State AI Laws Are Expanding Liability: What Claims Teams Need to Watch as 2025 Winds Down

AI Is Changing Liability. Claims Teams Need a Plan.

As 2025 winds down, states are moving to widen liability for decisions made with AI. If your claims process uses models for triage, fraud screening, or valuation, the risk is no longer abstract. Expect more duties, more documentation, and more questions from regulators and plaintiffs.

This isn't theory. Several states are proposing or enacting rules that set care standards, require notice when AI is used, and press for bias testing and audit trails. The claims organization sits at the point where those expectations become evidence.

What's Trending in State AI Laws

1) A duty of "reasonable care" for AI use

New laws and bills focus on whether you used reasonable care in selecting, testing, and monitoring AI that affects consumers. That includes data quality, model risk controls, and regular reviews to catch drift or unfair outcomes.

2) Notice, explanations, and human review

Expect requirements to tell consumers when an automated tool influenced a decision and to provide a clear path to human review. Adverse action letters will need to reflect AI inputs without exposing proprietary details. Build templates now.

3) Shared liability across vendors

Liability is moving up and down the chain. If a vendor's model leads to a harmful decision, you may still be on the hook as the deployer. Contracts should require audit rights, prompt incident notice, bias testing support, and indemnities that actually hold up.

4) Privacy and biometrics are merging with AI risk

Claims teams using voice analytics, image analysis, or ID verification tools face added exposure under privacy and biometric laws. Consent, data minimization, retention schedules, and deletion rights must be tight-and provable.

5) Documentation and audit trails are the new baseline

If AI influenced a claim, assume you'll need to show your work: model version, inputs, overrides, human touchpoints, and reasons. No logs means a weak defense. Build evidence as you go, not after the dispute hits.

Where This Touches Claims Handling

• Triage and assignment: If AI routes files, track criteria, thresholds, and overrides to avoid unfair treatment claims.
• SIU screening: Bias testing isn't optional. Document hit rates, false positives, and corrective actions.
• Valuation models: Keep historical comparisons, recalibration schedules, and independent checks.
• Correspondence: Update letters to disclose automated assistance where required and to offer human review.
• Litigation readiness: Preserve model logs, prompts, outputs, and change histories under legal hold.

90-Day Action Plan

• Inventory your AI: List every tool influencing claims decisions. Note purpose, data sources, model owner, and human oversight points.
• Set care standards: Define pre-deployment testing, approval gates, and ongoing monitoring (fairness, accuracy, and drift checks).
• Update notices: Add AI disclosures and a human review path to denial, reduction, and referral letters.
• Tighten vendor contracts: Require bias testing support, incident reporting within 24-72 hours, audit rights, and IP-safe explainability.
• Stand up an AI incident playbook: Triage, contain, notify, remediate, and document. Assign owners in Claims, Legal, IT, and Compliance.
• Evidence retention: Log inputs, outputs, overrides, and model versions for each impacted claim. Automate where possible.
• Training: Teach adjusters how to use AI as advice, not verdict. Reinforce when to override and how to record reasons.
• Coverage check: Confirm E&O/tech E&O/cyber policies address algorithm-related claims and vendor-caused loss.

Watchlist: Rules and Standards Worth Tracking

• Colorado AI Act (SB24-205): sets duties for developers and deployers of high-risk AI, with enforcement by the Attorney General. Effective dates begin in 2026.
• NAIC AI initiatives: state insurance regulators' principles and guidance signal expectations on governance, fairness, and accountability.

Practical Guardrails for Daily Use

• Human-in-the-loop: Make sure a licensed or authorized person reviews and can override AI-influenced decisions.
• Thresholds and triggers: Set clear criteria for when AI recommendations require secondary review.
• Bias checks: Test outcomes across protected classes using approved proxies. Document methods and limits.
• Change control: No silent model updates. Require approvals, test evidence, and effective dates.
• Plain-language explanations: Be able to state, in two sentences, why the decision was reasonable. Practice with real files.

Upskill Your Team

Strong process beats shiny tools. If your team knows how to evaluate AI risk, write cleaner notices, and preserve evidence, you'll reduce exposure and close files with fewer disputes.

If you need structured training for claims and compliance teams, see these options: AI courses by job role and latest AI courses.

Bottom line

States are raising the bar on AI use. Build care standards, log everything, and keep a human in charge. Do that, and you'll be ready for tougher scrutiny without slowing the desk.