Third Delay for California's AI Right-to-Know Bill as Newsom Enters the Fray

California's AB 1018 Paused: What Insurance Leaders Need To Do Before It Comes Back

California's push to require disclosure and appeals for AI-driven decisions has been delayed again. AB 1018 is now a two-year bill and is expected to return next session after more work with the governor and a large coalition of opponents.

For insurance, the message is clear: disclosure, fairness, and auditability for automated decisions are coming. Use this pause to get your house in order.

What AB 1018 Would Require (As Amended)

The bill covers automated systems used to evaluate a person and make predictions or recommendations that affect significant life outcomes. That includes insurance decisions like underwriting, pricing recommendations, claim triage, SIU referrals, coverage determinations, cancellations, and non-renewals.

• Disclosure: Notify people when an automated system is used to make consequential decisions about them.
• Appeals and correction: If an automated decision is wrong, individuals can seek rectification within 60 days.
• Anti-discrimination: "Full and equal" accommodations; no discrimination on age, race, gender, disability, immigration status, and other protected characteristics.
• Developer impact assessments: Test for bias and document impacts. If a required assessment isn't done and the system is used, fines can reach up to $25,000 per violation, with enforcement by the Attorney General, public prosecutors, or the Civil Rights Department.

Recent amendments exempted generative AI models and delayed a developer auditing requirement until 2030. The bill clarifies it applies to systems that evaluate individuals or make predictions/recommendations about them.

Bill text and status: California Legislative Information.

Why It Was Delayed

Supporters say the pause is to refine the bill and align with the governor. Opponents - including major tech companies, health care providers, venture firms, and the state judiciary - warn of cost, operational disruption, and limits on existing tools.

The Judicial Council estimated high annual costs and raised concerns about losing certain risk tools. State analyses vary on how broadly high-risk automated systems are used across agencies, making cost projections a moving target.

What This Means For Insurance Operations

Even with the pause, insurers should assume AB 1018 or a close version will return. If you use automated decision systems that affect eligibility, price recommendations, claim outcomes, fraud flags, or retention, prepare now.

• Inventory automated decisions: Map every model, score, and rules engine that evaluates individuals. Include vendor tools.
• Define "consequential": Flag systems involved in approvals/denials, pricing recommendations, claim payments/denials, non-renewals, and referrals that materially change outcomes.
• Set up disclosure: Add clear notices when automated systems influence a decision. Be specific enough to be meaningful.
• Build an appeal workflow: Intake, human review, turnaround targets, and a path to correct data or logic within 60 days.
• Explainability: Prepare reasons for adverse outcomes that a consumer can understand. Avoid purely "black box" outputs for key decisions.
• Bias testing: Evaluate impact across protected classes; monitor for proxies like ZIP code, occupation, or device signals that can create disparate outcomes.
• Data governance: Lock down data lineage, data quality checks, and retention policies. Track third-party data sources.
• Vendor management: Bake in audit, explainability, and bias testing rights. Require impact documentation and change logs.
• Logging and audit trails: Capture model version, features used, data timestamp, and reason codes for each decision.
• Policy alignment: Coordinate with legal on California civil rights, insurance regulations, and consumer notice requirements to avoid conflicts.

Where The Lines Are Likely Drawn

Generative AI chatbots appear exempt under current amendments unless they are directly used to evaluate a person and make or drive a consequential decision. Scores, rankings, eligibility screens, and recommendations about a person are in scope.

If a model influences underwriting, claims handling, or cancellations - even indirectly through a score or recommendation - plan as if disclosure, appeals, and documentation will be required.

Enforcement And Penalties

Failure to perform a required impact assessment can lead to fines of up to $25,000 per violation. Enforcement may come from the Attorney General, local prosecutors, or the Civil Rights Department.

Practical takeaway: keep evidence that assessments were done, findings were addressed, and monitoring is ongoing.

The Political Backdrop

Supporters include unions and consumer groups pushing for transparency and accountability. Opponents range from tech and health care to the judiciary, citing cost and operational friction.

Other worker-focused AI bills saw mixed results. A human driver requirement for autonomous delivery trucks failed again. A worker surveillance bill did not pass. Another measure, SB 7, passed and requires employers to disclose planned use of automated systems 30 days in advance and to share data used in discipline or firing, though a recent amendment removed a right to appeal and narrowed restrictions on certain predictions.

Recommended Frameworks And Resources

• NIST AI Risk Management Framework for governance, measurement, and monitoring.
• Complete AI Training: Courses by Job for upskilling teams on AI, compliance, and risk.

Action Checklist For Insurance Leaders

• Create a register of all automated systems that affect policyholders or applicants.
• Stand up a disclosure template and adverse action explanation process.
• Design a 60-day correction and appeals workflow with SLAs and human review.
• Run bias and performance tests across protected groups; fix and retest.
• Document impact assessments; store artifacts centrally with version control.
• Update vendor contracts to require transparency, testing, and audit access.
• Train underwriting, claims, SIU, data science, and compliance teams on new expectations.

AB 1018 is paused, not gone. If you rely on automated decisions, act now so you're compliant on day one - and earning trust with transparent, fair decisions.