The ethical use of artificial intelligence (AI): A summary of Colorado’s AI regulations for insurance companies  

The Colorado Division of Insurance (CDOI) released its Algorithm and Predictive Model Governance Regulation (AI regulation) on September 23, 2023 (note: initial draft issued on February 1, 2023, and revised draft on May 26, 2023). The regulation is effective from November 14, 2023, and is designed to reasonably ensure that life insurers’ use of external consumer data and information sources (ECDIS), algorithms, and predictive models (i.e., AI models) do not result in unfairly discriminatory insurance practices with respect to race. This is believed to be the first such regulation on AI targeting insurers, and specifically life insurance. Based on recent regulatory trends, other states may follow suit, and the scope may increase to other types of insurance (e.g., auto, property), and beyond insurance to other applications of ECDIS such as loan underwriting.

CDOI AI regulation requirements

The table below outlines the specific requirements in the regulation. More detailed information about each can be found in the full report.

CDOI draft proposed Algorithm and Predictive Model Quantitative Testing Regulation

In addition to the above AI regulation, CDOI has put forth a separate proposed reporting regulation for insurers using ECDIS and/or AI models which utilize ECDIS. The draft proposal would require testing utilizing Bayesian Improved First Name Surname Geocoding (BIFSG), a statistical modeling methodology to help identify potential racial and ethnic incongruities among their datasets for both application approvals and premium rates issued by life insurers. CDOI has currently put forth a reporting date of April 1, 2024, for the 12-month period ending December 31, 2023, though the draft regulation does not currently have a proposed effective date. Further details on the proposed reporting requirements can be found in the full report  which is available for download on this page.

What’s next?

The CDOI’s AI regulation will provide specific enforceable requirements for life insurance companies using ECDIS and AI models using ECDIS in Colorado. CDOI has leveraged high-level principles, found in places like the federal regulatory guidelines, and turned them into reporting requirements for governance, documentation, and reporting. Currently, the regulations apply only to life insurance companies doing business in Colorado. This may become de facto industry leading practices and other regulators may look to implement similar requirements. Additionally, CDOI has also suggested that similar rules may be applied to other insurance lines or other AI or algorithmic uses.

With the release of final regulations, below are the steps that can help life insurance companies adhere to the regulatory requirements.

  1. Mobilize a program team to understand and translate requirements for compliance with the CDOI regulation (e.g., develop an inventory of use cases, and establish  purpose and governance processes around use of ECDIS and algorithms/AI models which may use ECDIS)
  2. Develop a holistic AI governance roadmap to address emerging AI regulations including CDOI and the use of AI/Gen AI models across the insurance business
  3. Drive change management including enhancing employee literacy around AI governance and risk management

Deloitte can help

Deloitte’s Trustworthy AI™ Framework and AI Governance & Risk services help provide strategic and tactical solutions designed to enable organizations to continue to build and use AI-powered systems while promoting trustworthy AI.

This framework is in line with CDOI’s AI regulation and designed to assist insurance companies in operationalizing automated systems safely and effectively, while protecting individuals and communities and adhering to emerging regulations, such as those issued by CDOI.

More information about Deloitte’s Trustworthy AI Framework can be found here.

Compliance-related considerations

AI techniques are deployed across many stages of the insurance life cycle, including product development, marketing, sales and distribution, underwriting and pricing, policy servicing, claim management, and fraud detection. States are developing different methods to ensure their consumers are treated fairly under the use of these AI models and predictive algorithms.The NAIC’s Model Bulletin on the “Use of AI Systems by Insurers”1 was developed to put in place a framework for states to utilize to help oversee insurers using these systems and make sure they are complying with existing relevant insurance laws and regulations.

Examine the compliance angle.


1NAIC Innovation Cybersecurity and Technology (H) Committee ( December 2023. 

Want to know more? Let’s connect.

Get in touch

Ozan Karan
Risk & Financial Advisory
Trustworthy AI Leader
Deloitte & Touche LLP

Satish Iyengar
Risk & Financial Advisory
Trustworthy AI – FSI Leader
Managing Director
Deloitte & Touche LLP

Richard Godfrey
Insurance Sector Leader
Risk & Financial Advisory
Deloitte & Touche LLP

David Sherwood
Insurance Regulatory Leader
Risk & Financial Advisory
Managing Director
Deloitte & Touche LLP

Tim Cercelle
Managing Director
Deloitte & Touche LLP

Jordan Kuperschmid
Deloitte & Touche LLP

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

Did you find this useful?