NAIC sets March start for AI governance evaluation pilot
The National Association of Insurance Commissioners (NAIC) is preparing a March launch for a pilot program to test an AI assessment tool that gives regulators clearer visibility into insurers' AI governance practices. At least nine states will participate, with oversight from the NAIC's Big Data and AI Working Group.
The tool aims to surface how carriers govern AI in practice-how systems are built, validated, monitored, and controlled. Findings will inform future market conduct reviews, financial risk assessments, and regulator training needs. For teams seeking role-specific training tied to regulatory oversight, see the AI Learning Path for Regulatory Affairs Specialists.
What the pilot will test
The working group will gauge whether the tool can consistently explain insurers' AI governance and controls in real-world settings. The output is expected to guide exam procedures and help pinpoint where supervisory teams may need additional upskilling.
The evaluation tool first appeared in draft form in July 2025 and went through a 60-day public comment window that closed September 5, 2025. Feedback from that process shaped the version heading into this pilot.
For background on the working group's mandate and materials, see the NAIC Big Data and AI Working Group page: NAIC BD/AI Working Group.
Participation and selection
Participation will not be voluntary for insurers selected by participating states. Nathan Houdek said the states will coordinate to avoid duplicative requests.
"Essentially, the pilot states that are participating will determine which companies they want to focus on. We do intend to coordinate among the pilot states to ensure that companies are not receiving a lot of different inquiries and correspondence from different states," Houdek said.
Industry support-and concerns
Trade groups signaled general support for piloting the tool, but flagged practical issues: how carriers are selected, whether responses could trigger compliance actions, and how sensitive data will be protected. Life and P&C representatives emphasized confidentiality as the top concern.
Scope questions: predictive models and GLMs
The National Association of Mutual Insurance Companies (NAMIC) questioned how the tool defines and categorizes predictive models and generalized linear models (GLMs). An earlier draft included a GLM definition, later removed because GLMs were outside the tool's scoring scope, according to Lindsey Stephani, NAMIC's policy vice president for data science, AI, machine learning, and cybersecurity.
Predictive models remain in scope, which has raised flags. "From our perspective, predictive models can be simple code- and rules-based models that have been used for years and would greatly expand the scope of this tool beyond AI," Stephani said, adding that the same concern applies to GLMs. NAMIC is urging regulators to explicitly state that GLMs and predictive models are not considered AI and to restore the GLM definition in the framework.
What insurers should do now
- Stand up a clear inventory: document AI and predictive models, intended use, owners, data sources, validation history, and monitoring status. Tag GLMs and rules-based models separately.
- Tighten AI governance documentation: policies, change management, model risk tiering, explainability standards, bias testing, third-party/vendor controls, and escalation paths.
- Prepare secure regulator-sharing workflows: confidentiality agreements, clean-room or data room access, redaction procedures, retention timelines, and points of contact.
- Assign a single exam coordinator per carrier group to streamline responses across states and prevent duplicate submissions.
- Rehearse responses against the tool's topic areas so SMEs can answer consistently and provide evidence quickly.
- Brief the board and executive sponsors: set expectations for the pilot, likely documentation requests, and remediation timelines if gaps are found.
- Refresh training for compliance, actuarial, data science, and model risk teams on governance basics and documentation quality. If you need structured upskilling, consider role-focused programs such as the AI Learning Path for CIOs.
Bottom line
The March pilot will set the tone for how AI oversight shows up in exams and risk reviews. Selection won't be optional, confidentiality will be scrutinized, and the scope question around predictive models and GLMs is still live. Treat this as a dress rehearsal-organize your inventory, tighten documentation, and get your response playbook in place now.
Your membership also unlocks:
