI regulation should look like, whether it should exist at all, and who should lead it.

Meanwhile, state insurance regulators are already moving.

Having served as a state insurance commissioner during the financial crisis, I learned that regulators rarely have the luxury of waiting for perfect federal coordination when risks begin affecting consumers and markets in real time. Insurance regulators are expected to act. That is exactly what is beginning to happen with artificial intelligence.

The recent NAIC Spring National Meeting made clear that insurance regulators are moving beyond broad discussions about “responsible AI” and into something far more operational: examination frameworks, governance expectations, model oversight and bias testing requirements.

The NAIC’s Big Data and Artificial Intelligence (H) Working Group is currently piloting an AI Systems Evaluation Tool across multiple states with the intention of refining the framework for broader use.

That may sound technical, but the implications are significant.

Insurance companies should understand that regulators are no longer simply asking whether AI improves efficiency. They are increasingly asking whether insurers can:

• explain how models make decisions,
• document governance structures,
• monitor model drift,
• identify discriminatory outcomes,
• oversee third-party vendors,
• and demonstrate board-level accountability.

That is a very different conversation.

One of the more striking aspects of the NAIC discussions is how quickly the framework is evolving toward enterprise governance expectations that resemble modern banking model-risk oversight. Regulators are discussing formal “AI model cards,” bias testing methodologies, protected-class inference analysis, complaint tracking and external vendor auditability.

This reflects an important reality: insurers are no longer just users of AI. They are becoming risk managers of AI itself.

That distinction matters because insurance has always operated differently from most industries. Insurers are not merely technology adopters. They are financial institutions with public obligations tied directly to fairness, solvency and consumer protection.

When an AI model influences:

• underwriting eligibility,
• premium pricing,
• claims handling,
• fraud investigations,
• or policy renewals,

regulators inevitably become involved.

And absent a comprehensive federal framework, state regulators are stepping into that role.

Some in the industry worry that state-by-state AI oversight could create fragmentation, duplicative requests and inconsistent standards. Those are legitimate concerns. In fact, industry trade groups raised precisely those issues during the recent NAIC discussions.

But history suggests that insurance regulators are unlikely to defer action simply because federal policymakers remain divided.

Insurance regulation has always evolved through state experimentation first:

• solvency oversight,
• climate disclosures,
• cybersecurity standards,
• suitability requirements,
• and market conduct reforms

all developed significantly through state regulatory leadership before broader harmonization emerged.

AI appears to be following the same path.

What strikes me most is that regulators are increasingly focused on governance rather than the technology itself. The central issue is not whether AI should exist inside insurance operations. That debate is over.

The real issue is whether insurers can govern these systems responsibly enough to preserve consumer trust and market confidence.

Boards should pay close attention.

The NAIC discussions signal that AI oversight is quickly becoming a boardroom issue alongside cybersecurity, operational resilience and enterprise risk management. Regulators are now openly discussing management accountability structures, staffing needs, model validation protocols and even penalties tied to reporting failures.

That should get the attention of directors and senior executives.

The insurance industry has experienced prior periods where innovation outpaced governance:

• structured finance before the financial crisis,
• complex catastrophe modeling,
• opaque rating methodologies,
• and certain forms of algorithmic underwriting.

The lesson is usually the same. Markets can absorb innovation. They struggle when governance fails to keep pace.

Artificial intelligence may ultimately improve insurance significantly. It may reduce fraud, lower costs, improve claims efficiency and strengthen underwriting precision.

But regulators are increasingly signaling that efficiency alone will not be enough.

If Washington continues moving slowly on AI regulation, state insurance regulators appear fully prepared to fill the vacuum themselves.